From 4d5a835553401820ab463a7f9dec8d58ea3eff85 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Wed, 24 Jun 2020 16:10:00 +0545 Subject: [PATCH 1/5] updated README.md --- README.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fb99257..5109b9e 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ A virtual network shared between multiple edge nodes in n2n is called a _communi N2N tries to establish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets. + ## Quick Setup Some Linux distributions already provide n2n as a package so a simple `sudo apt install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/). @@ -73,6 +74,8 @@ On linux, compilation from source is straight forward: ./configure make +Parts of the code – especially Speck cipher and the header encryption – speedwise benefit from compiler optimizations and platform features such as NEON, SSE and AVX. To enable, use `./configure CFLAGS="-O3 -march=native"` instead. + # optionally install make install ``` @@ -102,18 +105,25 @@ Check out [IPv6.md](https://github.com/ntop/n2n/blob/dev/doc/IPv6.md) for more i n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions. -**IMPORTANT** Encryption is only applied to the packet payload. Some metadata like the virtual MAC address -of the edge nodes, their IP address and the community are sent in cleartext. +Different encryption schemes are applied to the packet payload and to the header which +contains some metadata like the virtual MAC address of the edge nodes, their IP address and the community +name. When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between two edge nodes, but it will know that edge A is talking with edge B. Recently AES encryption support has been implemented, which increases both security and performance, so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible -(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4 +(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use `-A3`. A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`. +Use `-H` on the edges to enable header encryption. Note, that header encryption is a per-community +decision, i.e. all edges of one community need to have it either enabled or disabled. The supernode +can handle encrypted and unencrypted headers. As the key fro header encryption is derived from the +community names, it requires the supernode to be used with fixed communities `-c ` +parameter. + ## Contribution You can contribute to n2n in various ways: @@ -136,4 +146,4 @@ Here is a list of third-party projects connected to this repository. --- -(C) 2007-2019 - ntop.org and contributors +(C) 2007-2020 - ntop.org and contributors From 06e5ea2b85c4c932270a79c4648f86bdd83919db Mon Sep 17 00:00:00 2001 From: Logan007 Date: Wed, 24 Jun 2020 16:11:59 +0545 Subject: [PATCH 2/5] updated README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 5109b9e..e25d12a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,6 @@ A virtual network shared between multiple edge nodes in n2n is called a _communi N2N tries to establish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets. - ## Quick Setup Some Linux distributions already provide n2n as a package so a simple `sudo apt install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/). From be89963884b79a0976c02048a2d6f370ba496e2a Mon Sep 17 00:00:00 2001 From: Logan007 Date: Wed, 24 Jun 2020 16:17:25 +0545 Subject: [PATCH 3/5] updated README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e25d12a..522da3e 100644 --- a/README.md +++ b/README.md @@ -73,12 +73,14 @@ On linux, compilation from source is straight forward: ./configure make -Parts of the code – especially Speck cipher and the header encryption – speedwise benefit from compiler optimizations and platform features such as NEON, SSE and AVX. To enable, use `./configure CFLAGS="-O3 -march=native"` instead. - # optionally install make install ``` +Parts of the code – especially Speck cipher and the header encryption – speedwise benefit +from compiler optimizations and platform features such as NEON, SSE and AVX. To enable, +use `./configure CFLAGS="-O3 -march=native"` for configuration instead. + For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions. For MacOS, check out [macOS.md](doc/macOS.md). From fe602751424da12174099dc2bb01f267c4e52a1a Mon Sep 17 00:00:00 2001 From: Logan007 Date: Wed, 24 Jun 2020 16:21:58 +0545 Subject: [PATCH 4/5] updated README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 522da3e..155a9e0 100644 --- a/README.md +++ b/README.md @@ -121,9 +121,9 @@ A benchmark of the encryption methods is available when compiled from source wit Use `-H` on the edges to enable header encryption. Note, that header encryption is a per-community decision, i.e. all edges of one community need to have it either enabled or disabled. The supernode -can handle encrypted and unencrypted headers. As the key fro header encryption is derived from the -community names, it requires the supernode to be used with fixed communities `-c ` -parameter. +can handle encrypted and unencrypted headers. As the key for header encryption is derived from the +community names, it requires the supernode to be used with fixed communities `-c ` +parameter. Also, reuse of once-publically-used community names for header encryption is not recomended. ## Contribution From f6229fefa9f5e7199f2ed80b7748f443063ed648 Mon Sep 17 00:00:00 2001 From: Logan oos Even <46396513+Logan007@users.noreply.github.com> Date: Wed, 24 Jun 2020 16:23:44 +0545 Subject: [PATCH 5/5] updated README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 155a9e0..385d713 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ so it is recommended to enable it on all the edge nodes that must have the -Ax v A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`. Use `-H` on the edges to enable header encryption. Note, that header encryption is a per-community -decision, i.e. all edges of one community need to have it either enabled or disabled. The supernode +decision, i.e. _all_ edges of one community need to have it either enabled or disabled. The supernode can handle encrypted and unencrypted headers. As the key for header encryption is derived from the community names, it requires the supernode to be used with fixed communities `-c ` parameter. Also, reuse of once-publically-used community names for header encryption is not recomended.