VPN

• n2n VPN
• FreeLAN
• Outline
• WireGuard
• Cloudflare Tunnel
• ngrok
• More VPN Solutions
• Tailscale

n2n VPN

Introduction

n2n 已經停止維護多年，請改用 EasyTier，或其他方案。

n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.

In order to start using n2n, two elements are required:

• A supernode: it allows edge nodes to announce and discover other nodes. It must have a port publicly accessible on internet.
• edge nodes: the nodes which will be a part of the virtual networks

A virtual network shared between multiple edge nodes in n2n is called a community. A single supernode can relay multiple communities and a single computer can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.

n2n tries to establish a direct peer-to-peer connection via udp between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.

Installation

Download: https://github.com/ntop/n2n

Ubuntu/Debian

sudo dpkg -i n2n_3.0.0-1038_amd64.deb
sudo apt install -f

Usage

One-liner command in foreground.

# On Linux, change the community, encrypt key and tun IP to your own
# edge -c <community> -k <encrypt key> -a <tun IP address> -l <supernode host:port> -f
sudo edge -c my-community -k my-secret -a 10.9.9.10 -l n2n.lucktu.com:10090 -f

Run as service in background.

# Generate the config file
sudo cp /etc/n2n/edge.conf.sample /etc/n2n/edge.conf

# Start the edge
sudo systemctl start edge
sudo systemctl enable edge

Supernode

sudo supernode -p 10090

相關連結

• https://github.com/ntop/n2n 
• n2n for Windows
• n2n GUI for Win
• OpenVPN Download
• Public Supernodes
• ZeroTier - P2P VPN Service
• FRP - Fast Reverse Proxy
  • [Video] 【司波图】FRP内网穿透教程，看得完你就会了

FreeLAN

Introduction

Freelan is a free, open-source, multi-platform, peer-to-peer VPN software that abstracts a LAN over the Internet. It works on Windows, Linux and Mac OSX.

Whether you want to connect the computers of your family, play an old LAN-only game with your friends, or give a privileged access to your private network to your collaborators, freelan will do the job perfectly.

FreeLAN is free all-around VPN open-source software for Windows, Linux, and macOS that can be used to create three types of VPN:

• Client-server
• Peer-to-peer
• Hybrid that includes the two types mentioned above.

Installation

Download: https://www.freelan.org/download.html

Ubuntu/Debian

sudo apt update
sudo apt install freelan

Windows

1. 下載 Visual C++。
2. 下載 freelan-2.2.0-amd64-install.exe。

Usage

One-liner command in foreground.

# On PC#1, which is correctly configured to allow access to the 12000/UDP from the internet.
# By default, the listen port is 12000/UDP and the tun_tap.ip_address is 9.0.0.1
freelan --security.passphrase "my_secret"

# On PC#2
freelan --security.passphrase "my_secret" --tap_adapter.ipv4_address_prefix_length 9.0.0.2/24 --fscp.contact <IP-to-PC1>:12000

Outline

簡介

Outline 讓所有使用者都能執行自己專屬的 VPN，以更安全的方式存取無審查的開放網路。透過 Outline 執行專屬 VPN 伺服器不但使存取網路變得更安全，網路連線也較不容易遭人蓄意封鎖。

相關連結

• https://getoutline.org/zh-TW
• https://github.com/Jigsaw-Code
• 使用OUTLINE
• Outline VPN：輕鬆建立 VPN 的好選擇
• https://outline.community/

For ARM CPU

• Outline Server with ARM64 support

WireGuard

Installation

• wireguard-install

Algo VPN

• Algo VPN is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN.

NetBird

• NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single open-source platform
• [Video] Netbird - an Open Source, Self Hosted Wireguard based VPN system. Server GUI and client setup ease

PiVPN

PiVPN is a lightweight, open-source project designed to simplify setting up a VPN server on a Raspberry Pi or any Debian-based system.

It supports WireGuard and OpenVPN, allowing you to create a secure, private tunnel to your home network or VPS.

