ZeroConf VPN 中的节点如何通信?
我想创建一个零配置 P2P VPN 软件,例如 hamachi 或 tunngle。我浏览了很多网站、书籍和论文,但它给我带来了更多的困惑。所以我在这里。 :)
首先,请给我一些链接,它们可以告诉我如何开发这样的软件,其次请告诉我这个零配置 VPN 是如何一步一步工作的。
除此之外,我还有一个疑问: 我在某处读到过类似的内容 - N2N 允许人们在两台或多台计算机之间创建 VPN 连接。为了使一台计算机连接到另一台计算机,需要在每台计算机上运行“边缘”可执行文件。任意数量的计算机可以相互连接,但为了实现所有连接,一台计算机需要运行“超级节点”可执行文件。现在,为了进行连接,运行“边缘”的计算机首先尝试连接到运行“超级节点”的计算机,之后一旦运行“边缘”的所有计算机之间的信息交换通过“超级节点”完成”,不再需要“超级节点”,运行“边缘”的计算机之间的连接直接从计算机到计算机完成,无需“超级节点”的任何参与。
我的问题是如何完成连接直接在计算机之间进行而不需要超级节点的参与?它的作用基本上是为所有边缘节点分配私有 IP 地址。现在,如果两台计算机拥有私有 IP 地址,则它们无法通过互联网进行通信。另一件事是,如果 2 个节点位于 2 个对称 NAT 服务器后面,那么如果为它们分配了私有 IP 地址,它们如何进行通信?
帮助我了解这个 VPN 技术。
I wanted to create a Zero Configuration P2P VPN software like hamachi or tunngle. I went through a lot of websites and books and papers but It created more confusions in me. So here I am. :)
First of all, please give me some links which can tell me how to develop such a software and secondly plz tell me how this Zero Conf VPN works step by step.
Apart from that here is my doubt:
I read somewhere something like this - N2N allows a person to create a VPN connection between two or more computers. For a computer to connect to another computer, an "edge" executable is required to be run on each computer. Any number of computers can be connected to each other, but for all the connections to take place, one computer needs to run the "supernode" executable. Now for the connections to take place, the computers running the "edge" first tries to connect to the computer running the "supernode", after which once the exchange of information between all the computers running the "edge" is completed through the "supernode", the "supernode" is no longer needed, and the connections between the computers running the "edge" is done directly from computer to computer without any involvement from the "supernode".
My question is how can connections be done directly between computers without any involvement from supernode? What it does basically is all edge nodes are assigned private ip address. Now 2 computers cannot communicate over internet if they have private ip addresses. Another thing if 2 nodes are behind 2 symmetrical NAT servers then how can they communicate if they are assigned private ip address?
Help me understand this VPN technique.
我不知道你说的VPN是什么。不过,我已经在组播 DNS(又名 Bonjour、Avahi 等)方面使用了 Zero Conf。 Apple 处于领先地位 - 您可以在此处下载代码 - 它可以在 Linux 上轻松编译,这将使您走得更远:
http://opensource.apple.com/source/mDNSResponder/mDNSResponder-320.10/
IP 的事情由操作系统处理。 RFC 3927...
I don't know what the VPN stuff you speak of is. However, I've done work with Zero Conf in terms of Multicast DNS (aka Bonjour, Avahi, etc). Apple leads it - you can download there code here - it compile easily on Linux, and this will get you that far:
http://opensource.apple.com/source/mDNSResponder/mDNSResponder-320.10/
The IP stuff is taken care of by the OS. RFC 3927...