VPN with firewall / NAT
NAT ( Network Address Translation ) has a lot of advantages, but it is also not without drawbacks, for example, the need to configure port forwarding in case we want to have access to a server that is behind a NAT router. There are several ways to get through NAT ( NAT traversal ). In this article I will try to consider one of them, which is based on UDP hole punching (literally - breaking a hole with UDP, I apologize for a bunch of terms in English, but I just don’t know how to play them in Russian).
Many have met or worked with services like Hamachi , Skype or TeamViewer . Their work is just based on the hole punching algorithm using UDP packets.
The principle of UDP hole punching is quite simple and, for example, how Hamachi works:
PC A and Notebook B are two computers, each located on a private network (private network), Hamachi service server available at a public IP address.
This technique is based on the fact that a UDP packet contains only an IP address and port, unlike a TCP packet.
N2N is a virtual private network ( VPN ) with the ability to pass through firewall / NAT with a secure connection. The N2N architecture is based on two components:
')
Remote nodes communicate with each other through virtual network interfaces (tap interfaces). Each computer can belong to multiple virtual networks (one virtual network interface per virtual private network).
For OS X you need to install a tap device, I put this here - TUNTAP .
Building n2n under Windows is also pretty easy, the project file is in the source code, but 1) the project paths are not correct, you will need to copy the files to a subdirectory and 2) the version.c file is missing, you can simply create an empty one and paste there:
UDP hole punching
Many have met or worked with services like Hamachi , Skype or TeamViewer . Their work is just based on the hole punching algorithm using UDP packets.
The principle of UDP hole punching is quite simple and, for example, how Hamachi works:
PC A and Notebook B are two computers, each located on a private network (private network), Hamachi service server available at a public IP address.
- A and B establish a UDP connection to the Hamachi server, routers assign external ports to each connection and create a “tunnel” (hole) in the router.
- Hamachi server reports A and B public IP addresses and ports of each other
- A and B, using the information received from the server, establish a connection with each other
This technique is based on the fact that a UDP packet contains only an IP address and port, unlike a TCP packet.
N2N
N2N is a virtual private network ( VPN ) with the ability to pass through firewall / NAT with a secure connection. The N2N architecture is based on two components:
- edge node: an application installed on the user's computer that allows you to build a virtual private network. Each node creates a virtual network card, which is used to create a network.
- supernode: a server with a public IP address that is used to establish a connection between remote nodes, and is also used as a packet router between nodes that cannot communicate directly.
')
Remote nodes communicate with each other through virtual network interfaces (tap interfaces). Each computer can belong to multiple virtual networks (one virtual network interface per virtual private network).
Installation and use of N2N
- Download n2n:
svn co svn.ntop.org/svn/ntop/trunk/n2n - Assemble:
make - Launch a super node on a computer with public IP, or behind NAT, but where it is possible to configure port forwarding:
supernode$ supernode -l xyw
where xyw is the port on which the supervisor is waiting for a connection - Run two nodes on different computers behind NAT:
node-1$ edge -a 10.1.2.1 -c mynetwork -k encryptme -l abcd:xywnode-2$ edge -a 10.1.2.2 -c mynetwork -k encryptme -l abcd:xyw
where mynetwork is the name of the VPN, encryptme is the password for accessing the VPN, abcd: xyw is the public IP address and port of the super node - Check how VPN works:
node-1$ ping 10.1.2.2andnode-2$ ping 10.1.2.2
Little things
For OS X you need to install a tap device, I put this here - TUNTAP .
Building n2n under Windows is also pretty easy, the project file is in the source code, but 1) the project paths are not correct, you will need to copy the files to a subdirectory and 2) the version.c file is missing, you can simply create an empty one and paste there:
char *version = "2.03";
char *osName = "Windows";
char *buildDate = "today";
Source: https://habr.com/ru/post/56690/
All Articles