mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
updated README.md
This commit is contained in:
parent
1a5d753b98
commit
4d5a835553
18
README.md
18
README.md
|
@ -11,6 +11,7 @@ A virtual network shared between multiple edge nodes in n2n is called a _communi
|
||||||
|
|
||||||
N2N tries to establish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.
|
N2N tries to establish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.
|
||||||
|
|
||||||
|
|
||||||
## Quick Setup
|
## Quick Setup
|
||||||
|
|
||||||
Some Linux distributions already provide n2n as a package so a simple `sudo apt install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/).
|
Some Linux distributions already provide n2n as a package so a simple `sudo apt install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/).
|
||||||
|
@ -73,6 +74,8 @@ On linux, compilation from source is straight forward:
|
||||||
./configure
|
./configure
|
||||||
make
|
make
|
||||||
|
|
||||||
|
Parts of the code – especially Speck cipher and the header encryption – speedwise benefit from compiler optimizations and platform features such as NEON, SSE and AVX. To enable, use `./configure CFLAGS="-O3 -march=native"` instead.
|
||||||
|
|
||||||
# optionally install
|
# optionally install
|
||||||
make install
|
make install
|
||||||
```
|
```
|
||||||
|
@ -102,18 +105,25 @@ Check out [IPv6.md](https://github.com/ntop/n2n/blob/dev/doc/IPv6.md) for more i
|
||||||
|
|
||||||
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions.
|
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions.
|
||||||
|
|
||||||
**IMPORTANT** Encryption is only applied to the packet payload. Some metadata like the virtual MAC address
|
Different encryption schemes are applied to the packet payload and to the header which
|
||||||
of the edge nodes, their IP address and the community are sent in cleartext.
|
contains some metadata like the virtual MAC address of the edge nodes, their IP address and the community
|
||||||
|
name.
|
||||||
|
|
||||||
When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between
|
When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between
|
||||||
two edge nodes, but it will know that edge A is talking with edge B.
|
two edge nodes, but it will know that edge A is talking with edge B.
|
||||||
|
|
||||||
Recently AES encryption support has been implemented, which increases both security and performance,
|
Recently AES encryption support has been implemented, which increases both security and performance,
|
||||||
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible
|
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible
|
||||||
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4
|
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use `-A3`.
|
||||||
|
|
||||||
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
|
||||||
|
|
||||||
|
Use `-H` on the edges to enable header encryption. Note, that header encryption is a per-community
|
||||||
|
decision, i.e. all edges of one community need to have it either enabled or disabled. The supernode
|
||||||
|
can handle encrypted and unencrypted headers. As the key fro header encryption is derived from the
|
||||||
|
community names, it requires the supernode to be used with fixed communities `-c <path to communities file>`
|
||||||
|
parameter.
|
||||||
|
|
||||||
## Contribution
|
## Contribution
|
||||||
|
|
||||||
You can contribute to n2n in various ways:
|
You can contribute to n2n in various ways:
|
||||||
|
@ -136,4 +146,4 @@ Here is a list of third-party projects connected to this repository.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
(C) 2007-2019 - ntop.org and contributors
|
(C) 2007-2020 - ntop.org and contributors
|
||||||
|
|
Loading…
Reference in New Issue
Block a user