Forge Home


Module to implement a layer 2 mesh vpn with Tinc


6,822 latest version

4.2 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.1.11 (latest)
  • 0.1.10
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Feb 21st 2017
This version is compatible with:
  • Puppet Enterprise 2015.x
  • Puppet 4.x
  • CentOS, RedHat

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'heliocentric-l2mesh', '0.1.11'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add heliocentric-l2mesh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install heliocentric-l2mesh --version 0.1.11

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



heliocentric/l2mesh — version 0.1.11 Feb 21st 2017


Build Status

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with l2mesh
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


This module implements a layer 2 vpn using tinc, and exported resources.

Module Description

It creates a new ethernet interface on the machine and connects it to the switch.

Here is how the situation looks like when dealing with physical machines and a hardware switch:

+----------------+                        +---------------+
|                |                        |               |
|          +-----+                        +-----+         |
| MACHINE  | eth0+---------+    +---------+eth0 | MACHINE |
|    A     +-----+         |    |         +-----+   C     |
|                |         |    |         |               |
+----------------+     +---+----+---+     +---------------+
                       |  SWITCH    |
+----------------+           |
|                |           |
|          +-----+           |
| MACHINE  | eth0+-----------+
|    B     +-----+
|                |

Each of the three machines ( A, B, C ) have a physical ethernet connector which shows as eth0. They are connected with a cable to a SWITCH which transmits the packet coming from MACHINE A to MACHINE B or MACHINE C.

With l2mesh, a new virtual interface ( named L2M below ) is created on each machine and they are all connected by a TINC daemon. Packets go from MACHINE A to MACHINE B or MACHINE C as if they were connected to a physical switch.

|         |eth0 |
|         +-----+
|    A    +-----+
|           TINC+---
+--------------++   \-------
               |            \-------   +---------------+
               |                    X--+TINC           |
               |            /-------   +-----+         |
 +-------------+-+   /------           | L2M | MACHINE |
 |           TINC+---                  +-----+    C    |
 |         +-----+                     |eth0 |         |
 | MACHINE | L2M |                     +-----+---------+
 |    B    +-----+
 |         |eth0 |

Here is how it looks on each machine:

$ ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether fa:16:3e:48:ae:6f brd ff:ff:ff:ff:ff:ff

$ ip link show dev L2M
2: L2M: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
   link/ether 72:75:6e:60:59:f0 brd ff:ff:ff:ff:ff:ff


What l2mesh affects

  • A list of files, packages, services, or operations that the module will alter, impact, or execute on the system it's installed on.
  • This is a great place to stick any warnings.
  • Can be in list or paragraph form.

Setup Requirements OPTIONAL

If your module requires anything extra before setting up (pluginsync enabled, etc.), mention it here.

Beginning with l2mesh

The very basic steps needed for a user to get the module up and running.

If your most recent release breaks compatibility or requires particular steps for upgrading, you may wish to include an additional section here: Upgrading (For an example, see


l2mesh is a puppet module that should be installed in the puppet master as follows

git clone /etc/puppet/modules/l2mesh

Here is an example usage that can be included in /etc/puppet/manifests/site.pp

node /, / {
  include l2mesh::params
  l2mesh { 'L2M':
    ip                  => $::ipaddress_eth0,
    port                => 656,

On both MACHINE-A and MACHINE-B, it will

  • create the L2M ethernet interface
  • run the tincd daemon to listen on port 656 and bind it to the $::ipaddress_eth0 IP address

In addition, both machines will try to reach each other:

  • tincd on MACHINE-A will try to connect to tincd on MACHINE-B
  • tincd on MACHINE-B will try to connect to tincd on MACHINE-A

Adding a new machine to the L2M virtual switch is done by adding the hostname of the machine to the node list. For instance, can be added with:

node /, /, /  {


Here, list the classes, types, providers, facts, etc contained in your module. This section should include all of the under-the-hood workings of your module so people know what the module is touching on their system but don't need to mess with things. (We are working on automating this section!)


This is where you list OS compatibility, version compatibility, etc.



Copyright (C) 2012 eNovance <>
Portions Copyright (C) 2016 Dylan Cochran <>

Author: Loic Dachary <>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <>.

Release Notes/Contributors/Etc Optional

If you aren't using changelog, put your release notes here (though you should consider using changelog). You may also add any additional sections you feel are necessary or important to include here. Please use the ## header.