kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1162 Commits
7 Branches
7 Tags
23 MiB
 
 
 
 
 
 
Tree: e2a33b7571
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2a33b7571'
${ noResults }
Hamish Coleman e2a33b7571
Implement initial help command for subscription topics 		3 years ago
.ci Traffic Restrictions, Pass Build on CircleCI and local Windows 10 VS2019 (#499) 4 years ago
.circleci handled all remaining lint warnings (#875) 3 years ago
.github/workflows actions/upload-artifact@v2 with path does not take a list 3 years ago
doc Ensure we have a local copy of the tag in our request structure - which will be useful for the event framework 3 years ago
include keep private enum definition local to the management code 3 years ago
legacy Code rework changes 5 years ago
packages Minor build document improvments (#926) 3 years ago
scripts Tracebacks contain full paths and cannot be part of the expected test data 3 years ago
src Implement initial help command for subscription topics 3 years ago
tests Tracebacks contain full paths and cannot be part of the expected test data 3 years ago
thirdparty re-enabled libnatpmp with CMake on Windows (#918) 3 years ago
tools Increase code Coverage (#897) 3 years ago
win32 Remove one remaining use of N2N_OSNAME and cleanup 3 years ago
wireshark Add dissector port note 5 years ago
.gitignore added port forwarding (upnp and natpmp) (#905) 3 years ago
.gitmodules added port forwarding (upnp and natpmp) (#905) 3 years ago
.travis.yml Linting for yaml files (#872) 3 years ago
.yamllint.yml Linting for yaml files (#872) 3 years ago
CHANGELOG.md updated CHANGELOG.md 4 years ago
CMakeLists.txt of course, tuntap drivers are needed to run edge, so we cannot test that on darwin without writing a dummy tuntap driver 3 years ago
COPYING Initial SVN import of n2n v2 8 years ago
INSTALL Initial SVN import of n2n v2 8 years ago
LICENSE Initial commit 8 years ago
Makefile.in Attempt to simplify adding new tests 3 years ago
README.md updated building documentation (#911) 3 years ago
VERSION Use one common file for the version number in both build systems 3 years ago
autogen.sh Remove the correct files during autogen 3 years ago
community.list removed begin and end from reg exp 4 years ago
config.guess Added configure and autogen.sh 6 years ago
configure.ac Fix Cmake libpcap detection logic (#943) 3 years ago
contributors.txt Updated contributors 4 years ago
edge.8 added port forwarding (upnp and natpmp) (#905) 3 years ago
n2n.7 updated n2n.7 man page (#825) 3 years ago
supernode.1 updated JSON API password handling '--management-password <pw>' (#869) 3 years ago
uncrustify.cfg Basic C Code lint checker and shell checker (#859) 3 years ago

README.md

Build Status

n2n

n2n is a light VPN software which makes it easy to create virtual networks bypassing intermediate firewalls.

In order to start using n2n, two elements are required:

  • A supernode: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.
  • edge nodes: the nodes which will be a part of the virtual networks

A virtual network shared between multiple edge nodes in n2n is called a community. A single supernode can relay multiple communities and a single computer can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.

n2n tries to establish a direct peer-to-peer connection via udp between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.

Quick Setup

Some Linux distributions already provide n2n as a package so a simple sudo apt install n2n will do the work. Alternatively, up-to-date packages for most distributions are available on ntop repositories.

On host1 run:

$ sudo edge -c mynetwork -k mysecretpass -a 192.168.100.1 -f -l supernode.ntop.org:7777

On host2 run:

$ sudo edge -c mynetwork -k mysecretpass -a 192.168.100.2 -f -l supernode.ntop.org:7777

Now the two hosts can ping each other.

IMPORTANT It is strongly advised to choose a custom community name (-c) and a secret encryption key (-k) in order to prevent other users from connecting to your computer. For the privacy of your data sent and to reduce the server load of supernode.ntop.org, it is also suggested to set up a custom supernode as explained below.

Setting up a Custom Supernode

You can create your own infrastructure by setting up a supernode on a public server (e.g. a VPS). You just need to open a single port (1234 in the example below) on your firewall (usually iptables).

  1. Install the n2n package
  2. Edit /etc/n2n/supernode.conf and add the following: 
    -p=1234
  3. Start the supernode service with sudo systemctl start supernode
  4. Optionally enable supernode start on boot: sudo systemctl enable supernode

Now the supernode service should be up and running on port 1234. On your edge nodes you can now specify -l your_supernode_ip:1234 to use it. All the edge nodes must use the same supernode.

Manual Compilation

On Linux, compilation from source is straight forward:

./autogen.sh
./configure
make

# optionally install
make install

For Windows, MacOS, CMake, optimizations and general building options, please check out Building documentation for compilation and running.

IMPORTANT It is generally recommended to use the latest stable release. Please note that the current dev branch usually is not guaranteed to be backward compatible neither with the latest stable release nor with previous dev states. On the other hand, if you dare to try bleeding edge features, you are encouraged to compile from dev – just keep track of sometimes rapidly occuring changes. Feedback in the Issues section is appreciated.

Security Considerations

When payload encryption is enabled (provide a key using -k), the supernode will not be able to decrypt the traffic exchanged between two edge nodes but it will know that edge A is talking with edge B.

The choice of encryption schemes that can be applied to payload has recently been enhanced. Please have a look at Crypto description for a quick comparison chart to help make a choice. n2n edge nodes use AES encryption by default. Other ciphers can be chosen using the -A_ option.

A benchmark of the encryption methods is available when compiled from source with tools/n2n-benchmark.

The header which contains some metadata like the virtual MAC address of the edge nodes, their IP address, their real hostname and the community name optionally can be encrypted applying -H on the edges.

Advanced Configuration

More information about communities, support for multiple supernodes, routing, traffic restrictions and on how to run an edge as a service is available in the more detailed documentation.

Contribution

You can contribute to n2n in various ways:

  • Update an open issue or create a new one with detailed information
  • Propose new features
  • Improve the documentation
  • Provide pull requests with enhancements

For details about the internals of n2n check out the Hacking guide.

Further Readings and Related Projects

Answers to frequently asked questions can be found in our FAQ document.

Here is a list of third-party projects connected to this repository:

  • Collection of pre-built binaries for Windows: lucktu
  • n2n for Android: hin2n
  • Docker images: Docker Hub
  • Go bindings, management daemons and CLIs for n2n edges and supernodes, Docker, Kubernetes & Helm Charts: pojntfx/gon2n

(C) 2007-21 - ntop.org and contributors