Nat 2 Nat Connector Project
0.1
The
n2nc project aims to connects 2 host behind differents nats gateway together using standard streams or vdeplug library.
The architecture is server-client on which the client works in 2 modes: active and passive, the active client want to connect to the passive endpoint and the passive client expects a connection request by active client. Each client(passive and active) first registers itself to the server by sending a couple of data: the ID of the client (that simply is a substring of md5sum of the own rsa public key) and a port number on which the client binds a socket for transport comunication.
Once both clients are registered, the active client send a message to the passive client trough the server which act a message bouncer, this message tell the wish of connect; the passive peer receives the message and then ask the server which service port has registered the active client. At this point each client sends to the other garbage UDP datagram asincroniously, this way each NAT gateway binds a mapping so that the connection can forward in both senses from/to each client. this method is called UDP Hole Punching. when each client sees the datagram arrives, the active client generates a key of 128 bit lenght to identify the session and send it to their other party in a secured rsa message. the ability of sending secured message are guaranted by the RSA cipher family where each client ID associates a unique rsa public key. secured message are encrypted using the public key of the other party.
The
n2nc has the so called filter module extension, which work in this way:
the service data(datagrams) is processed in a chain of filters that one a time does datagram inspection end/or edit, at this time i write this document, are implemented 4 filters: dummy filter that does nothing, LZO filter that act as LZO link compression, BZ2 link compressor, and the last, BlowFish filter cipher module which uses the previously geretated and shared session key.
Simply execute:
./configure
make
make install #(optional)
There are a couple of dependencies to satisfy. n2nc needs the libssl header (libssl-dev on debian) and bzip2 headers (libbz2-dev).
On each side(clients passive/active) create a file in ~/.n2nc/loadfilters and put the filename of filter you want to load on each line:
e.g.
cat ~/.n2nc/loadfilters
libbz2filter
libbffilter
in this case, libz2filter will act as link compressor, then the compressed data will be processed by blowfish crypto module. straighforwardly the data's coming path will traverses these filters in reverse order.
Now it's time to generate a rsa key pair with the script "n2nc_newrsa.sh", both public and private keys will be generated to keyring directory (~/.n2nc/keyring), the created keys should have a filename starting with a 4 digit hexadecimal number, this is the own peer's ID. Now share the public key between the 2 clients through an arbitrary secure way you mind.
#./server -p 5555 -bindip 0.0.0.0
#./n2nc -p -saddr n2ncservice.org -bindip 192.168.0.55 -myid 0x245e -filterdir filters/.libs/
#./n2nc -saddr n2ncservice.org -bindip 192.168.1.4 -myid 0x0ad9 -otherid 0x245e -filterdir filters/.libs/
-saddr is the server hostname or ip
-bindip is the IP to bind for udp service comunication (should be the address for which there is the default gateway)
-myid is my ID (first 4 digit of my rsa publick key's filename)
-otherid the ID of the other party
-filterdir is the direcrory where plugins modules are located
Simply add the "-vdesock path.to.vde_switch.ctl.dir" paramaeter and
n2nc will connect to that switch.
e.g.:
#./n2nc -p -saddr n2ncservice.org -bindip 192.168.0.55 -myid 0x245e -filterdir filters/.libs/ -vdesock /tmp/vde.ctl/
#./n2nc -saddr n2ncservice.org -bindip 192.168.1.4 -myid 0x0ad9 -otherid 0x245e -filterdir filters/.libs/ -vdesock /tmp/vde.ctl/
PLease use the sourceforge system to track bugs/wishes and so on.
