The problem of header encryption option -H

[ygwlgGiao]

Here my test setps.

1. supernode

root@supernode:~# cat /etc/n2n/supernode.conf -p=10443 -c=community.list

root@supernode:~# cat /etc/n2n/community.list mynetwork

root@supernode:~# ps -ef | grep n2n n2n 110491 1 0 03:04 ? 00:00:00 /usr/sbin/supernode /etc/n2n/supernode.conf -f

2. edge

root@edge:/etc/n2n# edge -l 215.99.225.218:10443 -k mypassword -c mynetwork -vvvvv -S2 31/May/2024 03:34:02 [edge_utils.c:3774] adding supernode = 215.99.225.218:10443 31/May/2024 03:34:02 [edge.c:1045] WARNING: switching to AES as key was provided 31/May/2024 03:34:02 [edge.c:1085] starting n2n edge 3.0.0 Oct 27 2021 19:04:52 31/May/2024 03:34:02 [edge.c:1091] using compression: none. 31/May/2024 03:34:02 [edge.c:1092] using AES cipher. 31/May/2024 03:34:02 [edge_utils.c:392] number of supernodes in the list: 1 31/May/2024 03:34:02 [edge_utils.c:394] supernode 0 => 215.99.225.218:10443 31/May/2024 03:34:02 [transform_aes.c:210] setup_aes_key 128-bit key setup completed 31/May/2024 03:34:02 [edge_utils.c:483] successfully created resolver thread 31/May/2024 03:34:02 [edge.c:1122] automatically assign IP address by supernode 31/May/2024 03:34:02 [edge.c:1134] skip PING to supernode 31/May/2024 03:34:02 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:34:02 [edge_utils.c:1262] send REGISTER_SUPER to [215.99.225.218:10443] 31/May/2024 03:34:02 [edge_utils.c:1040] sent=2 to 31/May/2024 03:34:02 [edge_utils.c:1040] sent=79 to 31/May/2024 03:34:02 [edge.c:1194] send REGISTER_SUPER to supernode [215.99.225.218:10443] asking for IP address 31/May/2024 03:34:02 [edge_utils.c:2419] Rx N2N_UDP of size 58 from [215.99.225.218:10443] 31/May/2024 03:34:02 [edge_utils.c:2671] Rx REGISTER_SUPER_ACK from 52:72:AE:4E:6F:96 [215.99.225.218:10443] (external 218.55.94.194:42923) with 1 attempts left 31/May/2024 03:34:02 [edge.c:1205] received REGISTER_SUPER_ACK from supernode for IP address asignment 31/May/2024 03:34:02 [tuntap_linux.c:203] Waiting for TAP interface to be up and running... 31/May/2024 03:34:02 [tuntap_linux.c:224] Interface is up and running 31/May/2024 03:34:02 [edge.c:1231] created local tap device IP: 10.164.148.127, Mask: 255.255.255.0, MAC: 4A:E1:C8:8F:A5:11

It does works!

3. supernode

root@supernode:~# nc -u 127.0.0.1 5645

| TAP | MAC | EDGE | HINT | LAST SEEN

======================================================================================================== FEDERATION '-/-'

COMMUNITY 'mynetwork' 1 | 10.164.148.127/24 | F2:6F:95:CE:1B:08 | 218.55.94.194:45505 TCP | edge | 24

uptime 1930 | edges 1 | reg_sup 118 | reg_nak 0 | errors 0 fwd 0 | broadcast 14 | cur_cmnts 2 last_fwd 24 sec ago | last reg 24 sec ago

