VPN

虛擬私人網路(英語:virtual private network,縮寫:VPN)將專用網路延伸到公共網路上,使使用者能夠在共享或公共網路上傳送和接收資料,就像他們的計算裝置直接連接到專用網路上一樣。VPN的好處包括增加專用網路的功能、安全性和管理,它提供了對公共網路上無法存取的資源存取通常用於遠端辦公人員。加密很常見但不是VPN連接的原生部分。

VPN是通過使用專用線路或在現有網路上使用隧道協定建立一個虛擬的對等連接而形成的。可從公共 Internet 獲得的 VPN可以提供廣域網路 (WAN) 的一些好處。 從使用者的角度來看,可以遠端存取專用網路中可用的資源。

n2n VPN

Introduction

n2n 已經停止維護多年,請改用 EasyTier,或其他方案。

n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.

In order to start using n2n, two elements are required:

A virtual network shared between multiple edge nodes in n2n is called a community. A single supernode can relay multiple communities and a single computer can be part of multiple communities at the same time. An encryption key can be used by the edge nodes to encrypt the packets within their community.

n2n tries to establish a direct peer-to-peer connection via udp between the edge nodes when possible. When this is not possible (usually due to special NAT devices), the supernode is also used to relay the packets.

n2n_network.png

n2n_com.png

Installation

Download: https://github.com/ntop/n2n

Ubuntu/Debian

sudo dpkg -i n2n_3.0.0-1038_amd64.deb
sudo apt install -f
Usage

One-liner command in foreground.

# On Linux, change the community, encrypt key and tun IP to your own
# edge -c <community> -k <encrypt key> -a <tun IP address> -l <supernode host:port> -f
sudo edge -c my-community -k my-secret -a 10.9.9.10 -l n2n.lucktu.com:10090 -f

Run as service in background.

# Generate the config file
sudo cp /etc/n2n/edge.conf.sample /etc/n2n/edge.conf

# Start the edge
sudo systemctl start edge
sudo systemctl enable edge
Supernode
sudo supernode -p 10090
相關連結




FreeLAN

Introduction

Freelan is a free, open-source, multi-platform, peer-to-peer VPN software that abstracts a LAN over the Internet. It works on Windows, Linux and Mac OSX.

Whether you want to connect the computers of your family, play an old LAN-only game with your friends, or give a privileged access to your private network to your collaborators, freelan will do the job perfectly.

FreeLAN is free all-around VPN open-source software for Windows, Linux, and macOS that can be used to create three types of VPN:

Installation

Download: https://www.freelan.org/download.html

Ubuntu/Debian

sudo apt update
sudo apt install freelan

Windows

  1. 下載 Visual C++
  2. 下載 freelan-2.2.0-amd64-install.exe
Usage

One-liner command in foreground.

# On PC#1, which is correctly configured to allow access to the 12000/UDP from the internet.
# By default, the listen port is 12000/UDP and the tun_tap.ip_address is 9.0.0.1
freelan --security.passphrase "my_secret"

# On PC#2
freelan --security.passphrase "my_secret" --tap_adapter.ipv4_address_prefix_length 9.0.0.2/24 --fscp.contact <IP-to-PC1>:12000


Outline

簡介

Outline 讓所有使用者都能執行自己專屬的 VPN,以更安全的方式存取無審查的開放網路。透過 Outline 執行專屬 VPN 伺服器不但使存取網路變得更安全,網路連線也較不容易遭人蓄意封鎖。


相關連結

For ARM CPU

WireGuard

WireGuard Server

WireGuard Client

wg-quick

Installation

# Ubuntu/Debian
sudo apt install wireguard

# Fedora
sudo dnf -y install wireguard-tools

Generate the key pairs

sudo -i
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Configure the WireGuard interface on Peer A

/etc/wireguard/wg0.conf

cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.2/32
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DNS = 8.8.8.8, 4.4.4.4

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
Endpoint = the.wireguard.server:51820
EOF

