![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2023-12-27
介紹
N2N is a Layer Two peer-to-peer VPN system
HomePage: http://www.ntop.org/products/n2n/
n2n openwrt package
- libpthread
- kmod-tun # 建立 TAP network interface
kernel 的設定
CONFIG_TUN=yes
bin
/usr/sbin/edge
/usr/bin/supernode
簡易例子
supernode# supernode -l xyw
node1# edge -a 10.1.2.1 -c mynetwork -k encryptme -l a.b.c.d:xyw
node2# edge -a 10.1.2.2 -c mynetwork -k encryptme -l a.b.c.d:xyw
測試:
node2# ping 10.1.2.1 # ping node1
supernode
supernode 負責以下功能
- registry
- broadcast conduit
- packet relay
使用:
# -l <UDP port>
supernode -l 1234 -v
* 當 supernode 被 restart 後, 所有 edge node 的 connection 都會中斷 !!
Output:
... Registered new node [public_ip=(2)C.C.C.C:38875][private_ip=0.0.0.0:38875][mac=1E:8E:20:86:44:6C][community=mynetwork]
Edge node
- creates the TAP
help:
edge -h
UID/GID:
- -u <uid>
- -g <gid>
-f as a command line option, edge will call daemon
-p UDP_Port
-b 定時更新 supernode 的 ip (當 supernode 是 hostname 時)
-t use HTTP tunneling instead of the normal UDP mechanism
-r enable packet forwarding/routing through the n2n virtual LAN.
( 除 -a <addr> 指定的 IP 外, 其他的 IP不能進入 n2n )
Other Opt
- -M <MTU> # Default 1400
- -t # use HTTP tunneling instead of the normal UDP mechanism
使用:
1. create tun device
tunctl -t tun0
2. start edge
edge -d tun0 -c mynetwork -k encryptme \
-u 99 -g 99 -l R.R.R.R -p 50001 \
-m DE:AD:BE:EF:01:23 -a 192.168.254.7 \
- TUN device: tun0 # Default 名稱: edge0
- community: mynetwork
- shared encryption key: encryptme
- user=99
- group=99
- supernode IP: R.R.R.R
- supernode Port: 50001
- MAC Addr: DE:AD:BE:EF:01:23 # 可以不填
- Private IP Addr: 192.168.254.7 # /24
沒有 -f 時的 output:
16/May/2012 22:28:46 [ edge.c:1136] Using supernode 127.0.0.1:-15535
16/May/2012 22:28:46 [tuntap_linux.c: 38] Interface edge0 has MAC 6E:02:21:98:FC:41
16/May/2012 22:28:46 [ edge.c: 670] Registering with supernode
16/May/2012 22:28:46 [ edge.c:1367]
16/May/2012 22:28:46 [ edge.c:1368] Ready
16/May/2012 22:28:46 [ edge.c:1434] STATUS: pending=0, operational=0
16/May/2012 22:29:55 [ edge.c: 670] Registering with supernode
16/May/2012 22:30:55 [ edge.c: 670] Registering with supernode
OpenWRT 內的設定
修改:
/etc/init.d/n2n
service_start /usr/sbin/edge -b -f $args -a $ipaddr -c $community -k $key -l ${supernode}:${port}
/etc/config/n2n
config edge option ipaddr '10.1.2.2' <-- 如果用 DHCP 取 ip, 那要用 "0.0.0.0" 代替 option supernode 'supernode wan ip' option port '8888' <--- supernode 的 port, default: 8888 option community 'openwrt' option key '1234' option route '1'
如果要結合 Network
ifconfig edge0 mtu 1300
brctl addif br-lan edge0
/etc/init.d/n2n start
/etc/init.d/n2n enable
/etc/config/firewall
config zone
option name lan
option network 'lan vpn'
option input ACCEPT
option output ACCEPT
option forward REJECT
/etc/config/network <-- ifconfig edge0 時見到的 ip
config interface 'vpn'
option ifname 'edge0'
option proto 'static'
option ipaddr '10.1.2.2'
option netmask '255.255.255.0'
"-r" 參數
當有多個 Network 存在時(沒有在 -a 時登記), 那 -r 參數會很有用
亦即是 openwrt 的 option route '1'
option route '1'
Window Client
下載: http://luca.ntop.org/n2nWin32/
詳見
- man 8 edge
- man 1 supernode