N2NC

Nat to Nat Connector Documentation

The n2nc project aims to connects 2 host behind differents nats gateway together using standard streams or vdeplug library. the architecture is server-client on which the client works in 2 modes: active and passive, the active client want to connect to the passive endpoint and the passive client expects a connection request by active client. Each client(passive and active) first registers itself to the server by sending a couple of data: the ID of the client (that simply is a substring of md5sum of the own rsa public key) and a port number on which the client binds a socket for transport comunication.

Once both clients are registered, the active client send a message to the passive client trough the server which act a message bouncer, this message tell the wish of connect; the passive peer receives the message and then ask the server which service port has registered the active client. At this point each client sends to the other garbage UDP datagram asincroniously, this way each NAT gateway binds a mapping so that the connection can forward in both senses from/to each client. this method is called UDP Hole Punching. when each client sees the datagram arrives, the active client generates a key of 128 bit lenght to identify the session and send it to their other party in a secured rsa message. the ability of sending secured message are guaranted by the RSA cipher family where each client ID associates a unique rsa public key. secured message are encrypted using the public key of the other party.

The n2nc has the so called filter module extension, which work in this way: the service data(datagrams) is processed in a chain of filters that one a time does datagram inspection end/or edit, at this time i write this document, are implemented 4 filters: dummy filter that does nothing, LZO filter that act as LZO link compression, BZ2 link compressor, and the last, BlowFish filter cipher module which uses the previously geretated and shared session key.

Dependecies

libssl-dev

libbz2-dev

Downloading with svn

svn co https://n2nc.svn.sourceforge.net/svnroot/n2nc n2nc

Compile it

./configure

make

Test it

• on each side creates a file in ~/.n2nc/loadfilters and put the filename of filter you want to load eg

libbz2filter

libbffilter

• on the server host: ./server

the listen port will defaulted to 5555

• on the active and passive client

Generate a rsa key pair with the script "n2nc_newrsa.sh", both public and private keys will be generated to keyring directory(~/.n2nc/keyring), the created keys should have a filename starting with a 4 digit hexadecimal number, this is the own peer's ID. Now share the public key between the 2 clients.

• on the active client

 ./n2nc -saddr mercedes.cs.unibo.it -bindip 192.168.1.4 -myid 0x0ad9 -otherid 0x245e -filterdir filters/.libs/

• • -saddr is the server hostname or ip
  • -bindip is the IP to bind for udp service comunication (should be the address for which there is the default gateway)
  • -myid is my ID (first 4 digit of my rsa publick key's filename)
  • -otherid the ID of the other party
  • -filterdir is the direcrory where plugins modules are located

• on the passive client

 ./n2nc -p -saddr mercedes.cs.unibo.it -bindip 192.168.0.55 -myid 0x245e -filterdir filters/.libs/

VDE PLUG Mode

• just add -vdesock /path/to/vde_switch/sock/dir on both passive and active client. eg

 ./n2nc -p -saddr mercedes.cs.unibo.it -bindip 192.168.0.55 -myid 0x245e -filterdir filters/.libs/ -vdesock /tmp/vde.ctl/
 ./n2nc -saddr mercedes.cs.unibo.it -bindip 192.168.1.4 -myid 0x0ad9 -otherid 0x245e -filterdir filters/.libs/ -vdesock /tmp/vde.ctl/

Fabsoft 19:47, 26 June 2008 (CEST)