4.edge

First, kill the n2n

root@edge:/etc/n2n# edge -l 215.99.225.218:10443 -k mypassword -H -c mynetwork -vvvvv -S2 31/May/2024 03:38:58 [edge_utils.c:3774] adding supernode = 215.99.225.218:10443 31/May/2024 03:38:58 [edge.c:1045] WARNING: switching to AES as key was provided 31/May/2024 03:38:58 [edge.c:1085] starting n2n edge 3.0.0 Oct 27 2021 19:04:52 31/May/2024 03:38:58 [edge.c:1091] using compression: none. 31/May/2024 03:38:58 [edge.c:1092] using AES cipher. 31/May/2024 03:38:58 [edge_utils.c:392] number of supernodes in the list: 1 31/May/2024 03:38:58 [edge_utils.c:394] supernode 0 => 215.99.225.218:10443 31/May/2024 03:38:58 [transform_aes.c:210] setup_aes_key 128-bit key setup completed 31/May/2024 03:38:58 [edge_utils.c:427] Header encryption is enabled. 31/May/2024 03:38:58 [edge_utils.c:483] successfully created resolver thread 31/May/2024 03:38:58 [edge.c:1122] automatically assign IP address by supernode 31/May/2024 03:38:58 [edge.c:1134] skip PING to supernode 31/May/2024 03:38:58 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:38:58 [edge_utils.c:1262] send REGISTER_SUPER to [215.99.225.218:10443] 31/May/2024 03:38:58 [edge_utils.c:1040] sent=2 to 31/May/2024 03:38:58 [edge_utils.c:1040] sent=79 to 31/May/2024 03:38:58 [edge.c:1194] send REGISTER_SUPER to supernode [215.99.225.218:10443] asking for IP address 31/May/2024 03:39:01 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:39:01 [edge.c:1217] REGISTER_SUPER_ACK timeout 31/May/2024 03:39:01 [edge_utils.c:1262] send REGISTER_SUPER to [215.99.225.218:10443] 31/May/2024 03:39:01 [edge_utils.c:1040] sent=2 to 31/May/2024 03:39:01 [edge_utils.c:1040] sent=79 to 31/May/2024 03:39:01 [edge.c:1194] send REGISTER_SUPER to supernode [215.99.225.218:10443] asking for IP address 31/May/2024 03:39:03 [n2n.c:288] supernode2sock successfully resolves supernode IPv4 address for 215.99.225.218 31/May/2024 03:39:04 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:39:04 [edge.c:1217] REGISTER_SUPER_ACK timeout 31/May/2024 03:39:04 [edge_utils.c:1262] send REGISTER_SUPER to [215.99.225.218:10443] 31/May/2024 03:39:04 [edge_utils.c:1040] sent=2 to 31/May/2024 03:39:04 [edge_utils.c:1040] sent=79 to 31/May/2024 03:39:04 [edge.c:1194] send REGISTER_SUPER to supernode [215.99.225.218:10443] asking for IP address 31/May/2024 03:39:07 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:39:07 [edge.c:1217] REGISTER_SUPER_ACK timeout 31/May/2024 03:39:07 [edge_utils.c:1262] send REGISTER_SUPER to [215.99.225.218:10443] 31/May/2024 03:39:07 [edge_utils.c:1040] sent=2 to 31/May/2024 03:39:07 [edge_utils.c:1040] sent=79 to 31/May/2024 03:39:07 [edge.c:1194] send REGISTER_SUPER to supernode [215.99.225.218:10443] asking for IP address

After adding the para '-H', It doesn't works!

5. try to solve the problem After reading the post https://github.com/ntop/n2n/issues/1002

① version comparison

root@supernode:~# supernode -h Welcome to n2n v.3.0.0.r1038.d2683f2 for Debian bullseye/sid Built on Oct 27 2021 19:05:08 Copyright 2007-2021 - ntop.org and contributors

root@edge:/etc/n2n# edge -h Welcome to n2n v.3.0.0.r1038.d2683f2 for Debian bullseye/sid Built on Oct 27 2021 19:05:08 Copyright 2007-2021 - ntop.org and contributors

② restart the supernode it doesn't wokrs.

③ run the edge on the supernode machine

root@supernode:~# edge -l 127.0.0.1:10443 -k mypassword -H -c mynetwork -vvvvv -S2 31/May/2024 03:46:24 [edge_utils.c:3774] adding supernode = 127.0.0.1:10443 31/May/2024 03:46:24 [edge.c:1045] WARNING: switching to AES as key was provided 31/May/2024 03:46:24 [edge.c:1085] starting n2n edge 3.0.0 Oct 27 2021 19:04:52 31/May/2024 03:46:24 [edge.c:1091] using compression: none. 31/May/2024 03:46:24 [edge.c:1092] using AES cipher. 31/May/2024 03:46:24 [edge_utils.c:392] number of supernodes in the list: 1 31/May/2024 03:46:24 [edge_utils.c:394] supernode 0 => 127.0.0.1:10443 31/May/2024 03:46:24 [transform_aes.c:210] setup_aes_key 128-bit key setup completed 31/May/2024 03:46:24 [edge_utils.c:427] Header encryption is enabled. 31/May/2024 03:46:24 [edge_utils.c:483] successfully created resolver thread 31/May/2024 03:46:24 [edge.c:1122] automatically assign IP address by supernode 31/May/2024 03:46:24 [edge.c:1134] skip PING to supernode 31/May/2024 03:46:24 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:46:24 [edge_utils.c:1262] send REGISTER_SUPER to [127.0.0.1:10443] 31/May/2024 03:46:24 [edge_utils.c:1040] sent=2 to 31/May/2024 03:46:24 [edge_utils.c:1040] sent=79 to 31/May/2024 03:46:24 [edge.c:1194] send REGISTER_SUPER to supernode [127.0.0.1:10443] asking for IP address 31/May/2024 03:46:27 [edge_utils.c:312] PMTU discovery disabled 31/May/2024 03:46:27 [edge.c:1217] REGISTER_SUPER_ACK timeout 31/May/2024 03:46:27 [edge_utils.c:1262] send REGISTER_SUPER to [127.0.0.1:10443] 31/May/2024 03:46:27 [edge_utils.c:1040] sent=2 to 31/May/2024 03:46:27 [edge_utils.c:1040] sent=79 to 31/May/2024 03:46:27 [edge.c:1194] send REGISTER_SUPER to supernode [127.0.0.1:10443] asking for IP address

nothing changes.