无名阁
通过n2n穿透内网
2018-6-12 笑看风云


最近需要穿透防火墙接入内部网络,因为成本和技术问题决定N2N进行内网穿透。



n2n现在网上有两个版本,V1和V2版,Ubuntu软件源中的版本是V1版,现在V1现在很久没有更新了,性能也比不上V2版,于是改用V2版。



下面是编译过程



首先获取源码:


git clone https://github.com/meyerd/n2n --depth=1



然后进入输入下面代码:
cd ./n2n/n2n_v2

mkdir build

cd build

cmake ../

make

sudo make install



如果缺少哪些库文件把它补全就行了。






N2N分为supernode中心节点和edge边界节点,我们现在一个需要一个有着公网ip的服务器架设中心节点,架设起来很方便输入下面命令:


supernode -l 19576



现在中心节点就架设成功了,下面是边界节点的使用:
edge -c test -a 10.1.2.3 -k testtest -l test.com:12345 -r -b -m d8:6d:2a:13:6d:7f



输入上面的命令就连上了N2N网络,edge参数中-c指的是网络名,需要相同的网络名才可以连接。-a指的是本机的虚拟ip,可以根据需要自己设置。-k就是网络名密码,密码错误就不可以连接。-l就是中心节点的地址。-r就是开启网络转发,开启这个选项后添加路由表就可以在A设备连接到B设备的网络。-b就是定时更新中心节点ip。-m是指设置虚拟网卡的MAC地址。






虽然命令行也可以使用,但是不方便,我们可以通过启动脚本启动edge。



启动脚本:


#!/bin/sh

### BEGIN INIT INFO

# Provides:          n2n

# Required-Start:    $network $remote_fs $local_fs

# Required-Stop:     $remote_fs $local_fs

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: Start or stop the n2n VPN

# Description:       This script controls the n2n VPN service.

#                    It is called from the boot, halt and reboot scripts.

#                    So far, only 1 PVN is supported by this script.

#                    More can be started via the command line.

### END INIT INFO

#

# Author: Rolf Leggewie <foss@rolf.leggewie.biz>



set -e



# PATH should only include /usr/* if it runs after the mountnfs.sh script

PATH=/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin

DESC='n2n P2P VPN'

NAME=n2n

DAEMON=/usr/local/sbin/edge

DAEMON_ARGS=""             # Arguments to run the daemon with

#PIDFILE=/var/run/$NAME-edge.pid

SCRIPTNAME=/etc/init.d/$NAME



# Exit if the package is not installed

[ -x "$DAEMON" ] || exit 0



# Read configuration variable file if it is present

[ -r /etc/default/$NAME ] && . /etc/default/$NAME



# Check config

if [ -z "$N2N_EDGE_CONFIG_DONE" ]

then

	echo "Warning: n2n VPN client is not configured, edit config file in /etc/default/$NAME." 1>&2

	exit 0

fi



# Load the VERBOSE setting and other rcS variables

. /lib/init/vars.sh

. /lib/lsb/init-functions



## Make sure /var/run/n2n exists.

#if [ ! -e /var/run/$NAME ] ; then

#	mkdir -p /var/run/$NAME

#	chown proxy:proxy /var/run/$NAME

#	chmod 755 /var/run/$NAME

#fi



# Function that starts the daemon/service

#

do_start()

{

	if [ -r /sys/class/net/edge0 ]; then

	 echo edge node is already running.

	 exit 0

	fi



	# Return

	#   0 if daemon has been started

	#   1 if daemon was already running

	#   2 if daemon could not be started

	start-stop-daemon --start --quiet --user nobody --exec $DAEMON --test > /dev/null \

		|| return 1

	export N2N_KEY

	start-stop-daemon --start --quiet --user nobody --exec $DAEMON -- \

		-a $N2N_IP -c $N2N_COMMUNITY -l $N2N_SUPERNODE:$N2N_SUPERNODE_PORT \

		-u $(id -u nobody) -g $(id -g nobody) $DAEMON_ARGS $N2N_DAEMON_OPTS \

		|| return 2

}



#

# Function that stops the daemon/service

#

do_stop()

{

	# Return

	#   0 if daemon has been stopped

	#   1 if daemon was already stopped

	#   2 if daemon could not be stopped

	#   other if a failure occurred

	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user nobody --exec $DAEMON

	RETVAL="$?"

