How to Use n2n to configure a practical and free VPN solution on Linux

How to Use n2n to configure a practical and free VPN solution on Linux

A Traditional VPN, such as OpenVPN or PPTP, is composed of a VPN Server and one or more clients connected to this server. When any two VPN clients communicate with each other, the VPN Server needs to relay the VPN data traffic between them. The problem with such a central radiation VPN topology is that when the number of connected clients increases, the VPN Server can easily become a performance bottleneck. In a sense, the centralized VPN Server also becomes a single point of failure source, that is, when the VPN Server fails, the whole VPN will not be accessible by any VPN Client.

Point-to-Point VPN (P2P VPN) is another VPN model. It can solve these problems in traditional server-client-based VPN. A P2P VPN no longer has a central VPN Server. Any node with a public IP Address can direct other nodes to the VPN. After connecting to a VPN, each node can directly communicate with any other node in the VPN without passing through an intermediate server node. Of course, if any node fails, the remaining nodes in the VPN will not be affected. Latency, bandwidth, and VPN scalability in nodes are naturally improved. This is ideal when you want to use VPN for multiplayer games or share files with many friends.

There are already several open-source P2P VPN implementations, such as Tinc, peerVPN, and n2n. In this tutorial, I will showHow to UseN2nConfigure point-to-point VPN.

N2n is an open-source GPLv3 software that allows you to build an encrypted 2/3-layer point-to-point VPN between users. The VPN built by n2n is "NAT-friendly". That is to say, two users behind different NAT routers can directly communicate with each other through VPN. N2n supports symmetric NAT, which is the most restrictive type in NAT. Therefore, the VPN data traffic of n2n is encapsulated by UDP.

An n2n VPN consists of two types of nodes: edge nodes and super nodes. An edge node is a computer connected to a VPN, which may be behind a NAT router. A super node is a computer with a public IP address. It will help the edge nodes behind NAT to perform initial communication. To create a P2P VPN in a user, we need at least one super node.

Preparations

In this tutorial, I will create a P2P VPN with three nodes: A super node and two edge nodes. The only requirement is that edge nodes need to be able to ping the IP addresses of super-level nodes, and whether they are after the NAT router is irrelevant.

Install n2n on Linux

To build a P2P VPN with n2n, you need to install n2n on each node, including the super node.

Due to its streamlined dependency requirements, n2n can be easily compiled on most Linux platforms.

Install n2n On Debian-based systems:

 
 

  
  
$ sudo apt-get install subversion build-essential libssl-dev
  
  
$ svn co https://svn.ntop.org/svn/ntop/trunk/n2n
  
  
$ cd n2n/n2n_v2
  
  
$ make
  
  
$ sudo make install 
 
 

Install n2n on a Red Hat-based system:

 
 

  
  
$ sudo yum install subversion gcc-c++ openssl-devel
  
  
$ svn co https://svn.ntop.org/svn/ntop/trunk/n2n
  
  
$ cd n2n/n2n_v2
  
  
$ make
  
  
$ sudo make install 
 
 

Configure a P2P VPN with n2n

As mentioned above, we need at least one super node, which will act as an initialized boot server. Assume that the IP address of this super node is 1.1.1.1.

Super node:

Run the following command on a computer that acts as a super node. "-L <port>" specifies the listening port of the super node. The root permission is not required to run supernode.

 
 

  
  
$ supernode -l 5000 
 
 

Edge node:

On each edge node, use the following command to connect to a P2P VPN. The edge daemon will run in the background.

Edge node #1:

 
 

  
  
 $ sudo edge -d edge0 -a 10.0.0.10 -c mynetwork -u 1000 -g 1000 -k password -l 1.1.1.1:5000 -m ae:e0:4f:e7:47:5b 
 
 

Edge node #2:

 
 

  
  
 $ sudo edge -d edge0 -a 10.0.0.11 -c mynetwork -u 1000 -g 1000 -k password -l 1.1.1.1:5000 -m ae:e0:4f:e7:47:5c 
 
 

The following are some explanations of the command line:

• The "-d <Interface Name>" option specifies the name of the TAP interface created by the edge command.
• "-A <IP address>" option statically) specifies the IP address of the VPN allocated to the TAP interface. If you want to use DHCP, You need to configure a DHCP server on one of the edge nodes and use the "-a dhcp: 0.0.0.0" option instead.
• The "-c <Group Name>" option specifies the maximum length of the VPN group name to 16 bytes ). This option can be used to create multiple VPNs in the same group of nodes.
• The "-u" and "-g" options are used to drop the root permission after creating a TAP interface. The edge daemon runs as the specified user/group ID.
• The-k <key> option specifies a key encrypted by twofish. If you want to hide the key from the command line, you can use the N2N_KEY environment variable.
• The "-l <IP Address: Port>" option specifies the IP address and port number of the super node listener. For redundancy, you can specify A maximum of two super nodes, for example,-l <super node A>-l <super node B> ).
• "-M" assigns a static MAC address to the TAP interface. If this parameter is not used, the edge command randomly generates a MAC address. In fact, it is strongly recommended to force a static MAC address for a VPN interface. Otherwise, for example, when you restart the edge daemon on a node, the ARP cache of other nodes will be contaminated by the newly generated MAC address, they will not be able to send data to this node until the contaminated ARP records are eliminated.

So far, you should be able to ping the other edge node with the vpn ip address from one edge node.

Troubleshooting

Note that the edge daemon requires the superuser permission to create a TAP interface. Therefore, you must use the root permission for execution or set SUID for the edge command. After that, you can always use the "-u" and "-g" options to revoke root permissions.

Summary

N2n can be a free VPN solution for you. You can easily configure a super node, whether using your own home network or purchasing a VPS instance with public access from the cloud host provider. You no longer need to put sensitive creden and keys in the hands of a third-party VPN provider, using n2n, you can configure your own low-latency, high-bandwidth, and scalable P2P VPN among your friends.

Do you have any idea about n2n? Please share your opinion in the comments.

Via: http://xmodulo.com/configure-peer-to-peer-vpn-linux.html

Author: Dan Nanni Translator: felixonmars Proofreader: wxy