enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-19 16:41:11 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Simplify and update readme

Browse Source
This commit is contained in:
Emanuele Faranda 2019-06-20 22:40:49 +00:00 committed by GitHub
parent b19232bc7a
commit b7379a0ef1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 43 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
README.md
View File

@ -1,73 +1,65 @@
# N2N # N2N
Edge node N2n is a light VPN software which make it easy to create virtual networks bypassing intermediate firewalls. In order to start using N2N, two elements are required:
---------
You need to start an edge node on each host you want to connect with the *same* - A *supernode*: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.
community.
Enable the edge process - *Edge* nodes: the nodes which will be part of the virtual networks
A virtual network shared between multiple edge nodes in n2n is called a *community*. A single supernode can relay multiple communities and a single PC can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.
Quick Setup
-----------
Some linux distributions already provide n2n as a package so a simple `sudo apt-get install n2n` will do the work. Alternatively, up to date packages for most distributions are available on [ntop repositories](http://packages.ntop.org/).
On host1 run:
```sh ```sh
$ sudo ./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw $ sudo edge -c mynetwork -k mysecretpass -a 192.168.100.1 -f -l supernode.ntop.org:7777
``` ```
or On host2 run:
```sh ```sh
$ N2N_KEY=encryptme sudo ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw $ sudo edge -c mynetwork -k mysecretpass -a 192.168.100.2 -f -l supernode.ntop.org:7777
``` ```
By defaul the edge will run in background but you can use the `-f` option to keep it in foreground. Now the two hosts can ping each other.
Windows **IMPORTANT** It is strongly adviced to choose a custom community name (-c) and a secret encryption key (-k) in order to prevent other users to connect to your PC. For privacy and to reduce the above server load, it is also suggested to set up a custom supernode as exmplained below.
-------
Check out doc/Windows.md for compilation and run instuctions. Manual Compilation
------------------
Note that `-d`, `-u`, `-g` and `-f` options are not available for Windows. On linux, compilation from source is straight forward:
Supernode ```sh
-------- ./autogen.sh
./configure
make
You need to start the supernode once (no need to be root unless you want to use a privileged port) # optionally install
make install
```
1. `./supernode -l 1234 -v` For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions.
Dropping Root Privileges and SUID-Root Executables (UNIX) For MacOS, check out [n2n_on_MacOS.txt](https://github.com/ntop/n2n/blob/dev/doc/n2n_on_MacOS.txt).
--------------------------------------------------
The edge node uses superuser privileges to create a TAP network interface Setting up a custom Supernode
device. Once this is created root privileges are not required and can constitute -----------------------------
a security hazard if there is some way for an attacker to take control of an
edge process while it is running. Edge will drop to a non-privileged user if you
specify the `-u <uid>` and `-g <gid>` options. These are numeric IDs. Consult
`/etc/passwd`.
You may choose to install edge SUID-root to do this: You can create your own infrastructure by setting up a supernode on a public server (e.g. a VPS). You just need to open a single port (1234 in the example below) on your firewall (usually iptables).
1. Become root 1. Install the n2n package
2. `chown root:root edge` 2. Edit `/etc/n2n/supernode.conf` and add the following:
3. `chmod +s edge` ```
4. done -l=1234
```
Any user can now run edge. You may not want this, but it may be convenient and 3. Start the supernode service with `sudo systemctl start supernode`
safe if your host has only one login user.
Running As a Daemon (UNIX)
--------------------------
Unless given `-f` as a command line option, edge will call daemon(3) after
successful setup. This causes the process to fork a child which closes stdin,
stdout and stderr then sets itself as process group leader. When this is done,
the edge command returns immediately and you will only see the edge process in
the process listings, eg. from ps or top.
If the edge command returns 0 then the daemon started successfully. If it
returns non-zero then edge failed to start up for some reason. When edge starts
running as a daemon, all logging goes to syslog daemon.info facility.
Now the supernode service should be up and running on port 1234. On your edge nodes you can now specify `-l your_supernode_ip:1234` to use it. All the edge nodes must use the same supernode.
IPv6 Support IPv6 Support
------------ ------------
@ -96,64 +88,18 @@ Once the IPv6 addresses are configured and edge started, IPv6 neighbor discovery
packets flow (get broadcast) and IPv6 entities self arrange. Test your IPv6 packets flow (get broadcast) and IPv6 entities self arrange. Test your IPv6
setup with ping6 - the IPv6 ping command. setup with ping6 - the IPv6 ping command.
Performance Notes
-----------------
The time taken to perform a ping test for various ciphers is given below:
Test: `ping -f -l 8 -s 800 -c 10000 <far_edge>`
AES (-O0) 11820
TF (-O0) 25761
TF (-O2) 20554
AES (-O3) 12532
TF (-O3) 14046
NULL (-O3) 10659
# N2N Builder (Supernode Docker Image based on Debian)
## Running the supernode image
```sh
$ docker run --rm -d -p 5645:5645/udp -p 7654:7654/udp supermock/supernode:[TAGNAME]
```
## Binary packages
If you don't like to compile from source, we build stable and nightly builds that you can find at [packages.ntop.org](http://packages.ntop.org).
## Docker registry ## Docker registry
*NOTE*: docker packages may be outdated.
- [DockerHub](https://hub.docker.com/r/supermock/supernode/) - [DockerHub](https://hub.docker.com/r/supermock/supernode/)
- [DockerStore](https://store.docker.com/community/images/supermock/supernode/) - [DockerStore](https://store.docker.com/community/images/supermock/supernode/)
## Documentation Run with:
### 1. Build image and binaries
Use `make` command to build the images. Before starting the arm32v7 platform build, you need to run this registry, so you can perform a cross-build. Just follow the documentation: https://github.com/multiarch/qemu-user-static/blob/master/README.md
```sh
$ TARGET_ARCHITECTURE=[arm32v7, x86_64, (nothing to build all architectures)] make
```
### 2. Push it
Use `make push` command to push the image, TARGET_ARCHITECTURE is necessary.
```sh
$ TARGET_ARCHITECTURE=[arm32v7, x86_64] make push
```
### 3. Test it
Once the image is built, it's ready to run:
```sh ```sh
$ docker run --rm -d -p 5645:5645/udp -p 7654:7654/udp supermock/supernode:[TAGNAME] $ docker run --rm -d -p 5645:5645/udp -p 7654:7654/udp supermock/supernode:[TAGNAME]
``` ```
----------------- -----------------
(C) 2007-2018 - ntop.org and contributors (C) 2007-2019 - ntop.org and contributors