热门标签
热门文章
- 1Openwrt 动态DNS(DDNS)更新通配aliyun域名(含*的aliyun域名)_openwrt 动态dns aliyun
- 2新一代AI搜索引擎Miku:主打快和准_thinkany
- 3STM32开发 -- 低功耗模式详解(1)_是不是所有单片机都具备低功耗模式
- 4Centos虚拟机忘记密码;重置虚机密码_centos虚拟机密码忘了怎么办
- 5UMA 2 - Unity Multipurpose Avatar☀️八.UMA内置实用Recipes插件_uma插件
- 6软件测试大厂面试真题,分享一波经验!!_测试小牛面试题库
- 7基于转移学习的图像识别
- 8C++ 仿函数
- 9基于统计的分词技术_基于统计的分词方法有哪些
- 10解决vscode格式化代码html属性换行问题; ctrl+s格式化去除分号,格式化自动单引号;解决js格式化换行问题;mac上的settings.json完整配置_vscode 使用html格式化 js 不加两个空格
当前位置: article > 正文
01 | n2n虚拟局域网
作者:天景科技苑 | 2024-08-07 16:51:30
赞
踩
n2n
1 n2n简介
为了满足两个不同局域网的机器进行通信,让不同网段的机器能够进行P2P( 点对点 peer-to-peer ) 通信。
- 1
2 n2n源码
https://github.com/ntop/n2n.git
- 1
3 n2n名词
3.1 SuperNode 超级节点
SuperNode 相当与注册中心, 它会记录边缘节点的连接信息,告诉各个边缘节点如何去找到其它的边缘节点。如果超级节点发生故障,那么边缘节点之间将不能正常的进行通信。在整个N2N网络中必须至少拥有一个SuperNode。
3.2 Edge 边缘节点
边缘节点是指所有通过 SuperNode 组网而成的节点,无论你处于哪个位置哪种网络环境下,edge节点之间都能进行通信。一台计算机可以拥有多个edge, 局域网根据子网掩码来决定两台机器是否处于同一个网段,而edge需要添加一组账号密码,在N2N 里面称作 GroupName 和 password ,Group0 和 Group 1 里面的 10.0.0.1 是不一样的。
4 n2n配置
版本:
Welcome to n2n v.2.8.0 for Debian
4.1 下载n2n
#创建一个 n2n 的目录,用于存放各版本源码
mkdir n2n
#进入n2n 目录
cd n2n
#下载 n2n 包
git clone https://github.com/ntop/n2n.git
#进入n2n-3.1.1目录
cd n2n
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
4.2 安装依赖
# 安装 openssl
yum install -y openssl-devel cmake net-tools gcc gcc-c++
- 1
- 2
4.3 进行编译
4.3.1 第一步
# 新建 build 目录 cmake -E make_directory build # 进入 build 目录 cd build # 在当前目录生成 makefile cmake .. # cmake 的执行结果: -- The C compiler identification is GNU 4.8.5 -- The CXX compiler identification is GNU 4.8.5 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Build for version: 3.1.1-76-g709590d -- Configuring done -- Generating done -- Build files have been written to: /home/n2n/n2n/build
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
4.3.2 第二步
# 编译过程中会有一些告警提示,可以忽略
cmake --build . --config Release
- 1
- 2
#编译过程
/usr/bin/cmake -H/home/n2n/n2n -B/home/n2n/n2n/build --check-build-system CMakeFiles/Makefile.cmake 0
/usr/bin/cmake -E cmake_progress_start /home/n2n/n2n/build/CMakeFiles /home/n2n/n2n/build/CMakeFiles/progress.marks
/usr/bin/gmake -f CMakeFiles/Makefile2 all
gmake[1]: Entering directory `/home/n2n/n2n/build'
/usr/bin/gmake -f CMakeFiles/doc.dir/build.make CMakeFiles/doc.dir/depend
gmake[2]: Entering directory `/home/n2n/n2n/build'
....................
