n2n打洞

n2n最新地址https://github.com/ntop/n2n
下载安装最新版安装包

超级节点
在/etc/n2n/supernode.conf添加端口，白名单或防火墙方向以下端口，其他edge节点就通过supernode的这个端口进行通讯

-p=1234

然后启动服务并加入自启动

systemctl enable --now supernode.service

边缘节点

sudo edge -c mynetwork -r -n 10.131.31.0/24:179.10.10.5 -n 192.168.100.0/24:179.10.10.2 -n 10.0.25.0/24:179.10.10.15 -k liweilun123. -A4 -a 179.10.10.1 -f -l 1.1.1.1:59966

-c <community>    | n2n community name the edge belongs to 表示n2n组网属于那个集群
-r                | enable packet forwarding through n2n community 表示允许数据包通过n2n网关传递
-n <cidr:gateway> | route an IPv4 network via the gateway, use 0.0.0.0/0 for
                  | the default gateway, can be set multiple times 表示通过某个n2n节点作为网关进行访问该ipv4网段，可以设置多个-n参数
-k <key>          | encryption key (ASCII) - also N2N_KEY=<key> 表示加密密钥值
-A1               | disable payload encryption, do not use with key, defaults
                  | to AES then 表示加密方式，A1表示禁止加密，不添加A参数表示默认AES加密
-A2 ... -A5       | choose a cipher for payload encryption, requires a key,
                  | -A2 = Twofish, -A3 = AES (default if key provided),
                  | -A4 = ChaCha20, -A5 = Speck-CTR 表示四种加密方式，加密方式不一样会导致延迟和带宽的变化，同一community的edge节点的加密方式必须一致，否则无法解密数据导致无法通讯
-a [mode]<ip>[/n] | interface address and optional CIDR subnet, default '/24',
                  | mode = [static|dhcp]:, for DHCP use '-r -a dhcp:0.0.0.0',
                  | edge draws IP address from supernode if no '-a ...' given 表示edge节点的地址ip，可以是静态或者由supernode进行dhcp。子网默认/24掩码
-f                | do not fork and run as a daemon, rather run in foreground 表示进程前台运行，一般此参数用于测试或systemd service内
-l <host:port>   | supernode ip address or name, and port 表示supernode的ip或域名和端口

[root@node7 ~]# sudo edge -c mynetwork -r -n 10.131.31.0/24:179.10.10.5 -n 192.168.100.0/24:179.10.10.2 -n 10.0.25.0/24:179.10.10.15 -k liweilun123. -A4 -a 179.10.10.1 -f -l 1.1.1.1:59966
15/Mar/2022 17:38:00 [edge.c:703] adding 10.131.31.0/24 via 179.10.10.5
15/Mar/2022 17:38:00 [edge.c:703] adding 192.168.100.0/24 via 179.10.10.2
15/Mar/2022 17:38:00 [edge.c:703] adding 10.0.25.0/24 via 179.10.10.15
15/Mar/2022 17:38:00 [edge_utils.c:3774] adding supernode = 1.1.1.1:59966
15/Mar/2022 17:38:00 [edge.c:1085] starting n2n edge 3.0.0 Oct 27 2021 19:04:56
15/Mar/2022 17:38:00 [edge.c:1091] using compression: none.
15/Mar/2022 17:38:00 [edge.c:1092] using ChaCha20 cipher.
15/Mar/2022 17:38:00 [edge_utils.c:392] number of supernodes in the list: 1
15/Mar/2022 17:38:00 [edge_utils.c:394] supernode 0 => 1.1.1.1:59966
15/Mar/2022 17:38:00 [edge_utils.c:483] successfully created resolver thread
15/Mar/2022 17:38:00 [edge.c:1116] use manually set IP address
15/Mar/2022 17:38:00 [edge.c:1231] created local tap device IP: 179.10.10.1, Mask: 255.255.255.0, MAC: DE:50:1A:A2:93:FB
15/Mar/2022 17:38:00 [edge.c:1298] WARNING: n2n has not been compiled with libcap-dev; some commands may fail
15/Mar/2022 17:38:00 [edge.c:1303] dropping privileges to uid=997, gid=993
15/Mar/2022 17:38:00 [edge.c:1329] edge started
15/Mar/2022 17:38:00 [edge_utils.c:1132] successfully joined multicast group 224.0.0.68:1968
15/Mar/2022 17:38:00 [edge_utils.c:2730] [OK] edge <<< ================ >>> supernode
16/Mar/2022 09:17:58 [edge_utils.c:1541] WARNING: supernode not responding, now trying [120.24.26.24:59966]
^C16/Mar/2022 12:27:30 [edge.c:959] shutting down...
16/Mar/2022 12:27:30 [edge_utils.c:3001] **********************************
16/Mar/2022 12:27:30 [edge_utils.c:3002] Packet stats:
16/Mar/2022 12:27:30 [edge_utils.c:3003]       TX P2P: 0 pkts
16/Mar/2022 12:27:30 [edge_utils.c:3004]       RX P2P: 0 pkts
16/Mar/2022 12:27:30 [edge_utils.c:3005]       TX Supernode: 38 pkts (9 broadcast)
16/Mar/2022 12:27:30 [edge_utils.c:3006]       RX Supernode: 21 pkts (2 broadcast)
16/Mar/2022 12:27:30 [edge_utils.c:3007] **********************************

edge节点关闭n2n组网进程时会分别统计p2p直连和supernode转发的tx和rx流量。这里显示p2p为0，证明是边缘节点之间的流量通讯只走了supernode的转发，打洞失败。