Setup n2n-edge » Historie » Version 1
Jeremias Keihsler, 12.01.2017 10:03
1 | 1 | Jeremias Keihsler | h1. Install n2n-Edgenode |
---|---|---|---|
2 | |||
3 | h2. Requirements |
||
4 | |||
5 | To install n2n you will need the following: |
||
6 | * a installed and supported operating system (e.g. CentOS 6.x) |
||
7 | * root-access |
||
8 | * EPEL repository |
||
9 | * a fast internet connection |
||
10 | |||
11 | h2. Preliminary note |
||
12 | |||
13 | most of this is taken from |
||
14 | * [[http://www.ntop.org/products/n2n/]] |
||
15 | * [[https://github.com/lukablurr/n2n_v2_fork/blob/master/doc/multiple-supernodes.pdf]] |
||
16 | * [[http://listgateway.unipi.it/mailman/listinfo/n2n]] |
||
17 | * [[http://listgateway.unipi.it/pipermail/n2n/2009-October/000300.html]] |
||
18 | |||
19 | h2. Install |
||
20 | |||
21 | The EPEL-Repository is a requirement. |
||
22 | |||
23 | [[repo_epel|Install EPEL repository]] |
||
24 | <pre><code class="bash"> |
||
25 | yum install n2n |
||
26 | </code></pre> |
||
27 | |||
28 | h2. manual testing |
||
29 | |||
30 | h3. starting Edgenode |
||
31 | |||
32 | maybe simple as |
||
33 | <pre><code class="bash"> |
||
34 | edge -a 10.1.2.5 -c mynetwork -k mypwd -l 94.136.160.87:5644 |
||
35 | </code></pre> |
||
36 | |||
37 | <pre><code class="bash"> |
||
38 | edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:23 -a 192.168.254.7 -p 50001 -l 123.121.120.119:7654 |
||
39 | </code></pre> |
||
40 | |||
41 | Start edge with TAP device n2n0 on community "mynetwork" with community supernode at 123.121.120.119 UDP port 7654 and bind the locally used UDP port to50001. Use "encryptme" as the single permanent shared encryption key. Assign MACaddress DE:AD:BE:EF:01:23 to the n2n interface and drop to user=99 and group=99 after the TAP device is successfull configured. |
||
42 | |||
43 | Add the -f option to stop edge running as a daemon. |
||
44 | |||
45 | Somewhere else setup another edge with similar parameters, eg. |
||
46 | <pre><code class="bash"> |
||
47 | edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:21 -a 192.168.254.5 -p 50001 -l 123.121.120.119:7654 |
||
48 | </code></pre> |
||
49 | |||
50 | Now you can ping from 192.168.254.5 to 192.168.254.7. |
||
51 | |||
52 | The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be differenton all edges in the same community. |
||
53 | |||
54 | h2. running n2n-EdgeNode as a service |
||
55 | |||
56 | if everything is working as expected we maybe want n2n-edgenode to survive a system-reboot. |
||
57 | |||
58 | The following should work without modification: |
||
59 | |||
60 | Create a folder /etc/n2n and create configuration files (as described below) using following file name format: |
||
61 | |||
62 | <pre><code class="bash"> |
||
63 | mkdir /etc/n2n |
||
64 | </code></pre> |
||
65 | |||
66 | <pre><code class="bash"> |
||
67 | edge-host1.example.com |
||
68 | edge-host2.example.com |
||
69 | edge-*.example.com |
||
70 | </code></pre> |
||
71 | |||
72 | The interesting contents of 'edge-host1.example.com' would look similar to this: |
||
73 | |||
74 | <pre><code class="bash"> |
||
