VPN
虛擬私人網路(英語:virtual private network,縮寫:VPN)將專用網路延伸到公共網路上,使使用者能夠在共享或公共網路上傳送和接收資料,就像他們的計算裝置直接連接到專用網路上一樣。VPN的好處包括增加專用網路的功能、安全性和管理,它提供了對公共網路上無法存取的資源存取通常用於遠端辦公人員。加密很常見但不是VPN連接的原生部分。
VPN是通過使用專用線路或在現有網路上使用隧道協定建立一個虛擬的對等連接而形成的。可從公共 Internet 獲得的 VPN可以提供廣域網路 (WAN) 的一些好處。 從使用者的角度來看,可以遠端存取專用網路中可用的資源。
n2n VPN
Introduction
n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.
In order to start using n2n, two elements are required:
- A supernode: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.
- edge nodes: the nodes which will be a part of the virtual networks
A virtual network shared between multiple edge nodes in n2n is called a community. A single supernode can relay multiple communities and a single computer can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.
n2n tries to establish a direct peer-to-peer connection via udp between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.
Installation
Download: https://github.com/ntop/n2n
Ubuntu/Debian
sudo dpkg -i n2n_3.0.0-1038_amd64.deb
sudo apt install -f
Usage
One-liner command in foreground.
# On Linux, change the community, encrypt key and tun IP to your own
# edge -c <community> -k <encrypt key> -a <tun IP address> -l <supernode host:port> -f
sudo edge -c my-community -k my-secret -a 10.9.9.10 -l n2n.lucktu.com:10090 -f
Run as service in background.
# Generate the config file
sudo cp /etc/n2n/edge.conf.sample /etc/n2n/edge.conf
# Start the edge
sudo systemctl start edge
sudo systemctl enable edge
Supernode
sudo supernode -p 10090
相關連結
- https://github.com/ntop/n2n
- n2n for Windows
- n2n GUI for Win
- OpenVPN Download
- Public Supernodes
- ZeroTier - P2P VPN Service
- FRP - Fast Reverse Proxy
- [Video] 【司波图】FRP内网穿透教程,看得完你就会了
FreeLAN
Introduction
Freelan is a free, open-source, multi-platform, peer-to-peer VPN software that abstracts a LAN over the Internet. It works on Windows, Linux and Mac OSX.
Whether you want to connect the computers of your family, play an old LAN-only game with your friends, or give a privileged access to your private network to your collaborators, freelan will do the job perfectly.
FreeLAN is free all-around VPN open-source software for Windows, Linux, and macOS that can be used to create three types of VPN:
- Client-server
- Peer-to-peer
- Hybrid that includes the two types mentioned above.
Installation
Download: https://www.freelan.org/download.html
Ubuntu/Debian
sudo apt update
sudo apt install freelan
Windows
Usage
One-liner command in foreground.
# On PC#1, which is correctly configured to allow access to the 12000/UDP from the internet.
# By default, the listen port is 12000/UDP and the tun_tap.ip_address is 9.0.0.1
freelan --security.passphrase "my_secret"
# On PC#2
freelan --security.passphrase "my_secret" --tap_adapter.ipv4_address_prefix_length 9.0.0.2/24 --fscp.contact <IP-to-PC1>:12000
Outline
簡介
Outline 讓所有使用者都能執行自己專屬的 VPN,以更安全的方式存取無審查的開放網路。透過 Outline 執行專屬 VPN 伺服器不但使存取網路變得更安全,網路連線也較不容易遭人蓄意封鎖。
相關連結
- https://getoutline.org/zh-TW
- https://github.com/Jigsaw-Code
- 使用OUTLINE
- Outline VPN:輕鬆建立 VPN 的好選擇
- https://outline.community/
For ARM CPU
WireGuard
Tutorials
Installation
Algo VPN
- Algo VPN is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN.
NetBird
- NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single open-source platform
- [Video] Netbird - an Open Source, Self Hosted Wireguard based VPN system. Server GUI and client setup ease
Tinc
Tinc is free and open-source VPN software that can be used to create mesh VPN networks. It is a small and powerful peer-to-peer VPN daemon that can be installed on multiple platforms. Tinc uses encryptions and tunneling for creating a secure private network between multiple hosts.
Requirement:
- 每個 node 需要設定 Public IP
Tutorials
Cloudflare Tunnel
Cloudflare Tunnel 是一款內網穿透的隧道軟體,也是 Argo Tunnel 前身分出來做為免費版使用,它可以快速建立安全地加密到任何服務的流量,可以保護您的伺務器免受直接攻擊,就像本身伺服器跟 Cloudflare 最近的資料中心之間,建立一條 Tunnel 私有通道,所以在 Router 防火牆不需開任何對外 Port 埠,避免資訊洩露。
不需要在 Firewall 上的外部網路開啟任何 port,外部電腦也能直接存取 NAT 內部伺服器。
- Cloudflare Tunnel
- Cloudflare Docs: Cloudflare Tunnel
- 免費 Cloudflare Tunnel 取代伺服器對外服務裸奔
- [Video] You Need to Learn This! Cloudflare Tunnel Easy Tutorial
Twingate - 5 users for free
- Docs: Twingate
- [Video] the END of VPNs?
ngrok
ngrok - put localhost on the internet
應用場景:
- 安全的連線至客戶的網路環境
- 連線至 dev/test 環境,例如測試整合 webhook、與團隊一起預覽開發網站、測試驗證手機後端程式
Pyngrok
ngrok SDK for Python
- pyngrok - a Python wrapper for ngrok — pyngrok 7.1.6 documentation
- GitHub: https://github.com/alexdlaird/pyngrok
URLs
- ngrok | Unified Application Delivery Platform for Developers
- 使用 ngrok 服務讓人連線到你的 localhost 伺服器 - MyApollo
類似的服務
Chisel
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.