Examples

Minimal

Minimal configuration of a default Tinc mesh0 VPN:

tinc__networks:
  'mesh0':
    port: '655'

Per-group VPN

Create a separate Tinc network with a specific group of hosts included in the [tinc_vpn] Ansible inventory group:

# inventory/group_vars/tinc_vpn/tinc.yml
tinc__group_networks:
  'vpn0':
    port: '656'
    inventory_groups: 'tinc_vpn'
    connect_to: '{{ groups.tinc_vpn }}'

Star network

Create a star network with 192.0.2.0/24 with the master connecting to the slaves:

# master node:
tinc__host_networks:
  'star0':
    address: "192.0.2.254/24"
    connect_to: 'slave01'
    connect_to: 'slave02'
    bridge: [ 'br0' ]

# slave01 node:
tinc__host_networks:
  'star0':
    address: "192.0.2.1/24"
    host_address: "{{ ansible_host }}"

# slave02 node:
tinc__host_networks:
  'star0':
    address: "192.0.2.2/24"
    host_address: "{{ ansible_host }}"

IPv6 over IPv4 tunnel

Obtain IPv6 connectivity while in an IPv4-only network.

This assumes a [tinc_dualstack] group with IPv4-accessible hosts and a [tinc_ipv4only] group for hosts that need a tunnel.

Hosts in [tinc_dualstack] should have the tap interface bridged via br0 to an interfaces that is receiving router advertisements. See debops.ifupdown for information on how to do that and debops.radvd if you need to set up router advertisement.

Note that if you bridge the tap interface to a wired interface in the [tinc_ipv4only] hosts, you may be providing IPv6 to the whole network.

# inventory/group_vars/tinc_dualstack/tinc.yml
'six_tunnel':
   port: '49180'
   link_type: 'static'
   bridge: 'br0'

# inventory/group_vars/tinc_ipv4only/tinc.yml
'six_tunnel':
   port: '49180'
   link_type: 'dynamic'
   connect_to: '{{ groups.tinc_dualstack }}'