分类 默认分类 下的文章

ntop/n2n
code
binary packages
N2n Gui En
n2n手机版

N2N

N2n is a light VPN software which make it easy to create virtual networks bypassing intermediate firewalls.

In order to start using N2N, two elements are required:

A supernode: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.

Edge nodes: the nodes which will be part of the virtual networks

A virtual network shared between multiple edge nodes in n2n is called a community. A single supernode can relay multiple communities and a single PC can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.

N2n tries to enstablish a direct P2P connection between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.
Quick Setup

Some linux distributions already provide n2n as a package so a simple sudo apt-get install n2n will do the work. Alternatively, up to date packages for most distributions are available on ntop repositories.

On host1 run:

$ sudo edge -c mynetwork -k mysecretpass -a 192.168.100.1 -f -l supernode.ntop.org:7777

On host2 run:

$ sudo edge -c mynetwork -k mysecretpass -a 192.168.100.2 -f -l supernode.ntop.org:7777

Now the two hosts can ping each other.

IMPORTANT It is strongly adviced to choose a custom community name (-c) and a secret encryption key (-k) in order to prevent other users to connect to your PC. For privacy and to reduce the above server load, it is also suggested to set up a custom supernode as exmplained below.
Setting up a custom Supernode

You can create your own infrastructure by setting up a supernode on a public server (e.g. a VPS). You just need to open a single port (1234 in the example below) on your firewall (usually iptables).

Install the n2n package
Edit /etc/n2n/supernode.conf and add the following:

-l=1234

Start the supernode service with sudo systemctl start supernode
Optionally enable supernode start on boot: sudo systemctl enable supernode

Now the supernode service should be up and running on port 1234. On your edge nodes you can now specify -l your_supernode_ip:1234 to use it. All the edge nodes must use the same supernode.
Routing the traffic

On linux, n2n provides a standard TAP interface, so routing works gracefully via the standard system utilities as follows.

In this example host1 is the edge router (with n2n IP 192.168.100.1), whereas host2 is the client.

Here is how to configure host1:

Add the -r option to the edge options to enable routing
Enable packet forwarding with sudo sysctl -w net.ipv4.ip_forward=1
Possibly configure iptables to ACCEPT the packets on the FORWARD chain.

On host2, run the edge program as normal to join the host1 community.

In order to forward all the internet traffic via host2:

Determine the current gateway (e.g. 192.168.1.1)

$ ip route show default

Add a route to reach the supernode via such gateway

$ sudo ip route add supernode.ntop.org via 192.168.1.1

Forward all the internet traffic via host1

$ sudo ip route del default
$ sudo ip route add default via 192.168.100.1

This process can be greatly simplified by using the n2n_gateway.sh script.

See Routing.md for other use cases and in depth explanation.
Manual Compilation

On linux, compilation from source is straight forward:

./autogen.sh
./configure
make

optionally install

make install

For Windows, check out Windows.md for compilation and run instuctions.

For MacOS, check out n2n_on_MacOS.txt.
Running edge as a service

edge can also be run as a service instead of cli:

Edit /etc/n2n/edge.conf with your custom options. See /etc/n2n/edge.conf.sample.
Start the service: sudo systemctl start edge
Optionally enable edge start on boot: sudo systemctl enable edge

You can run multiple edge service instances by creating /etc/n2n/edge-instance1.conf and starting it with sudo systemctl start edge@instance1.
IPv6 Support

N2n can tunnel IPv6 traffic into the virtual network but does not support IPv6 for edge-to-supernode communication yet.

Check out IPv6.md for more information.
Security considerations

n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions.

IMPORTANT Encryption is only applied to the packet payload. Some metadata like the virtual MAC address of the edge nodes, their IP address and the community are sent in cleartext.

When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between two edge nodes, but it will now that edge A is talking with edge B.

Recently AES encryption support has been implemented, which increases both security and performance, so it is recommended to enable it on all the edge nodes by specifying the -A option.

