n2n: a Layer Two Peer-to-Peer VPN - ntop.org


2011-01-17, 02:52 AM
n2n: a Layer Two Peer-to-Peer VPN - ntop.org (http://www.ntop.org/n2n/)

n2n: a Layer Two Peer-to-Peer VPN

n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.

The main n2n design features are:
An n2n is an encrypted layer two private network based on a P2P protocol.
Encryption is performed on edge nodes using open protocols with user-defined encryption keys: you control your security without delegating it to companies as it happens with Skype or Hamachi.
Each n2n user can simultaneously belong to multiple networks (a.k.a. communities).
Ability to cross NAT and firewalls in the reverse traffic direction (i.e. from outside to inside) so that n2n nodes are reachable even if running on a private network. Firewalls no longer are an obstacle to direct communications at IP level.
n2n networks are not meant to be self-contained, but it is possible to route traffic across n2n and non-n2n networks.

雖然小弟尚未玩過n2n, 不過小弟猜測技術問題可能和採用其他VPN 所會遭遇到的問題相同, 由於有愈來愈多的NAT 類型屬於Symmetric NAT, 所以穿越Firewall/NAT 最終可能還是得透過Supernode (Proxy), 如此一來效能就會大打折扣, 此外在哪裡設置Supernode 也是一個棘手的問題

LogMeIn Hamachi Free (http://hamachi.cc/)
DIY SSL Vpn Server - PCZONE 討論區 (http://www.pczone.com.tw/thread/16/152301/)