"Fossies" - the Fresh Open Source Software Archive 
Source code changes of the file "edge.8" between
n2n-3.0.tar.gz and n2n-3.1.1.tar.gz
About: n2n is a layer-two peer-to-peer virtual private network (VPN) which allows bypassing intermediate firewalls. Pre-release.
| edge.8 (n2n-3.0) | : | edge.8 (n2n-3.1.1) | ||
|---|---|---|---|---|
| skipping to change at line 92 | skipping to change at line 92 | |||
| -H use header encryption, supernode needs fixed community | -H use header encryption, supernode needs fixed community | |||
| -z1 ... -z2 | -z1 ... -z2 | |||
| compress outgoing data packets, -z1 = lzo1x, disabled by default | compress outgoing data packets, -z1 = lzo1x, disabled by default | |||
| --select-rtt | --select-rtt | |||
| select supernode by round trip time if several to choose from (fed eration), defaults to load-based | select supernode by round trip time if several to choose from (fed eration), defaults to load-based | |||
| selection strategy if not provided. | selection strategy if not provided. | |||
| --select-mac | ||||
| select supernode by MAC address if several to choose from (federat | ||||
| ion), lowest MAC address first. | ||||
| --no-port-forwarding | ||||
| disables the default behavior of trying to have the edge's port fo | ||||
| rwarded through a router eventu- | ||||
| ally supporting it (only if compiled with miniupnp and/or natpmp l | ||||
| ibrary support). | ||||
| TAP DEVICE AND OVERLAY NETWORK CONFIGURATION | TAP DEVICE AND OVERLAY NETWORK CONFIGURATION | |||
| -a [mode]<ip>[/n] | -a [mode]<ip>[/n] | |||
| interface address and optional CIDR subnet, default '/24', mode = [static|dhcp]:, for DHCP use '-r | interface address and optional CIDR subnet, default '/24', mode = [static|dhcp]:, for DHCP use '-r | |||
| -a dhcp:0.0.0.0', edge draws IP address from supernode if no '-a . ..' given | -a dhcp:0.0.0.0', edge draws IP address from supernode if no '-a . ..' given | |||
| -m <mac> | -m <mac> | |||
| start the TAP interface with the given MAC address. This is hi | start the TAP interface with the given MAC address. This is highly | |||
| ghly recommended as it means the | recommended as it means the | |||
| same address will be used if edge stops and restarts. If this is n | same address will be used if edge stops and restarts. If this is | |||
| ot done, the ARP caches of all | not done, the ARP caches of all | |||
| peers will be wrong and packets will not flow to this edge until | peers will be wrong and packets will not flow to this edge until t | |||
| the next ARP refresh. e.g. '-m | he next ARP refresh. e.g. '-m | |||
| 10:20:30:40:50:60', by default a random MAC address is used. | 10:20:30:40:50:60', by default a random MAC address is used. | |||
| -d <device>, --device=<device> | -d <device>, --device=<device> | |||
| TAP device name | TAP device name | |||
| -M <mtu> | -M <mtu> | |||
| specify n2n MTU of TAP interface, default 1290 | specify n2n MTU of TAP interface, default 1290 | |||
| -r enable IP packet forwarding/routing through the n2n virtual LAN. W | -r enable IP packet forwarding/routing through the n2n virtual LAN. | |||
| ithout this option, IP packets | Without this option, IP packets | |||
| arriving over n2n are dropped if not for the -a <addr> (or DHCP | arriving over n2n are dropped if not for the -a <addr> (or DHCP as | |||
| assigned) IP address of the edge | signed) IP address of the edge | |||
| interface. | interface. | |||
| -E accept packets destined for multicast ethernet MAC addresses. Thes | -E accept packets destined for multicast ethernet MAC addresses. Th | |||
| e addresses are used in multi- | ese addresses are used in multi- | |||
| cast ethernet and IPv6 neighbour discovery. If this option is not | cast ethernet and IPv6 neighbour discovery. If this option is not | |||
| present these multicast packets | present these multicast packets | |||
| are discarded as most users do not need or understand them. | are discarded as most users do not need or understand them. | |||
| -I <description> | -I <description> | |||
| annotate the edge's description used for easier identification in management port output or user- | annotate the edge's description used for easier identification in management port output or user- | |||
| name | name | |||
| -J <password> | -J <password> | |||
| password for user-password edge authentication (see also N2N_PASSW ORD in ENVIRONMENT) | password for user-password edge authentication (see also N2N_PASSW ORD in ENVIRONMENT) | |||
| -P <public key> | -P <public key> | |||
| federation public key for user-password authentication | federation public key for user-password authentication | |||
| -R <rule_str> | -R <rule_str> | |||
