oracular (8) edge.8.gz

Provided by: n2n_1.3.1~svn3789-7_amd64 bug

NAME

       edge - n2n edge node daemon

SYNOPSIS

       edge  [-d  <tun device>] -a <tun IP address> -c <community> -k <encrypt key> -l <supernode
       host:port> [-p <local port>] [-u <UID>] [-g <GID>] [-f] [-m <MAC address>] [-t] [-r] [-v]

DESCRIPTION

       N2N is a peer-to-peer VPN system. Edge is the edge node daemon for n2n which creates a TAP
       interface  to  expose  the  n2n  virtual LAN. On startup n2n creates the TAP interface and
       configures it then registers with the supernode so it can begin to find other nodes in the
       community.

OPTIONS

       -d <name>
              sets the TAP device name as seen in ifconfig.

       -a <addr>
              sets  the  n2n  virtual LAN IP address being claimed. This is a private IP address.
              All IP addresses in an n2n community should belong to the  same  /24  network  (ie.
              only the last segment of the IP addresses varies).

       -b     cause  edge  to perform hostname resolution for the supernode address each time the
              supernode is periodically contacted.

       -c <community>
              sets the n2n community name. All edges within the same community look to be on  the
              same  LAN  (layer 2 network segment). All edges communicating must use the same key
              and community name.

       -h     write usage to tty then exit.

       -k <keystring>
              sets the twofish encryption key from ASCII text (see also N2N_KEY in  ENVIRONMENT).
              All edges communicating must use the same key and community name.

       -l <addr>:<port>
              sets the n2n supernode IP address and port to register to.

       -p <num>
              binds  edge  to  the  given  UDP  port. Useful for keeping the same external socket
              across restarts of edge.

       -u <uid>
              causes the edge process to drop to the given user ID when privileges are no  longer
              required.

       -g <gid>
              causes the edge process to drop to the given group ID when privileges are no longer
              required.

       -f     causes the edge process to fork and run as a daemon, closing stdin, stdout,  stderr
              and becoming a process group leader.

       -m <MAC>
              start  the  TAP interface with the given MAC address. This is highly recommended as
              it means the same address will be used if edge stops and restarts. If this  is  not
              done,  the  ARP caches of all peers will be wrong and packets will not flow to this
              edge until the next ARP refresh.

       -M <MTU>
              set the MTU of the edge interface in bytes. MTU is the largest packet fragment size
              allowed to be moved throught the interface. The default is 1400.

       -s <netmask>
              set  the  netmask of edge interface in IPv4 dotted decimal notation. The default is
              255.255.255.0 (ie. /24).

       -t     use HTTP tunneling instead of the normal UDP mechanism (experimental).

       -r     enable packet forwarding/routing through the n2n virtual LAN. Without this  option,
              packets arriving over n2n which are not for the -a <addr> IP address are dropped.

       -v     use verbose logging.

ENVIRONMENT

       N2N_KEY
              set the encryption key so it is not visible on the command line

EXAMPLES

       edge  -d  n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:23 -a 192.168.254.7
       -p 50001 -l 123.121.120.119:7654

              Start edge with TAP device n2n0 on community "mynetwork" with  community  supernode
              at  123.121.120.119  UDP port 7654 and bind the locally used UDP port to 50001. Use
              "encryptme" as the shared encryption key. Assign MAC address  DE:AD:BE:EF:01:23  to
              the  n2n  interface  and  drop  to  user=99  and  group=99  after the TAP device is
              successfull configured.

       Add the -f option to make edge run as a daemon.

       Somewhere else setup another edge with similar parameters, eg.

       edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m DE:AD:BE:EF:01:21  -a  192.168.254.5
       -p 50001 -l 123.121.120.119:7654

       Now you can ping from 192.168.254.5 to 192.168.254.7.

       The  MAC  address  (-m  <MAC>) and virtual IP address (-a <addr>) must be different on all
       edges in the same community.

CONFIGURATION

       All configuration for edge is from the command line and environment variables. If you wish
       to reconfigure edge you should kill the process and restart with the desired options.

EXIT STATUS

       edge is a daemon and any exit is an error.

AUTHOR

       Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner

SEE ALSO

       ifconfig(8) supernode(1) tunctl(8)