	[ "$RETVAL" = 2 ] && return 2

	# Wait for children to finish too if this is a daemon that forks

	# and if the daemon is only ever run from this initscript.

	# If the above conditions are not satisfied then add some other code

	# that waits for the process to drop all resources that could be

	# needed by services started subsequently.  A last resort is to

	# sleep for some time.

	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON

	[ "$?" = 2 ] && return 2

	# Many daemons don't delete their pidfiles when they exit.

	rm -f $PIDFILE

	return "$RETVAL"

}



#

# Function that sends a SIGHUP to the daemon/service

#

do_reload() {

	#

	# If the daemon can reload its configuration without

	# restarting (for example, when it is sent a SIGHUP),

	# then implement that here.

	#

	start-stop-daemon --stop --signal 1 --quiet --name $NAME

	return 0

}



case "$1" in

  start)

	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"

	do_start

	case "$?" in

		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;

		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;

	esac

	;;

  stop)

	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"

	do_stop

	case "$?" in

		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;

		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;

	esac

	;;

  status)

	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?

	;;

  #reload|force-reload)

	#

	# If do_reload() is not implemented then leave this commented out

	# and leave 'force-reload' as an alias for 'restart'.

	#

	#log_daemon_msg "Reloading $DESC" "$NAME"

	#do_reload

	#log_end_msg $?

	#;;

  restart|force-reload)

	#

	# If the "reload" option is implemented then remove the

	# 'force-reload' alias

	#

	log_daemon_msg "Restarting $DESC" "$NAME"

	do_stop

	case "$?" in

	  0|1)

		do_start

		case "$?" in

			0) log_end_msg 0 ;;

			1) log_end_msg 1 ;; # Old process is still running

			*) log_end_msg 1 ;; # Failed to start

		esac

		;;

	  *)

		# Failed to stop

		log_end_msg 1

		;;

	esac

	;;

  *)

	N=/etc/init.d/$NAME

	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2

	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2

	exit 3

	;;

esac



exit 0



把上面的内容保存到/etc/init.d/目录下面,然后把下面的内容保存到/etc/default/下面:
# Config file for the n2n edge node daemon.



# Sets the n2n community name. All edges within the same community appear on

# the same LAN (layer 2 network segment). Community name is 16 bytes in length.

N2N_COMMUNITY="test_TEST"



# Sets the twofish encryption key from ASCII text. All edges communicating must

# use the same key and community name.

N2N_KEY="testtest"



# Sets the n2n supernode IP address and port to register to.

N2N_SUPERNODE="test.test.com"

N2N_SUPERNODE_PORT="12345"



# Sets the n2n virtual LAN IP address being claimed. This is a private IP

# address. All IP addresses in an n2n community typical belong to the same /24

# net‐ work (ie. only the last octet of the IP addresses varies).

N2N_IP="10.1.2.4"



N2N_DAEMON_OPTS="-b -r -m d8:6d:2a:13:6d:7f"



# Uncomment this to get edge node started.

N2N_EDGE_CONFIG_DONE="yes"



#TODO

# add routing option

# sudo ip route add 192.168.1.0/24 via 10.1.2.1



根据自己的实际情况修改上面的内容,然后执行下面命令启动edge:
sudo systemctl daemon-reload

sudo systemctl restart n2n

sudo systemctl enable n2n



现在就可以开机启动edge了。






windows下面安装这个软件http://www.vpnhosting.cz/n2nguien.exe然后用下面我编译好的windows版edge替换掉安装目录里面的edge2然后在软件中填入相应信息就可以了。



ps:通过N2N连接到其它设备的网络中:



A设备网段为192.168.1.2,N2N的ip是10.1.2.1,B设备网段是192.168.2.2,N2N的IP是10.1.2.3,B设备开启ip转发,添加相应iptables规则:


echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -j MASQUERADE



A设备添加路由表:
sudo ip route add 192.168.2.0/24 via 10.1.2.3




 现在A设备可以连接192.168.2.2网段了,不过通过N2N连接速度比较慢。



这里顺便附上在Linux下面编译windows客户端的方法。



首先安装交叉编译需要的依赖:


sudo apt install mingw-w64



然后修改N2N的cmake文件把i686-mingw32-gcc几行替换成以下内容:
SET(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc)

SET(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++)

SET(CMAKE_RC_COMPILER x86_64-w64-mingw32-windres)



然后用下面的命令进行编译:
cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/CMakeToolchainFileMingw32.cmake --build ./ ../

make



ps:关于N2N这个网站写的比我详细很多,有问题大家可以去看看。http://gohom.win/2016/09/03/n2n-p2pnet/






pss:这个是我编译好的N2N软件,包含Linux下面32位和64位的N2N_v2版和windows下面的N2N_v2版,大家可以直接下载使用,免去编译烦恼。



n2n_v2.7z



psss:编译windows下面的n2n客户端参考下面文章:CentOS下交叉编译Windows N2N服务端及客户端


发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容