75 | vim /etc/n2n/edge-host1.example.com |
||
76 | </code></pre> |
||
77 | |||
78 | <pre> |
||
79 | # == edge configuration values parsed by /etc/rc.d/init.d/edged == |
||
80 | # Each value is read by the init script - do not modify variable names. |
||
81 | # Read 'man edge' for details about these values... |
||
82 | |||
83 | # Uncomment N2N_FORWARD if you want to route packets via VPN... |
||
84 | # N2N_FORWARD="-r" |
||
85 | # N2N_DAEMONISE="-f" |
||
86 | N2N_TUN_IF="tun10" |
||
87 | N2N_IP="10.10.10.11" |
||
88 | N2N_NETMASK="255.255.255.0" |
||
89 | N2N_KEY="MySecretCode" |
||
90 | N2N_COMMUNITY="MyCommunityName" |
||
91 | |||
92 | # Better to use numeric public IP rather than DNS hostname, but... |
||
93 | N2N_SUPERNODE="gw1.example.com" |
||
94 | N2N_PORT="8765" |
||
95 | N2N_UID="99" |
||
96 | N2N_GID="99" |
||
97 | # Other options... |
||
98 | # N2N_OPTIONS="-p 1234 -M 1200 -t -b -v" |
||
99 | N2N_OPTIONS="" |
||
100 | # === end edge-host1.example.com config. file =================== |
||
101 | </pre> |
||
102 | |||
103 | Read comments in the scripts below to make more sense out of how they work. |
||
104 | |||
105 | Here is the init-script that works when used with configuration files as described above: |
||
106 | |||
107 | <pre><code class="bash"> |
||
108 | vim /etc/init.d/edged |
||
109 | </code></pre> |
||
110 | <pre> |
||
111 | #!/bin/sh |
||
112 | # $Id: n2n-edge.init,v 1.9 2009/10/23 12:34:56 |
||
113 | # n2n edge startup script. |
||
114 | # |
||
115 | # chkconfig: 345 97 25 |
||
116 | # processname: edge |
||
117 | # pidfile: /var/run/n2n-edge.pid |
||
118 | # |
||
119 | # short-description: Provides client-to-client VPN access via Internet |
||
120 | # description: This is startup script for n2n 'edge', |
||
121 | # n2n edge + supernode provide internet connection for vpn peers |
||
122 | # |
||
123 | # SEE: |
||
124 | # for more options n2n 'man edge' and 'man supernode' |
||
125 | # |
||
126 | # NOTE: |
||
127 | # Option to enter 'debug' as second var: e.g 'supernode start debug' |
||
128 | # Using grep -w switch searches for whole word reduces ambiguity |
||
129 | # Comment in/out the 'echo' stuff depending if things work as expected |
||
130 | # Config files located/named in: /etc/n2n/edge-your.example.com |
||
131 | # Assumes CentOS init scripts located in /etc/rc.d/init.d/ |
||
132 | # |
||
133 | # Created: FOOFORCE RB 2009-10-24 |
||
134 | # License GPL: free to copy, improve and use. |
||
135 | # =========================================================== |
||
136 | # ==== main init script variables =========================== |
||
137 | # Make sure you include path where 'edge' + sh + tools are installed.. |
||
138 | # PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin" |
||
139 | PATH="/sbin:/bin:/usr/sbin:/usr/bin" |
||
140 | |||
141 | # The name + path to the executable program/daemon file... |
||
142 | NAME="edge" |
||
143 | DAEMON="/usr/sbin/${NAME}" |
||
144 | |||
145 | # Modify $NAME to filter on 'grep -w [s]supernode' - faster than 'grep -v grep'... |
||
146 | GREPNAME=$(echo "[e]${NAME#e}") |
||
147 | |||
