supernode − n2n supernode daemon
supernode
<config file>
supernode [OPTION]...
N2N is a peer-to-peer VPN system. Supernode is a node introduction registry, broadcast conduit and packet relay node for the n2n system. On startup supernode begins listening on the specified UDP port for node registrations, and other packets to route. The supernode can service any number of communities and routes packets only between members of the same community. The supernode does not hold the community encryption key and so cannot snoop or inject packets into the community.
Supernode can service a number of n2n communities concurrently. Traffic does not cross between communities.
All logging goes to stdout.
The config file is similar to the command line, with one option per line. Lines starting with a "#" are ignored. An equal sign (’=’) should be used between key and value. Example: -p=7777
−p <local_port>, −−local-port=<local_port>
listen on this fixed local UDP port, defaults to 7654
−F <fed_name>
name of the supernode’s federation, defaults to ’*Federation’ (see also N2N_FEDERATION in ENVIRONMENT)
−l <host:port>
ip address or name, and port of known supernode
−m <mac_address>
fixed MAC address for the
supernode, e.g.
’-m 10:20:30:40:50:60’, random otherwise
−M |
disable MAC and IP address spoofing protection for all non-username-password-authenticating communities |
−V <version_string>
modify the supernode version string which is distributed to the edges and shown at their management port output, up to 19 characters
−c <path>, −−communities=<path>
file containing the allowed communities and any User / Password based authentication details (See ALLOWED COMMUNITIES FILE section)
−a <net-net/n>, −−autoip=<net-net/n>
subnet range for auto ip
address service,
e.g. ’-a 192.168.0.0-192.168.255.0/24’,
defaults to ’10.128.255.0-10.255.255.0/24’
−f, −−foreground
disable daemon mode (UNIX) and run in foreground.
−t <port>, −−mgmt-port=<port>
management UDP port, for multiple supernodes on a machine, defaults to 5645
−−management-password <password>
sets the password for access to JSON API at the management port, defaults to ’n2n’. The password has to be provided for relevant access to JSON API at the management port.
−v, −−verbose
use verbose logging
−u <UID>
numeric user ID to use when privileges are dropped
−g <GID>
numeric group ID to use when privileges are dropped
-h |
shows a quick reference including all available options |
|||
−−help |
shows detailed parameter description |
This file is a plain text file. Comments are introduced with a hash at the beginning of the line. A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community. Allowed communities can be specified with a regular expression.
Example community file:
# List of
allowed communities
mynetwork
netleo
* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC
More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package.
N2N_FEDERATION
set the federation name so it is not visible at the command line
supernode -p 7654 -v
Start supernode listening on UDP port 7654 with verbose output.
echo | nc -w1 -u 127.0.0.1 5645
Shows the management status of a running supernode.
When supernode restarts it loses all registration information from associated edge nodes. It can take up to five minutes for the edge nodes to re-register and normal traffic flow to resume.
supernode is a daemon and any exit is an error
Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
ifconfig(8)
edge(8)
the documentation contained in the source code
the extensive documentation found in n2n’s doc/
folder