美好的生活需要用心记录
最近需要穿透防火墙接入内部网络,因为成本和技术问题决定N2N进行内网穿透。
n2n现在网上有两个版本,V1和V2版,Ubuntu软件源中的版本是V1版,现在V1现在很久没有更新了,性能也比不上V2版,于是改用V2版。
下面是编译过程
首先获取源码:
git clone https://github.com/meyerd/n2n --depth=1
cd ./n2n/n2n_v2 mkdir build cd build cmake ../ make sudo make install
N2N分为supernode中心节点和edge边界节点,我们现在一个需要一个有着公网ip的服务器架设中心节点,架设起来很方便输入下面命令:
supernode -l 19576
edge -c test -a 10.1.2.3 -k testtest -l test.com:12345 -r -b -m d8:6d:2a:13:6d:7f
虽然命令行也可以使用,但是不方便,我们可以通过启动脚本启动edge。
启动脚本:
#!/bin/sh ### BEGIN INIT INFO # Provides: n2n # Required-Start: $network $remote_fs $local_fs # Required-Stop: $remote_fs $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start or stop the n2n VPN # Description: This script controls the n2n VPN service. # It is called from the boot, halt and reboot scripts. # So far, only 1 PVN is supported by this script. # More can be started via the command line. ### END INIT INFO # # Author: Rolf Leggewie <foss@rolf.leggewie.biz> set -e # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin DESC='n2n P2P VPN' NAME=n2n DAEMON=/usr/local/sbin/edge DAEMON_ARGS="" # Arguments to run the daemon with #PIDFILE=/var/run/$NAME-edge.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Check config if [ -z "$N2N_EDGE_CONFIG_DONE" ] then echo "Warning: n2n VPN client is not configured, edit config file in /etc/default/$NAME." 1>&2 exit 0 fi # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh . /lib/lsb/init-functions ## Make sure /var/run/n2n exists. #if [ ! -e /var/run/$NAME ] ; then # mkdir -p /var/run/$NAME # chown proxy:proxy /var/run/$NAME # chmod 755 /var/run/$NAME #fi # Function that starts the daemon/service # do_start() { if [ -r /sys/class/net/edge0 ]; then echo edge node is already running. exit 0 fi # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --user nobody --exec $DAEMON --test > /dev/null \ || return 1 export N2N_KEY start-stop-daemon --start --quiet --user nobody --exec $DAEMON -- \ -a $N2N_IP -c $N2N_COMMUNITY -l $N2N_SUPERNODE:$N2N_SUPERNODE_PORT \ -u $(id -u nobody) -g $(id -g nobody) $DAEMON_ARGS $N2N_DAEMON_OPTS \ || return 2 } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user nobody --exec $DAEMON RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) N=/etc/init.d/$NAME #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac exit 0
# Config file for the n2n edge node daemon. # Sets the n2n community name. All edges within the same community appear on # the same LAN (layer 2 network segment). Community name is 16 bytes in length. N2N_COMMUNITY="test_TEST" # Sets the twofish encryption key from ASCII text. All edges communicating must # use the same key and community name. N2N_KEY="testtest" # Sets the n2n supernode IP address and port to register to. N2N_SUPERNODE="test.test.com" N2N_SUPERNODE_PORT="12345" # Sets the n2n virtual LAN IP address being claimed. This is a private IP # address. All IP addresses in an n2n community typical belong to the same /24 # net‐ work (ie. only the last octet of the IP addresses varies). N2N_IP="10.1.2.4" N2N_DAEMON_OPTS="-b -r -m d8:6d:2a:13:6d:7f" # Uncomment this to get edge node started. N2N_EDGE_CONFIG_DONE="yes" #TODO # add routing option # sudo ip route add 192.168.1.0/24 via 10.1.2.1
sudo systemctl daemon-reload sudo systemctl restart n2n sudo systemctl enable n2n
windows下面安装这个软件http://www.vpnhosting.cz/n2nguien.exe然后用下面我编译好的windows版edge替换掉安装目录里面的edge2然后在软件中填入相应信息就可以了。
ps:通过N2N连接到其它设备的网络中:
A设备网段为192.168.1.2,N2N的ip是10.1.2.1,B设备网段是192.168.2.2,N2N的IP是10.1.2.3,B设备开启ip转发,添加相应iptables规则:
echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -j MASQUERADE
sudo ip route add 192.168.2.0/24 via 10.1.2.3
现在A设备可以连接192.168.2.2网段了,不过通过N2N连接速度比较慢。
这里顺便附上在Linux下面编译windows客户端的方法。
首先安装交叉编译需要的依赖:
sudo apt install mingw-w64
SET(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc) SET(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++) SET(CMAKE_RC_COMPILER x86_64-w64-mingw32-windres)
cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/CMakeToolchainFileMingw32.cmake --build ./ ../ make
pss:这个是我编译好的N2N软件,包含Linux下面32位和64位的N2N_v2版和windows下面的N2N_v2版,大家可以直接下载使用,免去编译烦恼。
发表评论: