N2n is a light VPN software which make it easy to create virtual networks bypassing intermediate firewalls.
N2N is a light VPN software which make it easy to create virtual networks bypassing intermediate firewalls.
In order to start using N2N, two elements are required:
In order to start using N2N, two elements are required:
- A *supernode*: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.
- A _supernode_: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.
- _edge_ nodes: the nodes which will be part of the virtual networks
- *Edge* nodes: the nodes which will be part of the virtual networks
A virtual network shared between multiple edge nodes in n2n is called a _community_. A single supernode can relay multiple communities and a single PC can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.
A virtual network shared between multiple edge nodes in n2n is called a *community*. A single supernode can relay multiple communities and a single PC can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.
N2N tries to establish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.
N2n tries to enstablish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.
## Quick Setup
Quick Setup
Some Linux distributions already provide n2n as a package so a simple `sudo apt install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/).
-----------
Some linux distributions already provide n2n as a package so a simple `sudo apt-get install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/).
**IMPORTANT** It is strongly adviced to choose a custom community name (-c) and a secret encryption key (-k) in order to prevent other users to connect to your PC. For privacy and to reduce the above server load, it is also suggested to set up a custom supernode as exmplained below.
**IMPORTANT** It is strongly advised to choose a custom community name (`-c`) and a secret encryption key (`-k`) in order to prevent other users to connect to your PC. For privacy and to reduce the above server load, it is also suggested to set up a custom supernode as explained below.
Setting up a custom Supernode
## Setting up a custom Supernode
-----------------------------
You can create your own infrastructure by setting up a supernode on a public server (e.g. a VPS). You just need to open a single port (1234 in the example below) on your firewall (usually iptables).
You can create your own infrastructure by setting up a supernode on a public server (e.g. a VPS). You just need to open a single port (1234 in the example below) on your firewall (usually `iptables`).
1. Install the n2n package
1. Install the n2n package
2. Edit `/etc/n2n/supernode.conf` and add the following:
2. Edit `/etc/n2n/supernode.conf` and add the following:
@ -48,8 +45,7 @@ You can create your own infrastructure by setting up a supernode on a public ser
Now the supernode service should be up and running on port 1234. On your edge nodes you can now specify `-l your_supernode_ip:1234` to use it. All the edge nodes must use the same supernode.
Now the supernode service should be up and running on port 1234. On your edge nodes you can now specify `-l your_supernode_ip:1234` to use it. All the edge nodes must use the same supernode.
Routing the traffic
## Routing the traffic
-------------------
On linux, n2n provides a standard TAP interface, so routing works gracefully via the standard system utilities as follows.
On linux, n2n provides a standard TAP interface, so routing works gracefully via the standard system utilities as follows.
@ -77,12 +73,11 @@ $ sudo ip route del default
$ sudo ip route add default via 192.168.100.1
$ sudo ip route add default via 192.168.100.1
```
```
This process can be greatly simplified by using the [n2n_gateway.sh](https://github.com/ntop/n2n/blob/dev/doc/n2n_gateway.sh) script.
This process can be greatly simplified by using the [n2n_gateway.sh](doc/n2n_gateway.sh) script.
See [Routing.md](https://github.com/ntop/n2n/blob/dev/doc/Routing.md) for other use cases and in depth explanation.
See [Routing.md](doc/Routing.md) for other use cases and in depth explanation.
Manual Compilation
## Manual Compilation
------------------
On linux, compilation from source is straight forward:
On linux, compilation from source is straight forward:
@ -96,11 +91,9 @@ make install
```
```
For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions.
For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions.
For MacOS, check out [macOS.md](doc/macOS.md).
For MacOS, check out [n2n_on_MacOS.txt](https://github.com/ntop/n2n/blob/dev/doc/n2n_on_MacOS.txt).
## Running edge as a service
Running edge as a service
-------------------------
edge can also be run as a service instead of cli:
edge can also be run as a service instead of cli:
@ -111,16 +104,14 @@ edge can also be run as a service instead of cli:
You can run multiple edge service instances by creating `/etc/n2n/edge-instance1.conf` and
You can run multiple edge service instances by creating `/etc/n2n/edge-instance1.conf` and
starting it with `sudo systemctl start edge@instance1`.
starting it with `sudo systemctl start edge@instance1`.
IPv6 Support
## IPv6 Support
------------
N2n can tunnel IPv6 traffic into the virtual network but does not support
N2N can tunnel IPv6 traffic into the virtual network but does not support
IPv6 for edge-to-supernode communication yet.
IPv6 for edge-to-supernode communication yet.
Check out [IPv6.md](https://github.com/ntop/n2n/blob/dev/doc/IPv6.md) for more information.
Check out [IPv6.md](https://github.com/ntop/n2n/blob/dev/doc/IPv6.md) for more information.
Security considerations
## Security considerations
-----------------------
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions.
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions.
@ -135,26 +126,26 @@ so it is recommended to enable it on all the edge nodes by specifying the `-A` o
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
Contribution
## Contribution
------------
You can contribute to n2n in variuos ways:
You can contribute to n2n in various ways:
- Update an [open issue](https://github.com/ntop/n2n/issues) or create a new one with detailed information
- Update an [open issue](https://github.com/ntop/n2n/issues) or create a new one with detailed information
- Propose new features
- Propose new features
- Improve the documentation
- Improve the documentation
- Provide pull requests with enhancenents
- Provide pull requests with enhancements
For details about the internals of n2n check out [Hacking guide](https://github.com/ntop/n2n/blob/dev/doc/HACKING).
For details about the internals of n2n check out [Hacking guide](https://github.com/ntop/n2n/blob/dev/doc/HACKING).
Related Projects
## Related Projects
----------------
Here is a list of third-party projects connected to this repository.
Here is a list of third-party projects connected to this repository.
- N2n for android: [hin2n](https://github.com/switch-iot/hin2n)
- N2N for Android: [hin2n](https://github.com/switch-iot/hin2n)
- N2n v1 and v2 version from meyerd: [meyerd n2n](https://github.com/meyerd/n2n)
- N2N v1 and v2 version from meyerd: [meyerd n2n](https://github.com/meyerd/n2n)
- Go bindings, management daemons and CLIs for n2n edges and supernodes, Docker, Kubernetes & Helm Charts: [pojntfx/gon2n](https://pojntfx.github.io/gon2n/)
In order to use n2n on macOS, you first need to install support for TUN/TAP interfaces:
```bash
brew tap homebrew/cask
brew cask install tuntap
```
If you are on a modern version of macOS (i.e. Catalina), the commands above will ask you to enable the TUN/TAP kernel extension in System Preferences → Security & Privacy → General.
For more information refer to vendor documentation or the [Apple Technical Note](https://developer.apple.com/library/content/technotes/tn2459/_index.html).