| Add rule to drop or accept specific packet transmit over edge net work interface. -R rule_str can | Add rule to drop or accept specific packet transmit over edge netw ork interface. -R rule_str can | |||
| be used multiple times to add multiple rules. Each -R rule_str add one rule. | be used multiple times to add multiple rules. Each -R rule_str add one rule. | |||
| rule_str format:"src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_p ort],TCP+/-,UDP+/-,ICMP+/-". | rule_str format:"src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_p ort],TCP+/-,UDP+/-,ICMP+/-". | |||
| ip/len indicate a cidr block, len can be ignore, means single ip(n ot cidr block) will be use in | ip/len indicate a cidr block, len can be ignore, means single i p(not cidr block) will be use in | |||
| filter rule. | filter rule. | |||
| +,- after TCP,UDP,ICMP proto type indicate allow or drop packet of that proto. if any of above | +,- after TCP,UDP,ICMP proto type indicate allow or drop packet of that proto. if any of above | |||
| three proto missed, the rule will not take effect for that proto. | three proto missed, the rule will not take effect for that proto. | |||
| Ports range [s_port,e_port] can be instead by single port number. | Ports range [s_port,e_port] can be instead by single port number | |||
| If not specify, [0,65535] will | . If not specify, [0,65535] will | |||
| be used. Ports range include start_port and end_port. If multiple | be used. Ports range include start_port and end_port. If multiple | |||
| rules matching packet's ips and | rules matching packet's ips and | |||
| ports, the rule with smaller cidr block(smaller address space) wil | ports, the rule with smaller cidr block(smaller address space) wi | |||
| l be selected. That means rules | ll be selected. That means rules | |||
| with larger len value has higher priority. | with larger len value has higher priority. | |||
| Packets that cannot match any rule will be accepted by default. Us ers can add rules to block traf- | Packets that cannot match any rule will be accepted by default. Us ers can add rules to block traf- | |||
| fics. This behavior can be change by add the rule : | fics. This behavior can be change by add the rule : | |||
| `0.0.0.0/0:[0,65535],0.0.0.0/0: | `0.0.0.0/0:[0,65535],0.0.0.0/0: | |||
| [0,65535],TCP-,UDP-,ICMP-`. Then all traffic will be dropped, use | [0,65535],TCP-,UDP-,ICMP-`. Then all traffic will be dropped, user | |||
| rs need add rules to allow traf- | s need add rules to allow traf- | |||
| fics. | fics. | |||
| for example : `-R 0.0.0.0/0,0.0.0.0/0,TCP-,UDP-,ICMP- -R 192.168.1 00.0/24,192.168.100.0/24,ICMP+`, | for example : `-R 0.0.0.0/0,0.0.0.0/0,TCP-,UDP-,ICMP- -R 192.168.1 00.0/24,192.168.100.0/24,ICMP+`, | |||
| -x <metric> | -x <metric> | |||
| set TAP interface metric, defaults to 0 (auto), e.g. set to 1 for better multiplayer game detec- | set TAP interface metric, defaults to 0 (auto), e.g. set to 1 fo r better multiplayer game detec- | |||
| tion. | tion. | |||
| (Windows only) | (Windows only) | |||
| LOCAL OPTIONS | LOCAL OPTIONS | |||
| -f do not fork and run as a daemon, rather run in foreground | -f do not fork and run as a daemon, rather run in foreground | |||
| -t <port> | -t <port> | |||
| binds the edge management system to the given UDP port. Default 5 644. Use this if you need to run | binds the edge management system to the given UDP port. Default 56 44. Use this if you need to run | |||
| multiple instance of edge; or something is bound to that port. | multiple instance of edge; or something is bound to that port. | |||
| --management-password <password> | --management-password <password> | |||
| sets the password for access to JSON API at the management port, d | sets the password for access to JSON API at the management port, | |||
| efaults to 'n2n'. The password | defaults to 'n2n'. The password | |||
| has to be provided when using 'scripts/n2n-ctl', 'scripts/n2n- | has to be provided when using 'scripts/n2n-ctl', 'scripts/n2n-http | |||
| httpd' or for any other relevant | d' or for any other relevant | |||
| access to JSON API at the management port. | access to JSON API at the management port. | |||
| -v, --verbose | -v, --verbose | |||
| make more verbose, repeat as required | make more verbose, repeat as required | |||
| -n <cidr:gateway> | -n <cidr:gateway> | |||
| route an IPv4 network via the gateway, use 0.0.0.0/0 for the defau lt gateway, can be set multiple | route an IPv4 network via the gateway, use 0.0.0.0/0 for the defa ult gateway, can be set multiple | |||
| times | times | |||
| -u <UID>, --euid=<UID> | -u <UID>, --euid=<UID> | |||
| numeric user ID to use when privileges are dropped | numeric user ID to use when privileges are dropped | |||
| -g <GID>, --egid=<GID> | -g <GID>, --egid=<GID> | |||
