Skip to content

Add English README.md #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Add English README.md #2

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
33ad13e
Initial plan
Copilot Nov 29, 2025
97bb5eb
Add English README.md with project documentation
Copilot Nov 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
193 changes: 193 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
# n2n

A Peer-to-Peer VPN

## Overview

n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they are currently attached.

n2n was designed to traverse NAT and firewalls, enabling direct peer-to-peer communication between edge nodes without requiring complex network configurations.

## Features

- **Peer-to-Peer Architecture**: Direct communication between nodes without relying on a central server for data transfer
- **NAT Traversal**: Built-in ability to traverse NAT and firewalls
- **Encryption**: Data encryption using Twofish or AES algorithms
- **Cross-Platform**: Supports Linux, macOS, FreeBSD, and Windows
- **IPv6 Support**: Capable of carrying IPv6 packets within the n2n tunnel
- **Multicast Support**: Allows multicast ethernet traffic (v2.1+)
- **Lightweight**: Minimal resource consumption

## Versions

This repository contains two versions of n2n:

- **n2n_v1**: The original version of n2n
- **n2n_v2**: Enhanced version with additional features including AES encryption support and improved performance

## Architecture

n2n consists of two components:

1. **Edge Node (`edge`)**: The application running on each host that wants to join the VPN. Edge nodes establish a virtual network interface (TAP device) and communicate with each other.

2. **Supernode (`supernode`)**: A lightweight directory server that helps edge nodes discover and connect to each other. The supernode does not handle encrypted data traffic; it only assists in initial peer discovery and NAT traversal.

## Building

### Prerequisites

- GCC compiler
- Make
- Development headers for your system

### Compilation

```bash
# For n2n_v1
cd n2n_v1
make

# For n2n_v2
cd n2n_v2
make
```

### Installation

```bash
make install
```

Or with a custom prefix:

```bash
make PREFIX=/usr/local install
```

## Usage

### Starting the Supernode

The supernode must be started first. It acts as a rendezvous point for edge nodes.

```bash
./supernode -l 1234 -v
```

Options:
- `-l <port>`: Listen on the specified port
- `-v`: Verbose output

### Starting an Edge Node

On each host you want to connect, start an edge node with the same community name:

```bash
# Become root first
sudo ./edge -d n2n0 -c mynetwork -k encryptme -a 10.0.0.1 -l supernode.example.com:1234
```

Or using an environment variable for the key:

```bash
N2N_KEY=encryptme sudo ./edge -d n2n0 -c mynetwork -a 10.0.0.1 -l supernode.example.com:1234
```

Options:
- `-d <device>`: TAP device name (e.g., `n2n0`)
- `-c <community>`: Community name (same for all nodes in your VPN)
- `-k <key>`: Encryption key
- `-a <IP>`: IP address for this node within the VPN
- `-l <host:port>`: Supernode address and port
- `-u <uid>`: User ID to drop privileges to (UNIX only)
- `-g <gid>`: Group ID to drop privileges to (UNIX only)
- `-f`: Run in foreground (do not daemonize)
- `-m <MAC>`: Set a specific MAC address for the TAP interface

### Running as a Daemon (UNIX)

The daemon behavior varies by version:

- **v1**: Add `-f` to make edge detach and run as a daemon
- **v2**: Edge daemonizes by default; use `-f` to stay in the foreground

When running as a daemon, logs are written to syslog (`daemon.info` facility).

## IPv6 Support

n2n supports carrying IPv6 packets within the tunnel. To configure IPv6:

```bash
# On hostA
sudo /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0

# On hostB
sudo /sbin/ip -6 addr add fc00:abcd:1234::6/48 dev n2n0
```

Test connectivity with:

```bash
ping6 fc00:abcd:1234::6
```

## Security

### Dropping Root Privileges

Edge requires root privileges to create the TAP interface. After setup, it can drop to a non-privileged user:

```bash
sudo ./edge -d n2n0 -c mynetwork -k encryptme -a 10.0.0.1 -l supernode:1234 -u 1000 -g 1000
```

### SUID-Root Installation

To allow non-root users to run edge:

```bash
sudo chown root:root edge
sudo chmod +s edge
```

## Platform-Specific Notes

### Windows

The `-u`, `-g`, and `-f` options are not available on Windows.

### OpenWrt

See the `openwrt/` directory for OpenWrt-specific build files and configuration.

## Building RPM Packages

```bash
# For n2n_v1
cd n2n_v1
scripts/mk_SRPM.sh
rpm -i path/to/n2n-<ver>.src.rpm
rpmbuild -bb n2n.spec

# For n2n_v2
cd n2n_v2
scripts/mk_SRPM.sh
rpm -i path/to/n2n-<ver>.src.rpm
rpmbuild -bb n2n.spec
```

## License

n2n is licensed under the GNU General Public License v3 (GPLv3). See the `COPYING` file in each version directory for details.

## Authors

- Luca Deri <deri@ntop.org>
- Richard Andrews <andrews@ntop.org>

## More Information

- See the `INSTALL` file for detailed build instructions
- See the `HACKING` file for developer information
- See the man pages (`edge.8`, `supernode.1`) for complete command-line reference