Saturday, February 20, 2010

n2n, peer to peer tunneling for people who want to get things done

I needed a remote connectivity solution that didn't suck. I am not a corporation. I am not supporting road warriors, secure extranets, and I don't need to be buzzword compliant. I just needed to connect together the machines that I work on without all the difficulty.

This solution needed the following features:

  • works on any flavor of Linux/BSD/OS X, and Windows too

  • open source

  • layer 2 to make printing, file sharing, DAAP stuff easier

  • reasonably easy to set up

  • gratis

  • actively developed

  • peer-to-peer - hairpin routing through a central concentrator is bad



One of the problems was that I would always start looking into a solution like OpenVPN, OpenS/WAN, PPTP server built into DD-WRT - but I always got distracted by more interesting projects. They just were not easy enough to make it worth while - dynamic DNS and ssh was my methadone.

Then I found out about Hamachi, a peer-to-peer layer 2 vpn solution that really did "just work" the way I wanted. The rad thing was it sorta worked like SIP with a STUN server - not really sure if it used UDP, but it didn't really matter. Connections were brokered through a Hamachi server, but the data flow was peer-to-peer. It worked great for all my machines through NAT and was cross platform. I used it for several months and now I had a taste for what good remote connectivity could be. There were some shortcomings though - it was not open source, and after it was purchased by LogMeIn it looked like development stopped. Bummer, but at least it was free and still worked.

After quite a while searching for an open source peer-to-peer style NAT piercing VPN solution I stumbled upon N2N, software that was super similar to Hamachi but open and from the good people at NTOP (have used NTOP and fProbe in the past - cool). Within ten minutes I had downloaded, compiled, and configured it and was absolutely blown away at the ease of use. I tried it out on OS X and Windows and it worked - hallelujah. One thing that might be a bit of a challenge for some folks is that you do need a server with a static IP to run the supernode on, but to me this was much better than relying on Hamachi for STUN type stuff (since they occasionally had outages for their free service).

Basically you just set up the supernode on a server on any UDP port you desire. It brokers the connections and then the traffic flows peer-to-peer over UDP. Here is the absolutely KILLER feature (which may be more of a side effect than feature) of using this connectionless UDP stuff - I can rip out the rug from underneath it and it still works. Lets say I have five terminal sessions going and I have been working off my 3G card in the car. Then I get home and Network Manager picks up the WiFi and flips over to that. N2N couldn't care less, all those connections within the tunnel stay up and working. Good luck doing that with an SSH or ipsec connection. No messing with keepalives - it really does work better than expected. For touch-and-go connectivity like mobile broadband, a solution that kills all your work and requires a reconnect just isn't going to cut it. Oh, and I can suspend and wake my machine without needing to reconnect.

I have probably been using it for about a year and have never run across anyone else who uses it and wanted to give it some props. It fills in the Hamachi requirement gaps for me and I give it my big fat seal of approval.