• Self-host Your Own VPN Using PiVPN

Cloudflare Tunnel

Cloudflare Tunnel 是一款內網穿透的隧道軟體，也是 Argo Tunnel 前身分出來做為免費版使用，它可以快速建立安全地加密到任何服務的流量，可以保護您的伺務器免受直接攻擊，就像本身伺服器跟 Cloudflare 最近的資料中心之間，建立一條 Tunnel 私有通道，所以在 Router 防火牆不需開任何對外 Port 埠，避免資訊洩露。

不需要在 Firewall 上的外部網路開啟任何 port，外部電腦也能直接存取 NAT 內部伺服器。

• Cloudflare Tunnel
• Cloudflare Docs: Cloudflare Tunnel
• 免費 Cloudflare Tunnel 取代伺服器對外服務裸奔
• [Video] You Need to Learn This! Cloudflare Tunnel Easy Tutorial

Other alternatives

Twingate

Twingate - 5 users for free

• Docs: Twingate
• [Video] the END of VPNs?

Pangolin

Pangolin - Tunneled Reverse Proxy Management Server with Identity and Access Control and Dashboard UI

• GitHub: https://github.com/fosrl/pangolin 

ngrok

ngrok - put localhost on the internet

應用場景：

• 安全的連線至客戶的網路環境
• 連線至 dev/test 環境，例如測試整合 webhook、與團隊一起預覽開發網站、測試驗證手機後端程式

Pyngrok

ngrok SDK for Python

• pyngrok - a Python wrapper for ngrok — pyngrok 7.1.6 documentation
• GitHub: https://github.com/alexdlaird/pyngrok 

URLs

• ngrok | Unified Application Delivery Platform for Developers
• 使用 ngrok 服務讓人連線到你的 localhost 伺服器 - MyApollo

類似的服務

• Localtunnel ~ Expose yourself to the world
• localhost.run | localhost.run

More VPN Solutions

EasyTier

EasyTier is a simple, safe and decentralized VPN networking solution implemented with the Rust language and Tokio framework.

類似 n2n VPN 的工作原理，不需要特定的中央管理主機，而是選擇任一個或多個節點扮演中央主機。安全性有網路名稱與密碼的設置。

• https://www.easytier.top/en/
• GitHub: https://github.com/EasyTier/EasyTier  

Nebula

A scalable overlay networking tool with a focus on performance, simplicity and security

• Doc: https://nebula.defined.net/docs/ 
• GitHub: https://github.com/slackhq/nebula 

Chisel

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

• GitHub: https://github.com/jpillora/chisel
• Chisel 建立反向 TCP 隧道 - iT 邦幫忙::一起幫忙解決難題，拯救 IT 人的一天 (ithome.com.tw) 
• Chisel: Secure TCP/UDP Tunneling for Modern Networks - Deniz Halil

Tinc

Tinc is free and open-source VPN software that can be used to create mesh VPN networks. It is a small and powerful peer-to-peer VPN daemon that can be installed on multiple platforms. Tinc uses encryptions and tunneling for creating a secure private network between multiple hosts.

Requirement: 每個 node 需要設定 Public IP

• How to Set Up Peer-to-Peer VPN with Tinc on Ubuntu 22.04

Tailscale

Tailscale 雲端服務，基於 WireGuard 的 end-to-end 加密 VPN 技術，可用於 Peer-to-peer VPN，可穿越 NAT，中央管理控制台，免費版支援 3 個帳號。

特點：

• Peer-to-peer VPN: IoT 設備管理
• Tunnel VPN: Netflix Sharing
• 無複雜設定，不是 Client-server 架構
• 支援跨平台系統
• 安全性
  • 使用第三方認證供應商，例如 Google, Microsoft AD, GitHub, Okta 等。
  • Access Controls Lists (ACLs)
  • 多個使用者角色

教學：

• Tailscale quickstart
• How you can connect two home labs with a site-to-site VPN (and why you should)
• How to Set Up Remote Access to Your Local Network Using Tailscale VPN

Peer-to-peer VPN

• 原理：不同的主機啟動 tailnet 後，可以直接互連，但不會影響原本的網路架構。 
  
• 適用 IoT 設備管理網路
• Tailnet 模式：預設

Tunnet VPN

• 原理：使用特定遠端網路主機作為所有流量的閘道出口
• 適用 Netflix 流量共享、跨境網路跳板
• Tailnet 模式：Exit Node

Site-to-site VPN

• 原理：主機啟動 tailnet 後，透過其他的 Subnet Router 主機，可以存取同個內網的任一主機或設備，而目的主機或設備不需要安裝 Tailscale
• 適用：在安全的網路下存取遠端的設備，例如網路印表機
• Tailnet 模式：Subnet Router