注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

itoedr的it学苑

记录从IT文盲学到专家的历程

 
 
 

日志

 
 

N2N(vpn) Edge node(边界节点)与supernode(局端交换中心节点)配置手册  

2013-11-15 09:32:28|  分类: linux遂道技术 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
N2N的通讯模型图示:
边界设备可以在可互见的情况下相互加密通讯也可通过局端系统中转通讯。
N2N Edge node(边界节点)与supernode(局端交换中心节点)配置手册 - itoedr - itoedr的it学苑

 通讯信息流模型图示(多个局间通讯)
N2N Edge node(边界节点)与supernode(局端交换中心节点)配置手册 - itoedr - itoedr的it学苑
N2N在需要操作系统设立虚拟网卡支持
 *****************************************
 Edge node(边界节点:对应于服务器节点)布置步骤:
 ---------
说明:
You need to start an egde node on each host you want to connect with the *same*
community(你需要将你想加入同一个通讯社区(群)的计算主机都启用为一个N2N系统的边界节点).
 ***************************************** 0. become root(进入root即管理员权限下) 1. create tun device(在主机上建立一个虚拟tun遂道端设备,另TAP设备为点到点设备) # tunctl -t tun0 #利用tunctl新创了一个名为tun0的tun遂道端点(虚拟网络接口); 3. enable the edge process
#(开启边缘节点处理监听进程)
#下面的命令即为开启边缘节点处理监听进程的命令
  #./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw or(或者另一种格式) #N2N_KEY=encryptme ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw Once you have this worked out, you can add the "-f" option to make edge detach and run as a daemon.
( 一但你完成如上工作,你就可以添加“-f”选项,使edge命令作为后台进程运行起来).
 Note that -u, -g and -f options are not available for Windows.
值得注意的是, -u, -g and -f 三个选项是不能在Windows环境使用的(即只适应用linux等类unix环境).

 (命令格式)参数解析: edge -d <tun device> -a <tun IP address> -c <community> -k <encrypt key> -s <netmask> [-u <uid> -g <gid>][-f][-m <MAC address>] -l <supernode host:port> [-p <local port>] [-M <mtu>] [-t] [-r] [-v] [-b] [-h] -d <tun device> | tun 设备名称 -a <tun IP address> | n2n IP地址 -c <community> | n2n 通讯社区名称 -k <encrypt key> | Encryption key(加密密钥)(ASCII) - also N2N_KEY=<encrypt key> -s <netmask> | 点分隔的十进制数字格式的边界节点接口的掩码/如:255.255.255.0 -l <supernode host:port> | Supernode IP:port(监听对端服务器节点的含端口的ip地址) -b | Periodically resolve supernode IP | (when supernodes are running on dynamic IPs)/
| (
当服务器端使用动态ip地址时,定期解析服务器节点ip)
-p <local port> | Local port used for connecting to supernode
| (用于联接到服务器节点的本地端口)
-u <UID> | User ID (numeric) to use when privileges are dropped
| (在不使用管理员权限的情况下的指定数字格式用户ID)
-g <GID> | Group ID (numeric) to use when privileges are dropped
|(在不使用管理员组权限的情况下的指定的数字格式用户组ID)
-f | Fork and run as a daemon. Use syslog. -m <MAC address> | Choose a MAC address for the TAP interface | eg. -m 01:02:03:04:05:06(为TAP端口指定一个MAC地址) -M <mtu> | Specify n2n MTU (default 1400)(指定一个传输单元的长度) -t | Use http tunneling (experimental)(使用一个http代理遂道通讯) -r | Enable packet forwarding through n2n community
| (
启用通过N2N通讯社区进行数据包转发) -v | Verbose(详细说明,译者发现功能与--help一样) Environment variables: N2N_KEY | Encryption key (ASCII)(ASCII格式的加密密钥) ********************************************* Supernode(局端系统节点)配置
*********************************************

You need to start the supernode once 1. ./supernode -l 1234 -v Dropping Root Privileges and SUID-Root Executables (UNIX) -------------------------------------------------- The edge node uses superuser privileges to create a TAP network interface device. Once this is created root privileges are not required and can constitute a security hazard if there is some way for an attacker to take control of an edge process while it is running. Edge will drop to a non-privileged user if you specify the -u <uid> and -g <gid> options. These are numeric IDs. Consult /etc/passwd. You may choose to install edge SUID-root to do this: 1. Become root 2. chown root:root edge 3. chmod +s edge done Any user can now run edge. You may not want this, but it may be convenient and safe if your host has only one login user. Running As a Daemon (UNIX) ------------------- When given "-f" as a command line option, edge will call daemon(3) after successful setup. This causes the process to fork a child which closes stdin, stdout and stderr then sets itself as process group leader. When this is done, the edge command returns immediately and you will only see the edge process in the process listings, eg. from ps or top. If the edge command returns 0 then the daemon started successfully. If it returns non-zero then edge failed to start up for some reason. When edge starts running as a daemon, all logging goes to syslog daemon.info facility. 局端配置参数解析: supernode -l <listening port> [-v] [-h] 其中,-l 代表局端服务的端口号;-h 代表supernode命令的帮助说明;-v 代表该指令的版本信息

 关于ipv6的支持说明: IPv6 Support (added r3650) ------------ n2n supports the carriage of IPv6 packets within the n2n tunnel
(n2n支持通过
n2n加密遂道转发ipv6数据包). N2n does not yet use IPv6 for transport
 between edges and supernodes.
To make IPv6 carriage work you need to manually add IPv6 addresses to the TAP interfaces at each end. There is currently no way to specify an IPv6 address on the edge command line.
结尾说明:N2N系统在没有系统支持的虚拟网卡支持的情况下不能成功的。这是初期使用N2N最要注意的地方。
     另外,较别的系统,N2N实现的是终端到终端的加密通讯(端对端)。
  评论这张
 
阅读(1005)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017