148 | # Enable some simple debug messages when running this script... |
||
149 | if [[ "${2}" == "debug" ]]; then |
||
150 | echo "DEBUG: ${GREPNAME} ${2}" |
||
151 | fi |
||
152 | |||
153 | PIDFILE="/var/run/edge.pid" |
||
154 | LOGFILE="/var/log/n2n-${NAME}.log" |
||
155 | STAMP=$(/bin/date +%T) |
||
156 | |||
157 | # Get the host/domain name to identify local configfile.. |
||
158 | HOST=$(/bin/hostname) |
||
159 | FQDN=$(/bin/hostname -f) |
||
160 | |||
161 | # Initialise configfile variable to empty value... |
||
162 | CONFIGDIR="/etc/n2n" |
||
163 | |||
164 | # Initialise configfile variable to empty value... |
||
165 | CONFIGFILE="" |
||
166 | |||
167 | # Load values from configfile using our local domain name: |
||
168 | # Example: |
||
169 | # Our local FQDN = 'myhost.example.com' |
||
170 | # Our configfile = 'edge-myhost.example.com' |
||
171 | # |
||
172 | if [[ "${HOST}" == "" ]]; then |
||
173 | #if [[ "${FQDN}" == "" ]]; then |
||
174 | #echo " ERROR: Missing ${FQDN} hostname in config file /etc/rc.d/init.d/${NAME}" |
||
175 | echo " ERROR: Missing ${HOST} hostname in config file /etc/rc.d/init.d/${NAME}" |
||
176 | exit 1 |
||
177 | else |
||
178 | #CONFIGFILE="${CONFIGDIR}/edge-${FQDN}" |
||
179 | CONFIGFILE="${CONFIGDIR}/edge-${HOST}" |
||
180 | fi |
||
181 | |||
182 | if [[ -f "${CONFIGFILE}" ]]; then |
||
183 | # Get values from local configuration file... |
||
184 | echo " Found config file: ${CONFIGFILE}" |
||
185 | . ${CONFIGFILE} |
||
186 | else |
||
187 | echo "ERROR: Missing config file ${CONFIGFILE}" |
||
188 | exit 1 |
||
189 | fi |
||
190 | |||
191 | # See if pid file exists and get pid number... |
||
192 | if [[ -f "${PIDFILE}" ]]; then |
||
193 | CURPID=$(cat ${PIDFILE}) |
||
194 | fi |
||
195 | |||
196 | # Quit if we can't find application... |
||
197 | test -f ${DAEMON} || exit 0 |
||
198 | |||
199 | set -e |
||
200 | |||
201 | # Set any value to enable this script... |
||
202 | # N2N_RUN=1 |
||
203 | # |
||
204 | # test -n "${N2N_RUN}" || exit 0 |
||
205 | |||
206 | # Optionaly change into n2n config directory... |
||
207 | if [[ -d "${CONFIGDIR}" ]]; then |
||
208 | cd ${CONFIGDIR} |
||
209 | fi |
||
210 | # ========================================================= |
||
211 | |||
212 | # Should not need to change much below here... |
||
213 | |||
214 | # ==== see how we were called + act accordingly ========== |
||
215 | case "${1}" in |
||
216 | start) |
||
217 | # echo " ${NAME} ${1} process is ${0} on pid: ${$})..." |
||
218 | echo "${STAMP} start n2n /etc/rc.d/init.d/${NAME}" > ${LOGFILE} |
||
219 | |||
220 | if [[ -n "${CURPID}" ]]; then |
||
221 | echo " A PID:${CURPID} already exists for ${0}:" |
||
222 | echo " To re-start with current config settings, run '$0 stop' then '$0 start' ..." |
||
223 | else |
||
224 | if [ -d /var/lock/subsys ] ; then |
||
225 | touch /var/lock/subsys/${NAME}; |
||
226 | fi |
||
227 | |||
228 | # ===================================================== |
||
229 | # If using third-part tools to set tun device.. |
||
230 | # tunctl -t ${N2N_TUN_IF} |
||
231 | |||
232 | # All variables read from ${CONFIGFILE}... |
