edge - n2n edge node daemon
edge [-d <tun device>] -a <tun IP address> -c <community> -k <encrypt
key> -l <supernode host:port> [-p <local port>] [-u <UID>] [-g <GID>]
[-f] [-m <MAC address>] [-t] [-r] [-v]
N2N is a peer-to-peer VPN system. Edge is the edge node daemon for n2n
which creates a TAP interface to expose the n2n virtual LAN. On startup
n2n creates the TAP interface and configures it then registers with the
supernode so it can begin to find other nodes in the community.
sets the TAP device name as seen in ifconfig.
sets the n2n virtual LAN IP address being claimed. This is a
private IP address. All IP addresses in an n2n community should
belong to the same /24 network (ie. only the last segment of the
IP addresses varies).
-b cause edge to perform hostname resolution for the supernode
address each time the supernode is periodically contacted.
sets the n2n community name. All edges within the same community
look to be on the same LAN (layer 2 network segment). All edges
communicating must use the same key and community name.
-h write usage to tty then exit.
sets the twofish encryption key from ASCII text (see also
N2N_KEY in ENVIRONMENT). All edges communicating must use the
same key and community name.
sets the n2n supernode IP address and port to register to.
binds edge to the given UDP port. Useful for keeping the same
external socket across restarts of edge.
causes the edge process to drop to the given user ID when
privileges are no longer required.
causes the edge process to drop to the given group ID when
privileges are no longer required.
-f causes the edge process to fork and run as a daemon, closing
stdin, stdout, stderr and becoming a process group leader.
start the TAP interface with the given MAC address. This is
highly recommended as it means the same address will be used if
edge stops and restarts. If this is not done, the ARP caches of
all peers will be wrong and packets will not flow to this edge
until the next ARP refresh.
set the MTU of the edge interface in bytes. MTU is the largest
packet fragment size allowed to be moved throught the interface.
The default is 1400.
set the netmask of edge interface in IPv4 dotted decimal
notation. The default is 255.255.255.0 (ie. /24).
-t use HTTP tunneling instead of the normal UDP mechanism
-r enable packet forwarding/routing through the n2n virtual LAN.
Without this option, packets arriving over n2n which are not for
the -a <addr> IP address are dropped.
-v use verbose logging.
set the encryption key so it is not visible on the command line
edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:23
-a 192.168.254.7 -p 50001 -l 126.96.36.199:7654
Start edge with TAP device n2n0 on community "mynetwork" with
community supernode at 188.8.131.52 UDP port 7654 and bind
the locally used UDP port to 50001. Use "encryptme" as the
shared encryption key. Assign MAC address DE:AD:BE:EF:01:23 to
the n2n interface and drop to user=99 and group=99 after the TAP
device is successfull configured.
Add the -f option to make edge run as a daemon.
Somewhere else setup another edge with similar parameters, eg.
edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:21
-a 192.168.254.5 -p 50001 -l 184.108.40.206:7654
Now you can ping from 192.168.254.5 to 192.168.254.7.
The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be
different on all edges in the same community.
All configuration for edge is from the command line and environment
variables. If you wish to reconfigure edge you should kill the process
and restart with the desired options.
edge is a daemon and any exit is an error.
Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at)
ntop.org ), Don Bindner
ifconfig(8) supernode(1) tunctl(8)