|
|
@ -77,6 +77,10 @@ make |
|
|
make install |
|
|
make install |
|
|
``` |
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
Parts of the code – especially Speck cipher and the header encryption – speedwise benefit |
|
|
|
|
|
from compiler optimizations and platform features such as NEON, SSE and AVX. To enable, |
|
|
|
|
|
use `./configure CFLAGS="-O3 -march=native"` for configuration instead. |
|
|
|
|
|
|
|
|
For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions. |
|
|
For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions. |
|
|
For MacOS, check out [macOS.md](doc/macOS.md). |
|
|
For MacOS, check out [macOS.md](doc/macOS.md). |
|
|
|
|
|
|
|
|
@ -102,18 +106,25 @@ Check out [IPv6.md](https://github.com/ntop/n2n/blob/dev/doc/IPv6.md) for more i |
|
|
|
|
|
|
|
|
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions. |
|
|
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions. |
|
|
|
|
|
|
|
|
**IMPORTANT** Encryption is only applied to the packet payload. Some metadata like the virtual MAC address |
|
|
Different encryption schemes are applied to the packet payload and to the header which |
|
|
of the edge nodes, their IP address and the community are sent in cleartext. |
|
|
contains some metadata like the virtual MAC address of the edge nodes, their IP address and the community |
|
|
|
|
|
name. |
|
|
|
|
|
|
|
|
When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between |
|
|
When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between |
|
|
two edge nodes, but it will know that edge A is talking with edge B. |
|
|
two edge nodes, but it will know that edge A is talking with edge B. |
|
|
|
|
|
|
|
|
Recently AES encryption support has been implemented, which increases both security and performance, |
|
|
Recently AES encryption support has been implemented, which increases both security and performance, |
|
|
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible |
|
|
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible |
|
|
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4 |
|
|
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use `-A3`. |
|
|
|
|
|
|
|
|
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`. |
|
|
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`. |
|
|
|
|
|
|
|
|
|
|
|
Use `-H` on the edges to enable header encryption. Note, that header encryption is a per-community |
|
|
|
|
|
decision, i.e. _all_ edges of one community need to have it either enabled or disabled. The supernode |
|
|
|
|
|
can handle encrypted and unencrypted headers. As the key for header encryption is derived from the |
|
|
|
|
|
community names, it requires the supernode to be used with fixed communities `-c <path>` |
|
|
|
|
|
parameter. Also, reuse of once-publically-used community names for header encryption is not recomended. |
|
|
|
|
|
|
|
|
## Contribution |
|
|
## Contribution |
|
|
|
|
|
|
|
|
You can contribute to n2n in various ways: |
|
|
You can contribute to n2n in various ways: |
|
|
@ -136,4 +147,4 @@ Here is a list of third-party projects connected to this repository. |
|
|
|
|
|
|
|
|
--- |
|
|
--- |
|
|
|
|
|
|
|
|
(C) 2007-2019 - ntop.org and contributors |
|
|
(C) 2007-2020 - ntop.org and contributors |
|
|
|
Luca Deri
4 years ago
GitHub