||
233 | # Use configfile ${FORWARD} = '-r' switch to enable packet forwarding/routing |
||
234 | # Use configfile ${DAEMONISE} = '-f' switch to daemonise in background.... |
||
235 | # |
||
236 | # Uncomment to display all the variable source values... |
||
237 | # echo "DEBUG: ${DAEMON} ${FORWARD} ${N2N_DAEMONISE}\ |
||
238 | # -d ${N2N_TUN_IF} -c ${N2N_COMMUNITY} -k ${N2N_KEY} -u ${N2N_UID} -g ${N2N_GID} \ |
||
239 | # -a ${N2N_IP} -s ${N2N_NETMASK} -p ${N2N_UDP} -l ${N2N_SUPERNODE}:${N2N_PORT} ${N2N_OPTIONS}" |
||
240 | # If variable value not empty then add command-line switch to variable... |
||
241 | if [[ -n "${N2N_TUN_IF}" ]]; then N2N_TUN_IF="-d ${N2N_TUN_IF}"; fi |
||
242 | if [[ -n "${N2N_IP}" ]]; then N2N_IP="-a ${N2N_IP}"; fi |
||
243 | if [[ -n "${N2N_NETMASK}" ]]; then N2N_NETMASK="-s ${N2N_NETMASK}"; fi |
||
244 | if [[ -n "${N2N_COMMUNITY}" ]]; then N2N_COMMUNITY="-c ${N2N_COMMUNITY}"; fi |
||
245 | if [[ -n "${N2N_KEY}" ]]; then N2N_KEY="-k ${N2N_KEY}"; fi |
||
246 | if [[ -n "${N2N_UID}" ]]; then N2N_UID="-u ${N2N_UID}"; fi |
||
247 | if [[ -n "${N2N_GID}" ]]; then N2N_GID="-g ${N2N_GID}"; fi |
||
248 | if [[ -n "${N2N_SUPERNODE}" ]]; then N2N_SUPERNODE="-l ${N2N_SUPERNODE}"; fi |
||
249 | if [[ -n "${N2N_PORT}" ]]; then N2N_PORT=":${N2N_PORT}"; fi |
||
250 | |||
251 | if [[ "${2}" == "debug" ]]; then |
||
252 | echo "DEBUG: display values for ${DAEMON} from configfile:" |
||
253 | echo " ${FORWARD} ${N2N_DAEMONISE} ${N2N_TUN_IF} ${N2N_IP} ${N2N_NETMASK} ${N2N_COMMUNITY}" |
||
254 | echo " ${N2N_KEY} ${N2N_UID} ${N2N_GID} ${N2N_SUPERNODE}${N2N_PORT} ${N2N_OPTIONS}" |
||
255 | fi |
||
256 | |||
257 | # Execute the command + switches + values sources from config file... |
||
258 | ${DAEMON} ${FORWARD} ${N2N_DAEMONISE} ${N2N_TUN_IF} ${N2N_IP} ${N2N_NETMASK} ${N2N_COMMUNITY} \ |
||
259 | ${N2N_KEY} ${N2N_UID} ${N2N_GID} ${N2N_SUPERNODE}${N2N_PORT} ${N2N_OPTIONS} |
||
260 | |||
261 | # ==================================================== |
||
262 | echo " NOTICE: Starting:${NAME}" |
||
263 | rm -f ${PIDFILE} |
||
264 | touch ${PIDFILE} |
||
265 | |||
266 | for PID in $(ps ax | grep -w "${GREPNAME}" | grep -v "(restart|stop|start)" | awk '{ print $1 }') |
||
267 | do |
||
268 | echo " Setting PID: ${PID}" |
||
269 | echo ${PID} >> ${PIDFILE} |
||
270 | done |
||
271 | fi |
||
272 | ;; |
||
273 | stop) |
||
274 | # echo " DEBUG: Searching for at least one live process id..." |
||
275 | PID=$(ps ax | grep -w "${GREPNAME}" | grep -v "(restart|stop|start)" | awk '{ print $1 }') |
||
276 | |||
277 | if [[ "${2}" == "debug" ]]; then |
||
278 | echo " ${NAME} ${1} process is ${0} on pid: ${$}) for ${PID}..." |
||
279 | fi |
||
280 | |||
281 | echo "${STAMP} stop /etc/rc.d/init.d/${NAME}" >> ${LOGFILE} |
||
282 | |||
283 | # echo " NOTICE: Kill name:${NAME} pid:${pid} before stopping..." |
||
284 | # kill -9 $(cat /var/run/${NAME}_pid) && rm /var/run/${NAME}_pid |
||
285 | |||
286 | # If a pid value found in file or in process id, then kill it... |
||
287 | if [[ -n "${PID}" ]]; then |
||
288 | echo " Stopping; ${NAME} pid:${PID}..." |
||
