116 lines
4.2 KiB
Groff
116 lines
4.2 KiB
Groff
.TH edge 1 "Jan 3, 2009" "revision 3679" "SUPERUSER COMMANDS"
|
|
.SH NAME
|
|
edge \- n2n edge node daemon
|
|
.SH SYNOPSIS
|
|
.B edge
|
|
[\-d <tun device>] \-a <tun IP address> \-c <community> \-k <encrypt key> \-l <supernode host:port>
|
|
[\-p <local port>] [\-u <UID>] [\-g <GID>] [-f] [\-m <MAC address>] [\-t] [\-r] [\-v]
|
|
.SH DESCRIPTION
|
|
N2N is a peer-to-peer VPN system. Edge is the edge node daemon for n2n which
|
|
creates a TAP interface to expose the n2n virtual LAN. On startup n2n creates
|
|
the TAP interface and configures it then registers with the supernode so it can
|
|
begin to find other nodes in the community.
|
|
.PP
|
|
.SH OPTIONS
|
|
.TP
|
|
\-d <name>
|
|
sets the TAP device name as seen in ifconfig.
|
|
.TP
|
|
\-a <addr>
|
|
sets the n2n virtual LAN IP address being claimed. This is a private IP
|
|
address. All IP addresses in an n2n community should belong to the same /24
|
|
network (ie. only the last segment of the IP addresses varies).
|
|
.TP
|
|
\-b
|
|
cause edge to perform hostname resolution for the supernode address each time
|
|
the supernode is periodically contacted.
|
|
.TP
|
|
\-c <community>
|
|
sets the n2n community name. All edges within the same community look to be on
|
|
the same LAN (layer 2 network segment). All edges communicating must use the
|
|
same key and community name.
|
|
.TP
|
|
\-h
|
|
write usage to tty then exit.
|
|
.TP
|
|
\-k <keystring>
|
|
sets the twofish encryption key from ASCII text (see also N2N_KEY in
|
|
ENVIRONMENT). All edges communicating must use the same key and community name.
|
|
.TP
|
|
\-l <addr>:<port>
|
|
sets the n2n supernode IP address and port to register to.
|
|
.TP
|
|
\-p <num>
|
|
binds edge to the given UDP port. Useful for keeping the same external socket
|
|
across restarts of edge.
|
|
.TP
|
|
\-u <uid>
|
|
causes the edge process to drop to the given user ID when privileges are no
|
|
longer required.
|
|
.TP
|
|
\-g <gid>
|
|
causes the edge process to drop to the given group ID when privileges are no
|
|
longer required.
|
|
.TP
|
|
\-f
|
|
causes the edge process to fork and run as a daemon, closing stdin, stdout,
|
|
stderr and becoming a process group leader.
|
|
.TP
|
|
\-m <MAC>
|
|
start the TAP interface with the given MAC address. This is highly recommended
|
|
as it means the same address will be used if edge stops and restarts. If this is
|
|
not done, the ARP caches of all peers will be wrong and packets will not flow to
|
|
this edge until the next ARP refresh.
|
|
.TP
|
|
\-M <MTU>
|
|
set the MTU of the edge interface in bytes. MTU is the largest packet fragment
|
|
size allowed to be moved throught the interface. The default is 1400.
|
|
.TP
|
|
\-s <netmask>
|
|
set the netmask of edge interface in IPv4 dotted decimal notation. The default
|
|
is 255.255.255.0 (ie. /24).
|
|
.TP
|
|
\-t
|
|
use HTTP tunneling instead of the normal UDP mechanism (experimental).
|
|
.TP
|
|
\-r
|
|
enable packet forwarding/routing through the n2n virtual LAN. Without this
|
|
option, packets arriving over n2n which are not for the -a <addr> IP address are
|
|
dropped.
|
|
.TP
|
|
\-v
|
|
use verbose logging.
|
|
.SH ENVIRONMENT
|
|
.TP
|
|
.B N2N_KEY
|
|
set the encryption key so it is not visible on the command line
|
|
.SH EXAMPLES
|
|
.TP
|
|
.B edge \-d n2n0 \-c mynetwork \-k encryptme \-u 99 \-g 99 \-m DE:AD:BE:EF:01:23 \-a 192.168.254.7 \-p 50001 \-l 123.121.120.119:7654
|
|
|
|
Start edge with TAP device n2n0 on community "mynetwork" with community
|
|
supernode at 123.121.120.119 UDP port 7654 and bind the locally used UDP port to
|
|
50001. Use "encryptme" as the shared encryption key. Assign MAC address
|
|
DE:AD:BE:EF:01:23 to the n2n interface and drop to user=99 and group=99 after
|
|
the TAP device is successfull configured.
|
|
.PP
|
|
Add the -f option to make edge run as a daemon.
|
|
.PP
|
|
Somewhere else setup another edge with similar parameters, eg.
|
|
|
|
.B edge \-d n2n0 \-c mynetwork \-k encryptme \-u 99 \-g 99 \-m DE:AD:BE:EF:01:21 \-a 192.168.254.5 \-p 50001 \-l 123.121.120.119:7654
|
|
.PP
|
|
Now you can ping from 192.168.254.5 to 192.168.254.7.
|
|
.PP
|
|
The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be different on all edges in the same community.
|
|
|
|
.SH CONFIGURATION
|
|
All configuration for edge is from the command line and environment
|
|
variables. If you wish to reconfigure edge you should kill the process and
|
|
restart with the desired options.
|
|
.SH EXIT STATUS
|
|
edge is a daemon and any exit is an error.
|
|
.SH AUTHOR
|
|
Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
|
|
.SH SEE ALSO
|
|
ifconfig(8) supernode(1) tunctl(8)
|