Up & Down the wg link

sudo wg-quick up wg0
sudo wg
sudo journalctl -fu wg-quick@wg0

sudo wg-quick down wg0
nmcli
# Import the config file
CONF_FILE="wg0.conf"
nmcli connection import type wireguard file "$CONF_FILE"

# Show the profiles
nmcli
nmcli conn show   # List all profiles
nmcli conn show <name>  # Display the details for specified profile

# Delete the profile
nmcli connection delete wg0

# Modify the profile my-wg0
nmcli connection modify my-wg0 \
    autoconnect yes \
    ipv4.method manual \
    ipv4.addresses 192.168.7.5/24 \
    wireguard.listen-port 50000 \
    ...

# Active/Inactive the interface
nmcli connection up my-wg0
nmcli connection down my-wg0

Algo VPN

NetBird

PiVPN

PiVPN is a lightweight, open-source project designed to simplify setting up a VPN server on a Raspberry Pi or any Debian-based system.

It supports WireGuard and OpenVPN, allowing you to create a secure, private tunnel to your home network or VPS.

Cloudflare Tunnel

Cloudflare Tunnel 是一款內網穿透的隧道軟體,也是 Argo Tunnel 前身分出來做為免費版使用,它可以快速建立安全地加密到任何服務的流量,可以保護您的伺務器免受直接攻擊,就像本身伺服器跟 Cloudflare 最近的資料中心之間,建立一條 Tunnel 私有通道,所以在 Router 防火牆不需開任何對外 Port 埠,避免資訊洩露。

不需要在 Firewall 上的外部網路開啟任何 port,外部電腦也能直接存取 NAT 內部伺服器。

Other alternatives

Twingate

Twingate - 5 users for free

Pangolin

Pangolin - Tunneled Reverse Proxy Management Server with Identity and Access Control and Dashboard UI

ngrok

ngrok - put localhost on the internet

應用場景:

Pyngrok

ngrok SDK for Python

URLs

類似的服務

More Solutions

EasyTier

EasyTier is a simple, safe and decentralized VPN networking solution implemented with the Rust language and Tokio framework.

類似 n2n VPN 的工作原理,不需要特定的中央管理主機,而是選擇任一個或多個節點扮演中央主機。安全性有網路名稱與密碼的設置。

Nebula

A scalable overlay networking tool with a focus on performance, simplicity and security

Chisel

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

Tinc

Tinc is free and open-source VPN software that can be used to create mesh VPN networks. It is a small and powerful peer-to-peer VPN daemon that can be installed on multiple platforms. Tinc uses encryptions and tunneling for creating a secure private network between multiple hosts.

Requirement: 每個 node 需要設定 Public IP

Tunneled Mesh Reverse Proxy

類似自行託管的 Cloudflare Tunnel 服務,適合網站型的服務。

Pangolin

Pangolin 是一款具有身份和存取控制功能的自託管隧道式反向代理伺服器,專為在分散式網路中安全地揭露私有資源而設計。Pangolin 作為一個中央樞紐,可透過加密的隧道連接隔離的網路 (甚至是位於限制性防火牆後面的網路),讓您不需開啟連接埠即可輕鬆存取遠端服務。

Wiredoor

Wiredoor is a self-hosted, open-source ingress-as-a-service platform that allows you to expose applications and services running in private or local networks to the internet—securely, reliably, and without complex infrastructure.

It uses reverse VPN connections powered by WireGuard and exposes services through a built-in NGINX reverse proxy. Perfect for developers, operators, or teams that want full control of their ingress without relying on public cloud solutions.

Tailscale

Tailscale 是一個 Mesh VPN 雲端服務,基於 WireGuard 的 end-to-end 加密 VPN 技術,可用於 Peer-to-peer VPN,可穿越 NAT,中央管理控制台,免費版支援 3 個帳號。

特點:

教學:

Peer-to-peer VPN
Tunnet VPN
Site-to-site VPN