gmake[2]: Leaving directory `/home/n2n/n2n/build'
/usr/bin/cmake -E cmake_progress_report /home/n2n/n2n/build/CMakeFiles 52
[100%] Built target tests-wire
gmake[1]: Leaving directory `/home/n2n/n2n/build'
/usr/bin/cmake -E cmake_progress_start /home/n2n/n2n/build/CMakeFiles 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
4.3.3 第三步
# 将编译后的执行文件安装到 sbin 或 bin 目录下
make install
- 1
- 2
# 编译安装目标目录示例 [100%] Built target tests-wire make[1]: Leaving directory `/home/n2n/n2n/build' /usr/bin/cmake -E cmake_progress_start /home/n2n/n2n/build/CMakeFiles 0 make -f CMakeFiles/Makefile2 preinstall make[1]: Entering directory `/home/n2n/n2n/build' make[1]: Nothing to be done for `preinstall'. make[1]: Leaving directory `/home/n2n/n2n/build' Install the project... /usr/bin/cmake -P cmake_install.cmake -- Install configuration: "" -- Installing: /usr/local/sbin/edge -- Installing: /usr/local/sbin/supernode -- Installing: /usr/local/bin/n2n-benchmark -- Installing: /usr/share/man/man8/edge.8.gz -- Installing: /usr/share/man/man1/supernode.1.gz -- Installing: /usr/share/man/man7/n2n.7.gz
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
4.4 设置开机自启及火墙配置
4.4.1 设置开机自启
# 先查询一下这个端口是否被占用
netstat -anp|grep 8864
# 编辑开机自启文件
vi /etc/rc.local
- 1
- 2
- 3
- 4
4.4.2 防火墙配置
# 查看防⽕墙的状态
iptables -L -n -v --line-numbers
# 如果有需要可以给端口创建两个入站规则,这个视不同的公有云服务器的安全配置而定
iptables -I INPUT -p tcp --dport 8864 -j ACCEPT
iptables -I INPUT -p udp --dport 8864 -j ACCEPT
- 1
- 2
- 3
- 4
- 5
4.4.3 重启
reboot
- 1
4.5 验证
查看进程是否进行
# 检查 supernode 进程是否已运行
netstat -anp|grep `ps -ef|grep supernode|grep -v grep|awk {'print $2'}`
- 1
- 2
5 Linux 环境 edge 的编译、配置与启动
5.1 配置n2n启动脚本
vi /etc/init.d/n2n
- 1
#!/bin/sh ### BEGIN INIT INFO # Provides: n2n # Required-Start: $network $remote_fs $local_fs # Required-Stop: $remote_fs $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start or stop the n2n VPN # Description: This script controls the n2n VPN service. # It is called from the boot, halt and reboot scripts. # So far, only 1 PVN is supported by this script. # More can be started via the command line. ### END INIT INFO set -e # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC='n2n P2P VPN' NAME=n2n #DAEMON=/usr/sbin/edge DAEMON=/usr/local/sbin/edge DAEMON_ARGS="" # Arguments to run the daemon with #PIDFILE=/var/run/$NAME-edge.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Check config if [ ! -f "/etc/default/edge.conf" ] then echo "Warning: n2n VPN client is not configured, edit config file in /etc/default/edge.conf." 1>&2 exit 0 fi # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh . /lib/lsb/init-functions ## Make sure /var/run/n2n exists. #if [ ! -e /var/run/$NAME ] ; then # mkdir -p /var/run/$NAME # chown proxy:proxy /var/run/$NAME # chmod 755 /var/run/$NAME #fi # Function that starts the daemon/service # do_start() { if [ -r /sys/class/net/edge0 ]; then echo edge node is already running. exit 0 fi # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --user nobody --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --user nobody --exec $DAEMON -- \ /etc/default/edge.conf \ || return 2 } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user nobody --exec $DAEMON RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac # 修改虚拟网卡速度,n2n默认是10M/S,修改为1000M/S ethtool -s edge0 speed 1000 duplex full autoneg off ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) N=/etc/init.d/$NAME #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac exit 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
5.2 配置edge.conf脚本
在/etc/default/目录下创建edge.conf配置文件:
# # The configuration file is similar to the command line, with one option per line. An equal # sign '=' should be used between key and value. Example: -c=mynetwork or --community=mynetwork # This file contains a basic configuration example, please refer to the help (-h) for the full # list of available options. # # -d|--tun-device # Specifies the name of the TUN interface. # #-d=tap0 # # -c|--community # Specifies the n2n community name the edge belongs to. # -c= # # -k # Sets the encryption key (ASCII). The environment variable N2N_KEY=<key> can also be used. # -k= # # -m # Specified the MAC address for the TAP interface (random otherwise). # # -m=5E:57:77:58:7F:77 # # -a # Sets the interface address. For DHCP use '-r -a dhcp:0.0.0.0'. # -a=16.16.16.25 # # -p # Sets the local UDP port to a fixed port. # -p=60000 # # -l|--supernode-list # Specifies the supernode IP and port. # -l=168.324.678.8:8864 # # -z1 ... -z2| compress outgoing data packets, # -z1 = lzo1x, # disabled by default # -z1 # # -bHEerejer
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
5.3 n2n服务启动
#n2n 服务启动
systemctl daemon-reload
#n2n 服务启动
systemctl start n2n
#n2n 服务状态查询
systemctl status n2n
#n2n 服务停止
systemctl stop n2n
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
6 windows环境部署
7 常见问题
问题1:开机启动后/etc/rc.local supdernode没有生效
排查方法:
是rc.local没有执行权限导致
解决方法:
第一种方法:直接加权限
[root@master ~]# ls -l /etc/rc.local
lrwxrwxrwx. 1 root root 13 Sep 17 19:58 /etc/rc.local -> rc.d/rc.local
[root@master ~]#
[root@master ~]#
[root@master ~]# chmod +x /etc/rc.local
- 1
- 2
- 3
- 4
- 5
第二种方法:
rc-local服务配置路径为/usr/lib/systemd/system/rc-local.service。在[Unit]模块中添加或修改Requires和After项值为network-online.target。
cat /usr/lib/systemd/system/rc-local.service |grep -v “^#” #过滤掉注释
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/天景科技苑/article/detail/943528
推荐阅读
相关标签
