n2n最新地址https://github.com/ntop/n2n
下载安装最新版安装包
超级节点
在/etc/n2n/supernode.conf添加端口,白名单或防火墙方向以下端口,其他edge节点就通过supernode的这个端口进行通讯
-p=1234
然后启动服务并加入自启动
systemctl enable --now supernode.service
边缘节点
sudo edge -c mynetwork -r -n 10.131.31.0/24:179.10.10.5 -n 192.168.100.0/24:179.10.10.2 -n 10.0.25.0/24:179.10.10.15 -k liweilun123. -A4 -a 179.10.10.1 -f -l 1.1.1.1:59966
-c <community> | n2n community name the edge belongs to 表示n2n组网属于那个集群
-r | enable packet forwarding through n2n community 表示允许数据包通过n2n网关传递
-n <cidr:gateway> | route an IPv4 network via the gateway, use 0.0.0.0/0 for
| the default gateway, can be set multiple times 表示通过某个n2n节点作为网关进行访问该ipv4网段,可以设置多个-n参数
-k <key> | encryption key (ASCII) - also N2N_KEY=<key> 表示加密密钥值
-A1 | disable payload encryption, do not use with key, defaults
| to AES then 表示加密方式,A1表示禁止加密,不添加A参数表示默认AES加密
-A2 ... -A5 | choose a cipher for payload encryption, requires a key,
| -A2 = Twofish, -A3 = AES (default if key provided),
| -A4 = ChaCha20, -A5 = Speck-CTR 表示四种加密方式,加密方式不一样会导致延迟和带宽的变化,同一community的edge节点的加密方式必须一致,否则无法解密数据导致无法通讯
-a [mode]<ip>[/n] | interface address and optional CIDR subnet, default '/24',
| mode = [static|dhcp]:, for DHCP use '-r -a dhcp:0.0.0.0',
| edge draws IP address from supernode if no '-a ...' given 表示edge节点的地址ip,可以是静态或者由supernode进行dhcp。子网默认/24掩码
-f | do not fork and run as a daemon, rather run in foreground 表示进程前台运行,一般此参数用于测试或systemd service内
-l <host:port> | supernode ip address or name, and port 表示supernode的ip或域名和端口
[root@node7 ~]# sudo edge -c mynetwork -r -n 10.131.31.0/24:179.10.10.5 -n 192.168.100.0/24:179.10.10.2 -n 10.0.25.0/24:179.10.10.15 -k liweilun123. -A4 -a 179.10.10.1 -f -l 1.1.1.1:59966
15/Mar/2022 17:38:00 [edge.c:703] adding 10.131.31.0/24 via 179.10.10.5
15/Mar/2022 17:38:00 [edge.c:703] adding 192.168.100.0/24 via 179.10.10.2
15/Mar/2022 17:38:00 [edge.c:703] adding 10.0.25.0/24 via 179.10.10.15
15/Mar/2022 17:38:00 [edge_utils.c:3774] adding supernode = 1.1.1.1:59966
15/Mar/2022 17:38:00 [edge.c:1085] starting n2n edge 3.0.0 Oct 27 2021 19:04:56
15/Mar/2022 17:38:00 [edge.c:1091] using compression: none.
15/Mar/2022 17:38:00 [edge.c:1092] using ChaCha20 cipher.
15/Mar/2022 17:38:00 [edge_utils.c:392] number of supernodes in the list: 1
15/Mar/2022 17:38:00 [edge_utils.c:394] supernode 0 => 1.1.1.1:59966
15/Mar/2022 17:38:00 [edge_utils.c:483] successfully created resolver thread
15/Mar/2022 17:38:00 [edge.c:1116] use manually set IP address
15/Mar/2022 17:38:00 [edge.c:1231] created local tap device IP: 179.10.10.1, Mask: 255.255.255.0, MAC: DE:50:1A:A2:93:FB
15/Mar/2022 17:38:00 [edge.c:1298] WARNING: n2n has not been compiled with libcap-dev; some commands may fail
15/Mar/2022 17:38:00 [edge.c:1303] dropping privileges to uid=997, gid=993
15/Mar/2022 17:38:00 [edge.c:1329] edge started
15/Mar/2022 17:38:00 [edge_utils.c:1132] successfully joined multicast group 224.0.0.68:1968
15/Mar/2022 17:38:00 [edge_utils.c:2730] [OK] edge <<< ================ >>> supernode
16/Mar/2022 09:17:58 [edge_utils.c:1541] WARNING: supernode not responding, now trying [120.24.26.24:59966]
^C16/Mar/2022 12:27:30 [edge.c:959] shutting down...
16/Mar/2022 12:27:30 [edge_utils.c:3001] **********************************
16/Mar/2022 12:27:30 [edge_utils.c:3002] Packet stats:
16/Mar/2022 12:27:30 [edge_utils.c:3003] TX P2P: 0 pkts
16/Mar/2022 12:27:30 [edge_utils.c:3004] RX P2P: 0 pkts
16/Mar/2022 12:27:30 [edge_utils.c:3005] TX Supernode: 38 pkts (9 broadcast)
16/Mar/2022 12:27:30 [edge_utils.c:3006] RX Supernode: 21 pkts (2 broadcast)
16/Mar/2022 12:27:30 [edge_utils.c:3007] **********************************
edge节点关闭n2n组网进程时会分别统计p2p直连和supernode转发的tx和rx流量。这里显示p2p为0,证明是边缘节点之间的流量通讯只走了supernode的转发,打洞失败。