Introduction
n2n
is a peer-to-peer application that emulates a local network connection over the Internet. That means that two computers can ping each other and use any other local area network service, even if they are on different private networks. As a practical example, you can connect your laptop to your home computer from anywhere using a SSH
session, among other options.
To establish the connection, n2n
requires a supernode that maintains a record of the connected devices in the virtual network, so that they can be located. Once the connection has been established, communication takes place directly device to device, that is, in a point-to-point scheme. Eventually, in the event that the security of the private network in which the devices are located prevents the point-to-point connection, the supernode can also mediate the transport of the data.
Data travels encrypted. Only devices at each point can decrypt them. This ensures that no intermediate point, not even the supernode that helps to establish the connection, can decrypt the content of the messages. The security scheme implemented by n2n
is through a password, which for basic cases is sufficient.
As an example, a use case is presented with three computers with Linux operating system. One of them is located on a public network and will act as a supernode. The other two are behind different private networks and will act as nodes. n2n
is available as an installable package on most GNU/Linux distributions. It is assumed that the example distribution makes use of systemd
services, such as it is in Debian, Ubuntu, CentOS, Rocky Linux, and ArchLinux.
Supernode configuration
n2n
configuration files are located in /etc/n2n
. Supernode configuration is in the file supernode.conf
:
-p=37777
-c=community.list
Option -p
indicates the port on which the supernode will be listening for requests from nodes that need to connect. Option -c
is optional and indicates the list of communities in which nodes will be able to establish connections. A community is a representation of a virtual local area network identified by a name. In this example, the content of the file community.list
is any identifier for a virtual network, like k2t9
.
Once the configuration is complete, you can start the service, enable it to automatically load when the computer is restarted, and verify that the service is running correctly.
supernode $ sudo systemctl start supernode
supernode $ sudo systemctl enable supernode
Created symlink /etc/systemd/system/multi-user.target.wants/supernode.service → /usr/lib/systemd/system/supernode.service.
supernode $ sudo systemctl status supernode
● supernode.service - n2n supernode process
Loaded: loaded (/usr/lib/systemd/system/supernode.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-02-21 15:48:30 UTC; 12s ago
Main PID: 3396157 (supernode)
Tasks: 2 (limit: 1139)
Memory: 316.0K (peak: 584.0K)
CPU: 2ms
CGroup: /system.slice/supernode.service
└─3396157 /usr/bin/supernode /etc/n2n/supernode.conf -f
Node configuration
Assuming that the supernode has the public IP 140.40.40.1, on each node the connection can be established using the command edge
provided by n2n
.
In the first node:
node1 $ sudo edge -c k2t9 -k 1234 -a 192.168.100.1 -f -l 140.40.40.1:37777
In the second node:
node2 $ sudo edge -c k2t9 -k 1234 -a 192.168.100.2 -f -l 140.40.40.1:37777
In the previous examples, argument -c
is the community identifier. Argument -k
is the password. All nodes must use the same community identifier and the same password. The argument -a
allows you to specify the IP of the node. Option -f
is to tell the edge not to run as a service. The last argument is -l
, which indicates the address and port of the supernode.
When the command edge
is executed, virtual network interfaces will be created on each node. For example, querying the network interfaces with ip addr
, the first node will display something similar to the following output. In this case, the name of the network interface is n2n0
and it is assigned IP 192.168.100.1.
4: n2n0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1290 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 2e:9b:e3:14:88:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global n2n0
valid_lft forever preferred_lft forever
inet6 fe80::2c9b:e3ff:fe14:887e/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
Now, nodes 1 and 2 shown in this example are able to communicate, for example, by pinging one each other or establishing an SSH session.
The command edge
can also be run as a service. In this way, when the computer is booted, the connection with the virtual local network created through n2n
will be automatically enabled. For this purpose, it is necessary to create the configuration file /etc/n2n/edge.conf
. Continuing with the example, the configuration file for node 1 is shown below.
-d=n2n0
-c=k2t9
-k=1234
-a=192.168.100.1
-p=50001
-l=140.40.40.1:37777
Additional arguments in this configuration are -d
, which allows you to specify the name of the network interface, and -p
to indicate the port that will be used for connection to the virtual local network.
Once the node configuration is complete, you can start the service, enable it to boot, and check its status, as shown in the following screenshot:
node1 $ sudo systemctl start edge
node1 $ sudo systemctl enable edge
node1 $ sudo systemctl status edge
edge.service - n2n edge process
Loaded: loaded (/usr/lib/systemd/system/edge.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-02-21 11:10:04 EST; 9s ago
Main PID: 5333 (edge)
Tasks: 3 (limit: 76743)
Memory: 5.1M (peak: 6.6M)
CPU: 14ms
CGroup: /system.slice/edge.service
└─5333 /usr/bin/edge /etc/n2n/edge.conf -f
Discussion
Use cases for a virtual local network over the Internet are diverse. They include the connection between distant points, the linking of cloud services, collaboration between peers, remote access and telecommunication, and redundancy and disaster recovery. Point-to-point networks offer the additional advantage of not requiring, once the connection between nodes has been established, intermediary servers to maintain communication.
n2n
is a simple alternative for a point-to-point virtual local network over the Internet, as shown in this article. It has easy-to-define configuration and security options that do not require expert support. It can be sufficient for basic applications. n2n
is an open source project from the team at ntop
, which also maintains other projects for network monitoring and security.
References
- Documentation: n2n, a Layer Two Peer-to-Peer VPN
- Repository in Github: n2n
- Paper: Deri, L. y Andrews, R. (sf). N2N: A Layer Two Peer-to-Peer VPN
- About ntop
Top comments (0)