1、对于控制内网主机的方案有很多,但是如果没有公网的IP地址,想通过别人开放的公网主机实现随时随地控制内网的主机的方案却不多。
对于没有公网IP的用户,又想实现控制内网主机,甚至是自己手机的用户,这里也许是你的一个好选择。
2、对于构建VPN的用户来说,这里也是一个很好的选择,自己构建一个supernode的超级节点服务器即可。
3、对于强烈指示欲望的读者,可以深究其源码,细细品味下,毕竟这里的源码数量不是太多;
4、对应想了解如何如何打通通道的用户,也可以看其源码,所有的一切都写在里面了,所有的一切都是开放的。
服务端即supernode端:
login as: leekwen
leekwen@106.186.30.16's password:
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.11.0-15-generic i686)
* Documentation: https://help.ubuntu.com/
333 packages can be updated.
218 updates are security updates.
New release '14.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Fri Apr 17 12:41:46 2015 from 10.10.100.102
leekwen@dell-180:~$ svn co https://svn.ntop.org/svn/ntop/trunk/n2n
<--------- 下载n2n源码,需要用到subversion ----------->
leekwen@dell-180:~$ cd n2n; cd n2n_v1
<----------- 建议使用v1版 ----------->
leekwen@dell-180:~/n2n/n2n_v1$ make
<-- 如若在make时出现错误,请安装对应的包即可,如openssl,make等 -->
leekwen@dell-180:~/n2n/n2n_v1$ iptables -F
<----------- 临时关闭防火墙 ----------->
leekwen@dell-180:~/n2n/n2n_v1$ ./supernode -l 6489 -v
<----------- 开启supernode节点,并打开debug模式 ----------->
若你的服务器端不是临时关闭防火墙,那么需要开放其端口6489以给edge端提供访问的通道。
运行完上述的命令后,无需再增加什么防火墙转发策略。
edge端即内网的1号主机端:
同样是下载完n2n源码并编译后,运行edge命令:
leekwen@hp-100:~/n2n/n2n_v1$ ./edge -a 10.10.100.100 -c leekwen -k leekwen -l 106.186.30.16:6489 -M 1300 -v
edge端即内网的2号主机端:
同样是下载完n2n源码并编译后,运行edge命令:
leekwen@lenovo-120:~/n2n/n2n_v1$ ./edge -a 10.10.100.120 -c leekwen -k leekwen -l 106.186.30.16:6489 -M 1300 -v
此时edge的1号主机与edge的2号主机即可实现互通,互访!
Android手机端同样可以实现,需要安装n2n for Android软件包
windows端,也是可以实现互访,需要安装n2nguien.exe工具,win7下需右键以管理员身份运行。
Android下的n2n及windows下的GUI工具,下载链接地址:http://download.csdn.net/detail/leekwen/8604177
具体的参数含义请参照help文件:
超级节点的help文件:
leekwen@dell-180:~/n2n/n2n_v1$ ./supernode -h
Welcome to n2n v.1.3.2 for i686
Built on 12/03/16 10:35:02 AM
Copyright 2007-08 - http://www.ntop.org
supernode -l <listening port> [-v] [-h]
edge端的help文件:
leekwen@dell-180:~/n2n/n2n_v1$ ./edge -h
Welcome to n2n v.1.3.2 for i686
Built on 12/03/16 10:35:02 AM
Copyright 2007-08 - http://www.ntop.org
edge -d <tun device> -a <tun IP address> -c <community> -k <encrypt key> -s <netmask> [-u <uid> -g <gid>][-f][-m <MAC add ress>]
-l <supernode host:port> [-p <local port>] [-M <mtu>] [-t] [-r] [-v] [-b] [-h]
-d <tun device> | tun device name
-a <tun IP address> | n2n IP address
-c <community> | n2n community name
-k <encrypt key> | Encryption key (ASCII) - also N2N_KEY=<encrypt key>
-s <netmask> | Edge interface netmask in dotted decimal notation (255.255.255.0)
-l <supernode host:port> | Supernode IP:port
-b | Periodically resolve supernode IP
| (when supernodes are running on dynamic IPs)
-p <local port> | Local port used for connecting to supernode
-u <UID> | User ID (numeric) to use when privileges are dropped
-g <GID> | Group ID (numeric) to use when privileges are dropped
-f | Fork and run as a daemon. Use syslog.
-m <MAC address> | Choose a MAC address for the TAP interface
| eg. -m 01:02:03:04:05:06
-M <mtu> | Specify n2n MTU (default 1400)
-t | Use http tunneling (experimental)
-r | Enable packet forwarding through n2n community
-v | Verbose
Environment variables:
N2N_KEY | Encryption key (ASCII)