| numeric group ID to use when privileges are dropped | numeric group ID to use when privileges are dropped | |||
| -h write usage then exit. | -h write usage then exit. | |||
| skipping to change at line 196 | skipping to change at line 203 | |||
| N2N_KEY | N2N_KEY | |||
| set the encryption key so it is not visible at the command line | set the encryption key so it is not visible at the command line | |||
| N2N_COMMUNITY | N2N_COMMUNITY | |||
| set the community name so it is not visible at the command line | set the community name so it is not visible at the command line | |||
| N2N_PASSWORD | N2N_PASSWORD | |||
| set the password for user-password authentication so it is not vis ible at the command line | set the password for user-password authentication so it is not vis ible at the command line | |||
| EXAMPLES | EXAMPLES | |||
| edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01 :23 -a 192.168.254.7 -p 50001 -l | edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:23 -a 192.168.254.7 -p 50001 -l | |||
| 123.121.120.119:7654 | 123.121.120.119:7654 | |||
| Start edge with TAP device n2n0 on community "mynetwork" | Start edge with TAP device n2n0 on community "mynetwork" | |||
| with community supernode at | with community supernode at | |||
| 123.121.120.119 UDP port 7654 and bind the locally used UDP port | 123.121.120.119 UDP port 7654 and bind the locally used UDP port t | |||
| to 50001. Use "encryptme" as the | o 50001. Use "encryptme" as the | |||
| single permanent shared encryption key. Assign MAC address DE:AD:B | single permanent shared encryption key. Assign MAC address DE:AD: | |||
| E:EF:01:23 to the n2n interface | BE:EF:01:23 to the n2n interface | |||
| and drop to user=99 and group=99 after the TAP device is successfu lly configured. | and drop to user=99 and group=99 after the TAP device is successfu lly configured. | |||
| Add the -f option to stop edge running as a daemon. | Add the -f option to stop edge running as a daemon. | |||
| Somewhere else setup another edge with similar parameters, eg. | Somewhere else setup another edge with similar parameters, eg. | |||
| edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01 :21 -a 192.168.254.5 -p 50001 -l | edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:21 -a 192.168.254.5 -p 50001 -l | |||
| 123.121.120.119:7654 | 123.121.120.119:7654 | |||
| Now you can ping from 192.168.254.5 to 192.168.254.7. | Now you can ping from 192.168.254.5 to 192.168.254.7. | |||
| The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be dif ferent on all edges in the same | The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be di fferent on all edges in the same | |||
| community. | community. | |||
| CLEARTEXT MODE | CLEARTEXT MODE | |||
| If -k is not specified then edge uses cleartext mode. In cleartext m | If -k is not specified then edge uses cleartext mode. In cleartext mode t | |||
| ode there is no transform of the | here is no transform of the | |||
| packet data it is simply encrypted. This is useful for debugging n2n as | packet data it is simply encrypted. This is useful for debugging n2 | |||
| packet contents can be seen | n as packet contents can be seen | |||
| clearly. | clearly. | |||
| To prevent accidental exposure of data, edge only enters cleartext mo | To prevent accidental exposure of data, edge only enters cleartext mode w | |||
| de when no keying parameters are | hen no keying parameters are | |||
| specified. In the case where keying parameters are specified but no valid | specified. In the case where keying parameters are specified but no va | |||
| keys can be determined, edge | lid keys can be determined, edge | |||
| exits with an error at startup. If all keys become invalid while running | exits with an error at startup. If all keys become invalid while running, | |||
| , edge continues to encode using | edge continues to encode using | |||
| the last key that was valid. | the last key that was valid. | |||
| MANAGEMENT INTERFACE | MANAGEMENT INTERFACE | |||
| Edge provides a very simple management system on UDP port 5644. Send a ne wline to receive a status out- | Edge provides a very simple management system on UDP port 5644. Send a newline to receive a status out- | |||
| put. Send 'stop' to cause edge to exit cleanly. | put. Send 'stop' to cause edge to exit cleanly. | |||
| echo | nc -w1 -u 127.0.0.1 5644 | echo | nc -w1 -u 127.0.0.1 5644 | |||
| Shows the current statistics of a running edge. | Shows the current statistics of a running edge. | |||
| EXIT STATUS | EXIT STATUS | |||
| edge is a daemon and any exit is an error. | edge is a daemon and any exit is an error. | |||
| AUTHORS | AUTHORS | |||
| Richard Andrews | Richard Andrews | |||
| End of changes. 21 change blocks. | ||||
| 55 lines changed or deleted | 65 lines changed or added | |||