289 | # kill -9 $(cat /var/run/${NAME}.pid) && rm /var/run/${NAME}.pid |
||
290 | kill ${PID} |
||
291 | sleep 2s |
||
292 | rm -f ${PIDFILE} |
||
293 | else |
||
294 | # Else assume stale pid... |
||
295 | if [[ "${2}" == "debug" ]]; then |
||
296 | echo " NOTICE: No current active process ${PID}..." |
||
297 | fi |
||
298 | |||
299 | if [[ -f "${PIDFILE}" ]]; then |
||
300 | echo "removing stale pidfile..." |
||
301 | rm -f ${PIDFILE} |
||
302 | fi |
||
303 | fi |
||
304 | |||
305 | # Indiscriminate pid killer... |
||
306 | # for PID in $(ps ax | grep -w ${NAME} | grep -v grep | awk '{ print $1 }') |
||
307 | # do |
||
308 | # echo " Killing currently active ${NAME} pid(s): ${PID}" |
||
309 | # # kill -HUP $PID |
||
310 | # kill ${PID} |
||
311 | # done |
||
312 | |||
313 | if [[ -f /var/lock/subsys/${NAME} ]]; then |
||
314 | echo " Removing stale lock file..." |
||
315 | rm -f /var/lock/subsys/${NAME} |
||
316 | fi |
||
317 | |||
318 | if [[ -f "${PIDFILE}" ]]; then |
||
319 | echo " Removing stale pid file..." |
||
320 | rm -f /var/lock/subsys/${NAME} |
||
321 | fi |
||
322 | ;; |
||
323 | restart) |
||
324 | echo "* Re-start ${NAME}..." |
||
325 | ${0} stop ${2} |
||
326 | |||
327 | # Not a race.... |
||
328 | sleep 4s |
||
329 | |||
330 | ${0} start ${2} |
||
331 | ;; |
||
332 | status) |
||
333 | # status ${NAME} |
||
334 | PID=$(ps ax | grep -w "${GREPNAME}" | grep -v "status" | awk '{ print $1 }') |
||
335 | |||
336 | if [[ "${2}" == "debug" ]]; then |
||
337 | echo " This ${NAME} ${1} init query is ${0} running on pid: ${$})..." |
||
338 | fi |
||
339 | |||
340 | # If at least one active session, look for more... |
||
341 | if [[ -n "${PID}" ]]; then |
||
342 | for PID in $(ps ax | grep -w "${GREPNAME}" | grep -v "status" | awk '{ print $1 }') |
||
343 | do |
||
344 | if [[ -n "${PID}" ]]; then |
||
345 | echo " * Found current active ${GREPNAME} pid(s): ${PID}" |
||
346 | else |
||
347 | echo " * No active session found for ${0}" |
||
348 | fi |
||
349 | done |
||
350 | else |
||
351 | echo " * No active session(s) found for ${0}" |
||
352 | fi |
||
353 | ;; |
||
354 | *) |
||
355 | echo " Usage: ${0} {start|stop|status|restart|any debug}" >&2 |
||
356 | exit 1 |
||
357 | ;; |
||
358 | esac |
||
359 | exit 0 |
||
360 | # === end edged ============================================= |
||
361 | </pre> |
||
362 | |||
363 | make init-script executeable |
||
364 | <pre><code class="bash"> |
||
365 | chmod +x /etc/init.d/edged |
||
366 | </code></pre> |
||
367 | |||
368 | Using CentOS tools to activate the sys.v init scripts: |
||
369 | <pre><code class="bash"> |
||
370 | chkconfig --add edged |
||
371 | chkconfig edged on |
||
372 | </code></pre> |
||
373 | |||
374 | Command line syntax: |
||
375 | <pre><code class="bash"> |
||
376 | service edged [start|stop|restart|any debug] |
||
377 | </code></pre> |
||
378 | For example: |
||
379 | <pre><code class="bash"> |
||
380 | service edged restart |
||
381 | </code></pre> |
||
382 | …OR… |
||
383 | <pre><code class="bash"> |
||
384 | service edged restart debug |
||
385 | </code></pre> |
||
386 | provides some extra clues. |