Windows system >> Linux system Tutorial >> Linux system FAQ

How to configure peer-to-peer VPN

  
on Linux A traditional VPN (such as OpenVPN, PPTP) consists of a VPN server and one or more clients connected to this server. When any two VPN clients communicate with each other, the VPN server needs to relay VPN data traffic between them. The problem with such a hub-and-spoke VPN topology is that VPN servers can easily become a performance bottleneck when the number of connected clients increases. In a sense, a centralized VPN server is also a source of single point of failure, which means that when a VPN server fails, the entire VPN will not be accessible by any VPN client. Point-to-point VPN (also known as P2P VPN) is another VPN model that addresses these issues with traditional server-client model-based VPNs. There is no longer a central VPN server in a P2P VPN, and any node with a public IP address can direct other nodes into the VPN. When connected to a VPN, each node can communicate directly with any other node in the VPN without going through an intermediate server node. Of course, when any node fails, the remaining nodes in the VPN will not be affected. Delays, bandwidth, and VPN scalability in nodes are naturally improved in such settings, which is ideal when you want to use VPN for multiplayer games or share files with many friends. There are several open source P2P VPN implementations, such as Tinc, peerVPN, and n2n. In this tutorial, I will show you how to configure a peer-to-peer VPN with n2n on Linux. N2n is an open source (GPLv3) software that allows you to build an encrypted 2/3 layer peer-to-peer VPN between users. The VPN built by n2n is “NA friendly to NAT”; that is, two users behind different NAT routers can communicate directly with each other through VPN. N2n supports symmetric NAT types, which is the most restrictive one in NAT. Therefore, n2n's VPN data traffic is encapsulated in UDP. An n2n VPN consists of two types of nodes: an edge node and a super node. An edge node is a computer connected to a VPN, which may be behind a NAT router. A supernode is a computer with a publicly accessible IP address that will help the edge nodes behind the NAT to communicate initially. To create a P2P VPN among users, we need at least one supernode. Getting Ready
In this tutorial, I will create a P2P VPN with 3 nodes: one super node and two edge nodes. The only requirement is that the edge nodes need to be able to ping the super node's IP address, and it doesn't matter if they are behind the NAT router. Installing n2n on Linux
To build a P2P VPN with n2n, you need to install n2n on each node, including the supernode. Because of its very lean dependencies, n2n can be easily compiled on most Linux platforms. Install n2n on a Debian-based system: 
 $ sudo apt-get install subversion build-essential libssl-dev $ svn co https://svn.ntop.org/svn/ntop/trunk/n2n $ cd n2n/n2n_v2 $ make $ sudo make install install n2n on a Red Hat-based system: 
 $ sudo yum install subversion gcc-c++ openssl-devel $ svn co https://svn.ntop.org/svn/ntop/trunk/n2n $ cd n2n/n2n_v2 $ make $ sudo make install Configure a P2P VPN with n2n
 As mentioned earlier, we need at least one supernode, which will act as an initial boot server. We assume that the IP address of this supernode is 1.1.1.1. SuperNode: 
Run the following command on a computer that acts as a supernode. Where “-l <port>” specifies the listening port of the supernode. Running roots does not require root privileges. 
 $ supernode -l 5000 Edge node: 
 On each edge node, use the following command to connect to a P2P VPN. The edge daemon will run in the background. Edge node #1:
 $ sudo edge -d edge0 -a 10.0.0.10 -c mynetwork -u 1000 -g 1000 -k password -l 1.1.1.1:5000 -m ae:e0:4f:e7:47: 5b edge node #2:
 $ sudo edge -d edge0 -a 10.0.0.11 -c mynetwork -u 1000 -g 1000 -k password -l 1.1.1.1:5000 -m ae:e0:4f:e7:47 :5c Below is some explanation of the command line: The “-d <interface name>” option specifies the name of the TAP interface created by the edge command. The “-a <IP address>” option (statically) specifies the IP address of the VPN assigned to the TAP interface. If you want to use DHCP, you need to configure a DHCP server on one of the edge nodes and then use the “-a dhcp:0.0.0.0” option instead. The “-c <group name>” option specifies the name of the VPN group (maximum length is 16 bytes). This option can be used to create multiple VPNs in the same set of nodes. The “-u” and “-g” options are used to drop the root privilege after creating a TAP interface. The edge daemon will run as the specified user/group ID. The “-k <key>” option specifies a key that is encrypted by twofish. If you want to hide the key from the command line, you can use the N2N_KEY environment variable. The “-l <IP address:port>” option specifies the listening IP address and port number of the supernode. For redundancy, you can specify up to two different supernodes (such as -l <supernode A> -l <supernode B>). “-m ” Assign a static MAC address to the TAP interface. Without this parameter, the edge command will randomly generate a MAC address. In fact, it is highly recommended to force a static MAC address for a VPN interface. Otherwise, for example, when you restart the edge daemon on one node, the ARP caches of other nodes will be contaminated by the newly generated MAC address, they will not be able to send data to this node until the contaminated ARP record Was eliminated. 
 
 At this point, you should be able to ping another edge node from one edge node with a VPN IP address. 
 Troubleshooting 
 The following error was encountered while calling the edge daemon. 
 n2n[4405]: ERROR: ioctl() [Operation not permitted][-1]
 Note The edge daemon requires superuser privileges to create a TAP interface. So you need to make sure to execute with root privileges or set the SUID for the edge command. You can then use the “-u” and “-g” options to deny the root privilege. 
 Summary 
 n2n can be a free VPN solution that is very useful for you. You can easily configure a supernode, whether it's using your own home network or a publicly accessible VPS instance from a cloud hosting provider. You no longer need to put sensitive credentials and keys in the hands of third-party VPN providers. With n2n, you can configure your own low-latency, high-bandwidth, scalable P2P VPN among your friends.
Linux system FAQ
Windows system
Linux system to retrieve lost disk space

Some users of Linux systems often encounter, showing that the disk space is full, you have to delete
How does the Linux system upload and download files with SecureCRT?

        1, need to upload or download, you need to use the rz and sz commands. If you do not have th
How does Linux extend the XFS file system?

How Linux extends the XFS file system. There is extra space on the disk, so I want to extend the exi
Linux pipeline command

        The pipe command operator is: ”
Performance query command under linux

         (1) View the usage of each CPU core sudo top -d 1 After entering, press 1, the following CP
About multithreading under Linux

         First, thread creation header file #include <pthread.h> function declaration int pth
  • Linux system FAQ
  • Linux Tutorial
  • About Linux

    • How to delete the shadow part of the PNG picture in the pure version of win7?

    Win10 shared wifi how to close win10 shared wifi off tutorial

    7 reasons why users choose Windows 7

    Bootcamp installation Windows XP patch space shortage problem solution

    Windows 7 RC version expires today automatically restarts

    Linux Shell learning: uniq command usage method introduction

    How to install win8 for virtual machine?

    Windows XP can also burn discs

    Coupling to help you on the blocked website Solution you come to learn

    Windows XP system startup speed question and answer question

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved