Man Linux: Main Page and Category List


       edge - n2n edge node daemon


       edge  [-d  <tun device>] -a <tun IP address> -c <community> -k <encrypt
       key> -l <supernode host:port> [-p <local port>] [-u <UID>]  [-g  <GID>]
       [-f] [-m <MAC address>] [-t] [-r] [-v]


       N2N  is a peer-to-peer VPN system. Edge is the edge node daemon for n2n
       which creates a TAP interface to expose the n2n virtual LAN. On startup
       n2n creates the TAP interface and configures it then registers with the
       supernode so it can begin to find other nodes in the community.


       -d <name>
              sets the TAP device name as seen in ifconfig.

       -a <addr>
              sets the n2n virtual LAN IP address being  claimed.  This  is  a
              private  IP address. All IP addresses in an n2n community should
              belong to the same /24 network (ie. only the last segment of the
              IP addresses varies).

       -b     cause  edge  to  perform  hostname  resolution for the supernode
              address each time the supernode is periodically contacted.

       -c <community>
              sets the n2n community name. All edges within the same community
              look  to be on the same LAN (layer 2 network segment). All edges
              communicating must use the same key and community name.

       -h     write usage to tty then exit.

       -k <keystring>
              sets the twofish  encryption  key  from  ASCII  text  (see  also
              N2N_KEY  in  ENVIRONMENT).  All edges communicating must use the
              same key and community name.

       -l <addr>:<port>
              sets the n2n supernode IP address and port to register to.

       -p <num>
              binds edge to the given UDP port. Useful for  keeping  the  same
              external socket across restarts of edge.

       -u <uid>
              causes  the  edge  process  to  drop  to  the given user ID when
              privileges are no longer required.

       -g <gid>
              causes the edge process to drop  to  the  given  group  ID  when
              privileges are no longer required.

       -f     causes  the  edge  process  to fork and run as a daemon, closing
              stdin, stdout, stderr and becoming a process group leader.

       -m <MAC>
              start the TAP interface with the  given  MAC  address.  This  is
              highly  recommended as it means the same address will be used if
              edge stops and restarts. If this is not done, the ARP caches  of
              all  peers  will be wrong and packets will not flow to this edge
              until the next ARP refresh.

       -M <MTU>
              set the MTU of the edge interface in bytes. MTU is  the  largest
              packet fragment size allowed to be moved throught the interface.
              The default is 1400.

       -s <netmask>
              set the  netmask  of  edge  interface  in  IPv4  dotted  decimal
              notation. The default is (ie. /24).

       -t     use   HTTP   tunneling  instead  of  the  normal  UDP  mechanism

       -r     enable packet forwarding/routing through the  n2n  virtual  LAN.
              Without this option, packets arriving over n2n which are not for
              the -a <addr> IP address are dropped.

       -v     use verbose logging.


              set the encryption key so it is not visible on the command line


       edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:23
       -a -p 50001 -l

              Start edge with TAP device n2n0 on  community  "mynetwork"  with
              community  supernode  at UDP port 7654 and bind
              the locally used UDP port  to  50001.  Use  "encryptme"  as  the
              shared  encryption  key. Assign MAC address DE:AD:BE:EF:01:23 to
              the n2n interface and drop to user=99 and group=99 after the TAP
              device is successfull configured.

       Add the -f option to make edge run as a daemon.

       Somewhere else setup another edge with similar parameters, eg.

       edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:21
       -a -p 50001 -l

       Now you can ping from to

       The MAC address (-m <MAC>) and virtual IP address (-a <addr>)  must  be
       different on all edges in the same community.


       All  configuration  for  edge  is from the command line and environment
       variables. If you wish to reconfigure edge you should kill the  process
       and restart with the desired options.


       edge is a daemon and any exit is an error.


       Luca  Deri  (  deri  (at)  ),  Richard Andrews ( andrews (at) ), Don Bindner


       ifconfig(8) supernode(1) tunctl(8)