explaingit

ntop/n2n

6,918CAudience · ops devopsComplexity · 4/5Setup · hard

TLDR

Peer-to-peer VPN tool written in C that connects machines across the internet as if they share a local network, with traffic flowing directly between them once the initial connection is made.

Mindmap

mindmap
  root((n2n VPN))
    Components
      Edge nodes
      Supernode
    How it works
      Peer discovery
      Direct traffic
    Features
      AES encryption
      IPv6 packets
      Docker support
    Platforms
      Linux
      Windows
      macOS
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Connect remote developer machines so they can share local services without routing all traffic through a central server

USE CASE 2

Run the N2N supernode coordinator as a Docker container and join edge nodes from Linux, Windows, and Mac machines

USE CASE 3

Set up an encrypted peer-to-peer tunnel between home and office machines to access local network resources remotely

Tech stack

CDocker

Getting it running

Difficulty · hard Time to first run · 1h+

Requires deploying a supernode server that edge nodes can reach, each edge needs a shared community name, encryption key, and assigned virtual IP.

In plain English

N2N is a peer-to-peer virtual private network (VPN) tool written in C. A VPN creates an encrypted tunnel between computers so they can communicate as if they were on the same local network, even when separated across the internet. Most VPNs route all traffic through a central server. N2N takes a different approach: once the initial connection is established, computers talk directly to each other, bypassing the central relay for ongoing traffic. N2N uses two types of components. The first is called an edge node, which runs on each machine you want to connect. The second is called a supernode, which acts as a coordinator to help edge nodes find each other. You start the supernode once, then start an edge process on each machine you want on the network, passing arguments that specify a shared community name, an encryption key, an IP address for that machine on the virtual network, and the address of the supernode. Once two edge nodes have located each other through the supernode, traffic between them flows directly. On Linux and similar systems, the edge process creates a virtual network interface, which requires brief elevated permissions at startup. The README explains how to drop those privileges after setup and how to install the edge binary as SUID-root so any user can start it without a separate privilege step. The README also covers IPv6 packet support within the tunnel (the underlying transport between nodes remains IPv4), cipher options including AES with measured performance figures, and instructions for running the supernode as a Docker container. The project is maintained by ntop.org and covers Windows alongside the Unix platforms, though some command-line flags differ between operating systems.

Copy-paste prompts

Prompt 1
Walk me through setting up an N2N network with one supernode and two edge nodes on Linux, including the exact commands and AES encryption flags for both sides.
Prompt 2
I want to run the N2N supernode in Docker. Show me the Docker run command and then how to configure a Linux edge node to connect to it.
Prompt 3
How do I configure an N2N edge node on Linux to drop root privileges after startup so it runs as a non-root user during normal operation?
Prompt 4
Show me how to add a Windows machine as an edge node to an existing N2N network that already has Linux nodes, noting any flag differences.
Open on GitHub → Explain another repo

← ntop on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.