Provided by: n2n_1.3.1~svn3789-7_amd64 
NAME
edge - n2n edge node daemon
SYNOPSIS
edge [-d <tun device>] -a <tun IP address> -c <community> -k <encrypt key> -l <supernode host:port> [-p
<local port>] [-u <UID>] [-g <GID>] [-f] [-m <MAC address>] [-t] [-r] [-v]
DESCRIPTION
N2N is a peer-to-peer VPN system. Edge is the edge node daemon for n2n which creates a TAP interface to
expose the n2n virtual LAN. On startup n2n creates the TAP interface and configures it then registers
with the supernode so it can begin to find other nodes in the community.
OPTIONS
-d <name>
sets the TAP device name as seen in ifconfig.
-a <addr>
sets the n2n virtual LAN IP address being claimed. This is a private IP address. All IP addresses
in an n2n community should belong to the same /24 network (ie. only the last segment of the IP
addresses varies).
-b cause edge to perform hostname resolution for the supernode address each time the supernode is
periodically contacted.
-c <community>
sets the n2n community name. All edges within the same community look to be on the same LAN (layer
2 network segment). All edges communicating must use the same key and community name.
-h write usage to tty then exit.
-k <keystring>
sets the twofish encryption key from ASCII text (see also N2N_KEY in ENVIRONMENT). All edges
communicating must use the same key and community name.
-l <addr>:<port>
sets the n2n supernode IP address and port to register to.
-p <num>
binds edge to the given UDP port. Useful for keeping the same external socket across restarts of
edge.
-u <uid>
causes the edge process to drop to the given user ID when privileges are no longer required.
-g <gid>
causes the edge process to drop to the given group ID when privileges are no longer required.
-f causes the edge process to fork and run as a daemon, closing stdin, stdout, stderr and becoming a
process group leader.
-m <MAC>
start the TAP interface with the given MAC address. This is highly recommended as it means the
same address will be used if edge stops and restarts. If this is not done, the ARP caches of all
peers will be wrong and packets will not flow to this edge until the next ARP refresh.
-M <MTU>
set the MTU of the edge interface in bytes. MTU is the largest packet fragment size allowed to be
moved throught the interface. The default is 1400.
-s <netmask>
set the netmask of edge interface in IPv4 dotted decimal notation. The default is 255.255.255.0
(ie. /24).
-t use HTTP tunneling instead of the normal UDP mechanism (experimental).
-r enable packet forwarding/routing through the n2n virtual LAN. Without this option, packets
arriving over n2n which are not for the -a <addr> IP address are dropped.
-v use verbose logging.
ENVIRONMENT
N2N_KEY
set the encryption key so it is not visible on the command line
EXAMPLES
edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:23 -a 192.168.254.7 -p 50001 -l
123.121.120.119:7654
Start edge with TAP device n2n0 on community "mynetwork" with community supernode at
123.121.120.119 UDP port 7654 and bind the locally used UDP port to 50001. Use "encryptme" as the
shared encryption key. Assign MAC address DE:AD:BE:EF:01:23 to the n2n interface and drop to
user=99 and group=99 after the TAP device is successfull configured.
Add the -f option to make edge run as a daemon.
Somewhere else setup another edge with similar parameters, eg.
edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:21 -a 192.168.254.5 -p 50001 -l
123.121.120.119:7654
Now you can ping from 192.168.254.5 to 192.168.254.7.
The MAC address (-m <MAC>) and virtual IP address (-a <addr>) must be different on all edges in the same
community.
CONFIGURATION
All configuration for edge is from the command line and environment variables. If you wish to reconfigure
edge you should kill the process and restart with the desired options.
EXIT STATUS
edge is a daemon and any exit is an error.
AUTHOR
Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
SEE ALSO
ifconfig(8) supernode(1) tunctl(8)