Quick & Easy: Tinc VPN on ASUSWRT-Merlin

a new installment in the quick & easy series!

Tinc VPN 1.1 on ASUSWRT-Merlin
with windows client (repeat client step to add more clients)

setup tinc and open firewall (on router)

• echo #!/bin/sh >> /jffs/scripts/init-start
• echo modprobe tun >> /jffs/scripts/init-start
• echo /jffs/sbin/tincd -n vpn >> /jffs/scripts/init-start
• echo iptables -I INPUT -p tcp --destination-port 655 -j ACCEPT >> /jffs/scripts/firewall-start
• chmod a+rx /jffs/scripts/*

Go to Administration - System in Router Admin Page
and set Enable JFFS custom scripts and configs to Yes

Load tun module temporarily

modprobe tun

Install Tinc VPN

• wget http://files.lancethepants.com/Binaries/tinc/arm/tinc%201.1pre11/tinc -O /jffs/sbin/tinc
• wget http://files.lancethepants.com/Binaries/tinc/arm/tinc%201.1pre11/tincd -O /jffs/sbin/tincd
• chmod +x /jffs/sbin/tinc*

Configure router node

• mkdir -p /jffs/etc/tinc/
• /jffs/sbin/tinc -n vpn init router
• /jffs/sbin/tinc -n vpn add subnet 20.0.0.1
• /jffs/sbin/tinc -n vpn add address=myrouter.domain.ninja-or-ip

the below might have broken in newer asuswrt-merlin, atleast one of them should work

• echo 'ip addr add 20.0.0.1/24 dev $INTERFACE' > /jffs/etc/tinc/vpn/tinc-up
• echo 'ip link set $INTERFACE up' >> /jffs/etc/tinc/vpn/tinc-up

in case the above fails try

• echo ifconfig $INTERFACE 20.0.0.1 netmask 255.255.255.0 > /jffs/etc/tinc/vpn/tinc-up

Configure client node (on windows computer)

if you want to add more clients, change name and ip

Download & Install Tinc

Navigate to C:\Program Files (x86)\tinc
Click on File > Open Command Prompt > As Administrator

• tinc -n vpn init client1
• tinc -n vpn add connectto router
• tinc -n vpn add subnet 20.0.0.2

setup ethernet interface

• cd tap-win64
• addtap.bat
• cd ..

go to Control Panel\Network and Internet\Network Connections
(note the name of the tap adapter)

• netsh interface set interface name = "insert name of tap adapter" newname = "tinc"
• netsh interface ip set address "tinc" static 20.0.0.2 255.255.255.0

Exchange Keys to the kingdom

Repeat this step on all your clients

Install winscp on client1
(right click shortcut and run as administrator)

login with these settings

File Protocol: SCP
Hostname: 192.168.1.1
login with ssh user/password

Open Syncronize with CTRL + S
Local: C:\Program Files (x86)\tinc\vpn\hosts\
Remote: //jffs/etc/tinc/vpn/hosts
Direction/Target to Both
Click OK and OK

test it with

Router

• /jffs/sbin/tincd -n vpn -D -d3

Client1

• tincd -n vpn -D -d3

Run as daemon (on both router and client)

Router:

• /jffs/sbin/tincd -n vpn

Client

• “C:\Program Files (x86)\tinc\tincd -n vpn”

thanks to lancethepants for binaries, tinc for vpn
asus for awesome hardware and merlin for his firmware