无名阁

美好的生活需要用心记录

通过n2n穿透内网

2018-6-12 笑看风云 网络知识

最近需要穿透防火墙接入内部网络,因为成本和技术问题决定N2N进行内网穿透。

n2n现在网上有两个版本,V1和V2版,Ubuntu软件源中的版本是V1版,现在V1现在很久没有更新了,性能也比不上V2版,于是改用V2版。

下面是编译过程

首先获取源码:

git clone https://github.com/meyerd/n2n --depth=1

然后进入输入下面代码:
cd ./n2n/n2n_v2
mkdir build
cd build
cmake ../
make
sudo make install

如果缺少哪些库文件把它补全就行了。


N2N分为supernode中心节点和edge边界节点,我们现在一个需要一个有着公网ip的服务器架设中心节点,架设起来很方便输入下面命令:

supernode -l 19576

现在中心节点就架设成功了,下面是边界节点的使用:
edge -c test -a 10.1.2.3 -k testtest -l test.com:12345 -r -b -m d8:6d:2a:13:6d:7f 

输入上面的命令就连上了N2N网络,edge参数中-c指的是网络名,需要相同的网络名才可以连接。-a指的是本机的虚拟ip,可以根据需要自己设置。-k就是网络名密码,密码错误就不可以连接。-l就是中心节点的地址。-r就是开启网络转发,开启这个选项后添加路由表就可以在A设备连接到B设备的网络。-b就是定时更新中心节点ip。-m是指设置虚拟网卡的MAC地址。


虽然命令行也可以使用,但是不方便,我们可以通过启动脚本启动edge。

启动脚本:

#!/bin/sh
### BEGIN INIT INFO
# Provides:          n2n
# Required-Start:    $network $remote_fs $local_fs
# Required-Stop:     $remote_fs $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start or stop the n2n VPN
# Description:       This script controls the n2n VPN service.
#                    It is called from the boot, halt and reboot scripts.
#                    So far, only 1 PVN is supported by this script.
#                    More can be started via the command line.
### END INIT INFO
#
# Author: Rolf Leggewie <foss@rolf.leggewie.biz>

set -e

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin
DESC='n2n P2P VPN'
NAME=n2n
DAEMON=/usr/local/sbin/edge
DAEMON_ARGS=""             # Arguments to run the daemon with
#PIDFILE=/var/run/$NAME-edge.pid
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Check config
if [ -z "$N2N_EDGE_CONFIG_DONE" ]
then
	echo "Warning: n2n VPN client is not configured, edit config file in /etc/default/$NAME." 1>&2
	exit 0
fi

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
. /lib/lsb/init-functions

## Make sure /var/run/n2n exists.
#if [ ! -e /var/run/$NAME ] ; then
#	mkdir -p /var/run/$NAME
#	chown proxy:proxy /var/run/$NAME
#	chmod 755 /var/run/$NAME
#fi

# Function that starts the daemon/service
#
do_start()
{
	if [ -r /sys/class/net/edge0 ]; then
	 echo edge node is already running.
	 exit 0
	fi

	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started
	start-stop-daemon --start --quiet --user nobody --exec $DAEMON --test > /dev/null \
		|| return 1
	export N2N_KEY
	start-stop-daemon --start --quiet --user nobody --exec $DAEMON -- \
		-a $N2N_IP -c $N2N_COMMUNITY -l $N2N_SUPERNODE:$N2N_SUPERNODE_PORT \
		-u $(id -u nobody) -g $(id -g nobody) $DAEMON_ARGS $N2N_DAEMON_OPTS \
		|| return 2
}

