diff --git a/README.md b/README.md new file mode 100644 index 0000000..9f088a6 --- /dev/null +++ b/README.md @@ -0,0 +1,193 @@ +# n2n + +A Peer-to-Peer VPN + +## Overview + +n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they are currently attached. + +n2n was designed to traverse NAT and firewalls, enabling direct peer-to-peer communication between edge nodes without requiring complex network configurations. + +## Features + +- **Peer-to-Peer Architecture**: Direct communication between nodes without relying on a central server for data transfer +- **NAT Traversal**: Built-in ability to traverse NAT and firewalls +- **Encryption**: Data encryption using Twofish or AES algorithms +- **Cross-Platform**: Supports Linux, macOS, FreeBSD, and Windows +- **IPv6 Support**: Capable of carrying IPv6 packets within the n2n tunnel +- **Multicast Support**: Allows multicast ethernet traffic (v2.1+) +- **Lightweight**: Minimal resource consumption + +## Versions + +This repository contains two versions of n2n: + +- **n2n_v1**: The original version of n2n +- **n2n_v2**: Enhanced version with additional features including AES encryption support and improved performance + +## Architecture + +n2n consists of two components: + +1. **Edge Node (`edge`)**: The application running on each host that wants to join the VPN. Edge nodes establish a virtual network interface (TAP device) and communicate with each other. + +2. **Supernode (`supernode`)**: A lightweight directory server that helps edge nodes discover and connect to each other. The supernode does not handle encrypted data traffic; it only assists in initial peer discovery and NAT traversal. + +## Building + +### Prerequisites + +- GCC compiler +- Make +- Development headers for your system + +### Compilation + +```bash +# For n2n_v1 +cd n2n_v1 +make + +# For n2n_v2 +cd n2n_v2 +make +``` + +### Installation + +```bash +make install +``` + +Or with a custom prefix: + +```bash +make PREFIX=/usr/local install +``` + +## Usage + +### Starting the Supernode + +The supernode must be started first. It acts as a rendezvous point for edge nodes. + +```bash +./supernode -l 1234 -v +``` + +Options: +- `-l `: Listen on the specified port +- `-v`: Verbose output + +### Starting an Edge Node + +On each host you want to connect, start an edge node with the same community name: + +```bash +# Become root first +sudo ./edge -d n2n0 -c mynetwork -k encryptme -a 10.0.0.1 -l supernode.example.com:1234 +``` + +Or using an environment variable for the key: + +```bash +N2N_KEY=encryptme sudo ./edge -d n2n0 -c mynetwork -a 10.0.0.1 -l supernode.example.com:1234 +``` + +Options: +- `-d `: TAP device name (e.g., `n2n0`) +- `-c `: Community name (same for all nodes in your VPN) +- `-k `: Encryption key +- `-a `: IP address for this node within the VPN +- `-l `: Supernode address and port +- `-u `: User ID to drop privileges to (UNIX only) +- `-g `: Group ID to drop privileges to (UNIX only) +- `-f`: Run in foreground (do not daemonize) +- `-m `: Set a specific MAC address for the TAP interface + +### Running as a Daemon (UNIX) + +The daemon behavior varies by version: + +- **v1**: Add `-f` to make edge detach and run as a daemon +- **v2**: Edge daemonizes by default; use `-f` to stay in the foreground + +When running as a daemon, logs are written to syslog (`daemon.info` facility). + +## IPv6 Support + +n2n supports carrying IPv6 packets within the tunnel. To configure IPv6: + +```bash +# On hostA +sudo /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0 + +# On hostB +sudo /sbin/ip -6 addr add fc00:abcd:1234::6/48 dev n2n0 +``` + +Test connectivity with: + +```bash +ping6 fc00:abcd:1234::6 +``` + +## Security + +### Dropping Root Privileges + +Edge requires root privileges to create the TAP interface. After setup, it can drop to a non-privileged user: + +```bash +sudo ./edge -d n2n0 -c mynetwork -k encryptme -a 10.0.0.1 -l supernode:1234 -u 1000 -g 1000 +``` + +### SUID-Root Installation + +To allow non-root users to run edge: + +```bash +sudo chown root:root edge +sudo chmod +s edge +``` + +## Platform-Specific Notes + +### Windows + +The `-u`, `-g`, and `-f` options are not available on Windows. + +### OpenWrt + +See the `openwrt/` directory for OpenWrt-specific build files and configuration. + +## Building RPM Packages + +```bash +# For n2n_v1 +cd n2n_v1 +scripts/mk_SRPM.sh +rpm -i path/to/n2n-.src.rpm +rpmbuild -bb n2n.spec + +# For n2n_v2 +cd n2n_v2 +scripts/mk_SRPM.sh +rpm -i path/to/n2n-.src.rpm +rpmbuild -bb n2n.spec +``` + +## License + +n2n is licensed under the GNU General Public License v3 (GPLv3). See the `COPYING` file in each version directory for details. + +## Authors + +- Luca Deri +- Richard Andrews + +## More Information + +- See the `INSTALL` file for detailed build instructions +- See the `HACKING` file for developer information +- See the man pages (`edge.8`, `supernode.1`) for complete command-line reference