A benchmark of the encryption methods is available when compiled from source with tools/n2n-benchmark.
Contribution

You can contribute to n2n in variuos ways:

Update an open issue or create a new one with detailed information
Propose new features
Improve the documentation
Provide pull requests with enhancenents

For details about the internals of n2n check out Hacking guide.
Related Projects

Here is a list of third-party projects connected to this repository.

N2n for android: hin2n
N2n v1 and v2 version from meyerd: meyerd n2n
Docker images: DockerHub - DockerStore

SSH

SSH keys

SSH key 可以让你在你的电脑和Code服务器之间建立安全的加密连接。 先执行以下语句来判断是否已经存在本地公钥:

cat ~/.ssh/id_rsa.pub

如果你看到一长串以 ssh-rsa或 ssh-dsa开头的字符串, 你可以跳过 ssh-keygen的步骤。

提示: 最好的情况是一个密码对应一个ssh key,但是那不是必须的。你完全可以跳过创建密码这个步骤。请记住设置的密码并不能被修改或获取。

你可以按如下命令来生成ssh key:

ssh-keygen -t rsa -C "example@xxx.com"

这个指令会要求你提供一个位置和文件名去存放键值对和密码,你可以点击Enter键去使用默认值。

用以下命令获取你生成的公钥:

cat ~/.ssh/id_rsa.pub

复制这个公钥放到你的个人设置中的SSH/My SSH Keys下,请完整拷贝从ssh-开始直到你的用户名和主机名为止的内容。

如果打算拷贝你的公钥到你的粘贴板下,请参考你的操作系统使用以下的命令:

Windows:

clip < ~/.ssh/id_rsa.pub

Mac:

pbcopy < ~/.ssh/id_rsa.pub

GNU/Linux (requires xclip):

xclip -sel clip < ~/.ssh/id_rsa.pub

Applications

Eclipse

如何在Eclipse中添加 ssh key:
https://wiki.eclipse.org/EGit/User_Guide#Eclipse_SSH_Configuration
Tip: Non-default OpenSSH key file names or locations

如果,不管你有什么理由,当你决定去用一个非默认的位置或文件名去存放你的ssh key。你必须配置好你的ssh客户端以找到你的ssh私钥去连接Code服务器,对于OpenSSH客户端,这个通常是在~/.ssh/config类似的位置配置的:

Our company's internal GitLab server

Host my-git.company.com
RSAAuthentication yes
IdentityFile ~/my-ssh-key-directory/company-com-private-key-filename

  1. 修改PostgreSQL数据库默认用户postgres的密码

PostgreSQL数据库创建一个postgres用户作为数据库的管理员,密码随机,所以需要修改密码,方式如下:

步骤一:登录PostgreSQL

sudo -u postgres psql

步骤二:修改登录PostgreSQL密码

ALTER USER postgres WITH PASSWORD 'postgres';

注:

密码postgres要用引号引起来
命令最后有分号

步骤三:退出PostgreSQL客户端

  1. 修改linux系统postgres用户的密码

PostgreSQL会创建一个默认的linux用户postgres,修改该用户密码的方法如下:

步骤一:删除用户postgres的密码

sudo  passwd -d postgres

步骤二:设置用户postgres的密码

sudo -u postgres passwd

系统提示输入新的密码

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

git branch -r | grep -v '\->' | while read remote; do git branch --track "${remote#origin/}" "$remote"; done
git fetch --all
git pull --all

推送镜像

git push --mirror <path>

转载链接

这两天在安装一脚本的时候wget下载总是出现ERROR: The certificate of `github.com' is not trusted.的错误提示,这是提示你该网站的证书不被信任,解决这种问题的方法有两种。

1.临时解决

运行wget等命令时在后面加上--no-check-certificate就行了。

2.完全解决,安装 ca-certificates 包

apt-get install ca-certificates

安装完证书包后就可以顺畅运行脚本了。