#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user nobody --exec $DAEMON
	RETVAL="$?"
	[ "$RETVAL" = 2 ] && return 2
	# Wait for children to finish too if this is a daemon that forks
	# and if the daemon is only ever run from this initscript.
	# If the above conditions are not satisfied then add some other code
	# that waits for the process to drop all resources that could be
	# needed by services started subsequently.  A last resort is to
	# sleep for some time.
	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
	[ "$?" = 2 ] && return 2
	# Many daemons don't delete their pidfiles when they exit.
	rm -f $PIDFILE
	return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
	#
	# If the daemon can reload its configuration without
	# restarting (for example, when it is sent a SIGHUP),
	# then implement that here.
	#
	start-stop-daemon --stop --signal 1 --quiet --name $NAME
	return 0
}

case "$1" in
  start)
	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
	do_start
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  stop)
	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  status)
	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
	;;
  #reload|force-reload)
	#
	# If do_reload() is not implemented then leave this commented out
	# and leave 'force-reload' as an alias for 'restart'.
	#
	#log_daemon_msg "Reloading $DESC" "$NAME"
	#do_reload
	#log_end_msg $?
	#;;
  restart|force-reload)
	#
	# If the "reload" option is implemented then remove the
	# 'force-reload' alias
	#
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	  0|1)
		do_start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
		esac
		;;
	  *)
		# Failed to stop
		log_end_msg 1
		;;
	esac
	;;
  *)
	N=/etc/init.d/$NAME
	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
	exit 3
	;;
esac

exit 0

把上面的内容保存到/etc/init.d/目录下面,然后把下面的内容保存到/etc/default/下面:
# Config file for the n2n edge node daemon.

# Sets the n2n community name. All edges within the same community appear on
# the same LAN (layer 2 network segment). Community name is 16 bytes in length.
N2N_COMMUNITY="test_TEST"

# Sets the twofish encryption key from ASCII text. All edges communicating must
# use the same key and community name.
N2N_KEY="testtest"

# Sets the n2n supernode IP address and port to register to.
N2N_SUPERNODE="test.test.com"
N2N_SUPERNODE_PORT="12345"

# Sets the n2n virtual LAN IP address being claimed. This is a private IP
# address. All IP addresses in an n2n community typical belong to the same /24
# net‐ work (ie. only the last octet of the IP addresses varies).
N2N_IP="10.1.2.4"

N2N_DAEMON_OPTS="-b -r -m d8:6d:2a:13:6d:7f"

# Uncomment this to get edge node started.
N2N_EDGE_CONFIG_DONE="yes"

#TODO
# add routing option
# sudo ip route add 192.168.1.0/24 via 10.1.2.1

根据自己的实际情况修改上面的内容,然后执行下面命令启动edge:
sudo systemctl daemon-reload
sudo systemctl restart n2n
sudo systemctl enable n2n

现在就可以开机启动edge了。


windows下面安装这个软件http://www.vpnhosting.cz/n2nguien.exe然后用下面我编译好的windows版edge替换掉安装目录里面的edge2然后在软件中填入相应信息就可以了。

ps:通过N2N连接到其它设备的网络中:

A设备网段为192.168.1.2,N2N的ip是10.1.2.1,B设备网段是192.168.2.2,N2N的IP是10.1.2.3,B设备开启ip转发,添加相应iptables规则:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -j MASQUERADE

A设备添加路由表:
sudo ip route add 192.168.2.0/24 via 10.1.2.3

 现在A设备可以连接192.168.2.2网段了,不过通过N2N连接速度比较慢。

这里顺便附上在Linux下面编译windows客户端的方法。

首先安装交叉编译需要的依赖:

sudo apt install mingw-w64

然后修改N2N的cmake文件把i686-mingw32-gcc几行替换成以下内容:
SET(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc)
SET(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++)
SET(CMAKE_RC_COMPILER x86_64-w64-mingw32-windres)

然后用下面的命令进行编译:
cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/CMakeToolchainFileMingw32.cmake --build ./ ../
make

ps:关于N2N这个网站写的比我详细很多,有问题大家可以去看看。http://gohom.win/2016/09/03/n2n-p2pnet/


pss:这个是我编译好的N2N软件,包含Linux下面32位和64位的N2N_v2版和windows下面的N2N_v2版,大家可以直接下载使用,免去编译烦恼。

n2n_v2.7z

psss:编译windows下面的n2n客户端参考下面文章:CentOS下交叉编译Windows N2N服务端及客户端

标签: 网络 Linux vpn

et_highlighter51

发表评论: