Thursday, December 19, 2013

n2n: Simple VPN on Debian Wheezy

If you are looking for a way to connect two or more computers over the internet, there are tons of articles available on how to do this with OpenVPN. However, if you are looking for a way to achieve this with something other than OpenVPN, then you might want to try to use n2n

According to its website (http://www.ntop.org/products/n2n/), n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. An n2n VPN network consists of two (2) components.
  1. Edge nodes: the computers which you want to connect over the internet.
  2. A supernode: a computer which helps to connect edge nodes, especially if the edge nodes are connected to the internet behind NAT. This can be your own computer or someone else's computer (public supernode).
n2n VPN Network (taken from official n2n website)

For example, we want to connect these two computers.
  1. Alice's computer: located on Alice's home and connected to the internet behind a NAT.
  2. Bob's computer: located on Bob's home and also connected to the internet behind a NAT.
Both Alice and Bob have Debian Wheezy running on their computers and they have a typical home internet connection with no static IP.

The n2n VPN network we are going to build is as the following.
  1. The community name is casper and the N2N_KEY is bS3MU9quxD.
  2. The VPN IP assignments are:
    1. Alice's computer: 10.10.10.10
    2. Bob's computer: 10.10.10.11
  3. We are going to use public supernode provided by remoteqth.com (78.111.124.210:82).
The community name, N2N_KEY, and VPN IP assignments are arbitrary. You can set them to whatever which works for you.

Here is what needs to be done.
  1. Install n2n on both computers: run # apt-get install n2n
  2. Run n2n edge on each computer:
    1. On Alice's computer: run # N2N_KEY=bS3MU9quxD edge -d n2n0 -a 10.10.10.10 -c casper -u $(id -u nobody) -g $(id -g nobody) -f -l 78.111.124.210:82 -b
    2. On Bob's computer: run # N2N_KEY=bS3MU9quxD edge -d n2n0 -a 10.10.10.11 -c casper -u $(id -u nobody) -g $(id -g nobody) -f -l 78.111.124.210:82 -b
  3. Test the VPN connection:
    1. On Alice's computer: run $ ping 10.10.10.11
    2. On Bob's computer: run $ ping 10.10.10.10
  4. Done.
You can use the the above VPN connection for almost anything. Additionally, if you have avahi-daemon set up on both computers, you can access each computer by using its .local hostname e.g. alice.local or bob.local.