Browse Source

updated Routing.md

moved General Remarks from README.md here
pull/336/head
Logan oos Even 4 years ago
committed by GitHub
parent
commit
688ea868f9
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 37
      doc/Routing.md

37
doc/Routing.md

@ -1,6 +1,29 @@
# IPv4 Routing (Linux)
## Assumptions
## General Remarks
Reaching a remote network or tunneling all the internet traffic via n2n are two common tasks which require a proper routing setup. n2n supports routing needs providing options for packet forwarding including broadcasts as well as modifying the routing table.
In this context, the `server` is the edge node which provides access to the remote network/internet, whereas the `client` is the connecting edge node.
In order to enable routing, the `server` must be configured as follows:
1. Add the `-r` option to the edge options to enable routing
2. Enable packet forwarding with `sudo sysctl -w net.ipv4.ip_forward=1`
3. Enable IP masquerading: `sudo iptables -t nat -A POSTROUTING -j MASQUERADE`
On the client side, the easiest way to configure routing is via the `-n` option. For example:
- In order to connect to the remote network `192.168.100.0/24`, use `-n 192.168.100.0/24:10.0.0.1`
- In order to tunnel all the internet traffic, use `-n 0.0.0.0/0:10.0.0.1`
10.0.0.1 is the IP address of the gateway to use to route the specified network. It should correspond to the IP address of the `server` within n2n. Multiple `-n` options can be specified.
As an alternative to the `-n` option, the `ip route` linux command can be manually used. See the [n2n_gateway.sh](doc/n2n_gateway.sh) script for an example. See also the follwing description of other use cases and in depth explanation.
## Special Scenarios
### Assumptions
- There are two Local Area Networks, namely 10.11.12.0/24 (maybe at
**h**ome) and 192.168.1.0/24 (maybe in **o**ffice).
@ -14,7 +37,7 @@
10.99.99.0/24 network.
- The _iptables_ are flushed.
## Prerequisites
### Prerequisites
- Both, **h**ickory and **o**scar have ip forwarding enabled: `echo 1 > /proc/sys/net/ipv4/ip_forward` or `sysctl -w net.ipv4.ip_forward=1`. To
make this setting persistent over reboot, a file containing the line
@ -25,7 +48,7 @@
interfaces usually already allow packet forwarding and thus do not need
any further configuration.
## Reach Complete Office Network from n2n Node at Home
### Reach Complete Office Network from n2n Node at Home
- To make **h**ickory send all packets with office destination via
**o**scar, **h**ickory needs to be made aware of where to route this
@ -75,14 +98,14 @@ sent to **h**ickory, one more step is required:
`iptables -P FORWARD ACCEPT`
`iptables -P OUTPUT ACCEPT`
## Reach n2n Node in Office from Whole Home Network
### Reach n2n Node in Office from Whole Home Network
This is easy:
- Just exchange home and office IP addresses and the computer names in
the instructions given above.
## Reach Whole Home Network from Whole Office Network
### Reach Whole Home Network from Whole Office Network
This is not too complicated either. Basically, follow the given example
above and apply the following changes:
@ -102,7 +125,7 @@ above and apply the following changes:
either to the router (best option) or all those computers that shall be
able to connect to the other network.
## Route All Internet Traffic from n2n Node at Home through Office Network
### Route All Internet Traffic from n2n Node at Home through Office Network
This scenario could be considered a n2n-tunneled VPN connection which
also would work for travelling users on their laptop. All external
@ -142,6 +165,8 @@ accordingly, maybe to Google's 8.8.8.8.
If [DNS leaks](https://en.wikipedia.org/wiki/DNS_leak) do not matter,
this setup is complete.
### Preventing DNS Leaks
Otherwise, there is more to it: Without changes, all future DNS queries
go through the home router 10.11.12.1 to the ISP's servers or directly
to Google (via the home router 10.11.12.1 along the configured route for

Loading…
Cancel
Save