Is there a guide to use header encryption option

ntop / n2n

Peer-to-peer VPN

GNU General Public License v3.0

6.18k stars 930 forks source link

Is there a guide to use header encryption option #1002

Closed muziling closed 2 years ago

muziling commented 2 years ago

server run command:

supernode -p 10086 -v -f -c /root/c.list

c.list content:

n2n

client run command:

edge -c n2n -l 192.168.1.10:10086 -k testpwd -H

can not obtain ip from server, stuck at:

24/May/2022 16:07:01 [edge.c:1222] send REGISTER_SUPER to supernode [192.168.1.10:10086] asking for IP address

Logan007 commented 2 years ago

You will find information and details in the project's doc/ folder.

The command lines look good to me. You can use -vvvvvto generate more verbose output (at edge as well as on supernode).

Commonly known pitfalls with header encryption are that

supernode and edge side need to be of same version,
no previously unencrypted connection attempt (without -H) may have been tried (because supernode determines header encryption per community on first connection attempt and sticks with this unencrypted/encrypted decision, restart supernode helps it), and
clocks of the systems need to be in sync (+/- 8 secondes allowed max.)

Does it work without header encryption?

If the issue persists, please try (just for the test) to use local edge and supernode (-l 127.0.0.1:10086) and see if they can connect.

ywnsya commented 2 years ago

I tested it and I found that：

Supernode| Edge version: n2n v.3.1.1-16 I have already added -c to my supernode and change the system clock. However, -H still can not be used ,It will show “supernode not responding, now trying” and i added -v in edge , it tells me "DROP packet before first registration with supernode"

Then i suddenly released what will happen when i use -H without Federation? I edited the supernode.config in the supernode and turn off all the Federation

Then My edge connected to the Supernode successfully!

SO is this a problem that I can not use header encryption in federation?

Logan007 commented 2 years ago

Interesting observation, I will check!

I remember that we did extensive testing with federated supernodes when using user authentication -I and -J, which basically is "Header Encryption Level 2", but never saw this.

DROP packet before first registration with supernode is just means that it waits for proper registration before allowing data packets, it could be related to auto IP addressing as well. Do you use -a ...?

ywnsya commented 2 years ago

Interesting observation, I will check!

I remember that we did extensive testing with federated supernodes when using user authentication and , which basically is "Header Encryption Level 2", but never saw this.-I``-J

DROP packet before first registration with supernode is just means that it waits for proper registration before allowing data packets, it could be related to auto IP addressing as well. Do you use ?-a ...

Of cause， i used -a to assign an IP address in both times/tests (which is my habit :) )

My test is very amateurish and not rigorous. Thank you very much for your time to check this problem~

Logan007 commented 2 years ago

What exactly did you change to make it work? You only removed the -F but left the -l <other supernode>, right?

ywnsya commented 2 years ago

What exactly did you change to make it work? You only removed the -F but left the -l <other supernode>, right?

In fact, I removed ALL the "-l" and the "-F" as well