使用N2N软件远程管理DLAP221设备
在大多数的情况下边缘设备DLAP221一般部署在内网,如果要远程维护设备,则需要通过公网穿透到内网来登录设备,这里介绍的N2N软件正好可以实现这个功能。
N2N分为SuperNode和EdgeNode,前者被称为超级节点,能够在EdgeNode之间建立握手并为无法直连的EdgeNode中转数据,是网络的核心部分。当然由于SuperNode的重要性,N2N支持为EdgeNode指定多个SuperNode,以便组成更复杂的网络,并且防止单个SuperNode出问题导致的整个网络瘫痪。
pc1 <-> center <-> pc2
^
|
v
pc3 <-> center <-> pc4
1. 内核依赖
N2N依赖tun虚拟网卡,默认情况下,DLAP221的Linux内核并没有开启tun虚拟网卡模块,当没有开启tun虚拟网卡功能时,在启动客户端程序的时候,有如下提示:
ERROR: ioctl() [No such file or directory][2]
1.1 编译tun模块
修改内核配置文件,将tun虚拟网卡编译成模块
-> Device Drivers
-> Network device support
-> Network core driver support
<M> Universal TUN/TAP device driver support
在此已经为DLAP221设备编译好了tun.ko模块,可以从网盘(提取码:4npg)下载编译好的ko文件
1.2 安装tun模块
将tun.ko拷贝到DLAP221设备上
$ scp tun.ko HwHiAiUser@192.168.10.2:~
$ cp /home/HwHiAiUser/tun.ko /home/ad_custom/drivers
$ sudo vim /var/davinci/scripts/minirc_user_service.sh
...
# Misc
insmod ${DRIVERS_DIR}/pl2303.ko
insmod ${DRIVERS_DIR}/sd_mod.ko
insmod ${DRIVERS_DIR}/sg.ko
insmod ${DRIVERS_DIR}/usb-storage.ko
insmod ${DRIVERS_DIR}/i2c-mux.ko
insmod ${DRIVERS_DIR}/exfat.ko
insmod ${DRIVERS_DIR}/cp210x.ko
insmod ${DRIVERS_DIR}/tun.ko #在此处添加代码自动加载tun.ko
#docker
insmod ${DRIVERS_DIR}/br_netfilter.ko
insmod ${DRIVERS_DIR}/echainiv.ko
insmod ${DRIVERS_DIR}/grace.ko
insmod ${DRIVERS_DIR}/iptable_filter.ko
...
1.3 检查tun模块
$ lsmod|grep tun
udp_tunnel 16384 1 vxlan
nft_tunnel 16384 0
nf_tables 118784 11 nft_chain_route_ipv4,nft_reject_ipv4,nft_ct,nft_compat,nft_nat,nft_redir,nft_tunnel,nft_dup_ipv4,nft_masq,nft_limit,nft_reject
ip_tunnel 28672 0
tun 45056 2 #此处有tun模块,代表驱动加载成功
$ ls /dev/net/tun
/dev/net/tun #设备文件成功创建
2. 部署
N2N最简单的部署分为二部分:
-
服务器端部署,也就是超级节点、
-
客户端部署
注意:edge和super的版本必须一致
2. 服务器端部署
一般部署服务器(超级节点),运行一下命令即可,前提条件是你的客户端能连接到超级节点
$ supernode -l 7777 #这里端口号可以自行设置,只要不和其他的端口冲突即可
由于我们的测试环境没有公网地址的服务器,所以我们利用官方地址:supernode.ntop.org ,端口号:7777,默认官方的服务器是工作的,所以在此我们不需要做任何事情。
2.2 客户端部署
为了测试,我们部署跨公网的两个设备,这两个设备在各自的内网中,一个是DLAP221设备,另外一台是pc,相互无法ping通。
另外,考虑到edge和super的版本必须一致,目前我们是用官方的super node,所以我们取最新的代码进行编译,而不采用apt install方式安装n2n软件。
在两台设备上分别下载并编译n2n:
$ git clone https://github.com/ntop/n2n.git
$ cd n2n
$ ./autogen.sh
$ ./configure
$ make
# 可选
$ make install
在DLAP221上运行以下命令:
$ sudo ./edge -c mynetwork -k mysecretpass -a 192.168.100.1 -f -l supernode.ntop.org:7777
06/Sep/2021 05:47:55 [edge_utils.c:3621] adding supernode = supernode.ntop.org:7777
06/Sep/2021 05:47:55 [edge.c:976] WARNING: switching to AES as key was provided
06/Sep/2021 05:47:55 [edge.c:1016] starting n2n edge 2.9.0 Sep 6 2021 05:46:24
06/Sep/2021 05:47:55 [edge.c:1022] using compression: none.
06/Sep/2021 05:47:55 [edge.c:1023] using AES cipher.
06/Sep/2021 05:47:55 [edge_utils.c:332] number of supernodes in the list: 1
06/Sep/2021 05:47:55 [edge_utils.c:334] supernode 0 => supernode.ntop.org:7777
06/Sep/2021 05:47:55 [edge_utils.c:423] successfully created resolver thread
06/Sep/2021 05:47:55 [edge.c:1047] use manually set IP address
06/Sep/2021 05:47:55 [edge.c:1163] created local tap device IP: 192.168.100.1, Mask: 255.255.255.0, MAC: D6:C4:50:E1:BE:1E
06/Sep/2021 05:47:55 [edge.c:1233] WARNING: n2n has not been compiled with libcap-dev; some commands may fail
06/Sep/2021 05:47:55 [edge.c:1238] dropping privileges to uid=65534, gid=65534
06/Sep/2021 05:47:55 [edge.c:1263] edge started
06/Sep/2021 05:47:55 [edge_utils.c:1054] successfully joined multicast group 224.0.0.68:1968
06/Sep/2021 05:47:55 [edge_utils.c:2614] [OK] edge <<< ================ >>> supernode
在远端PC上运行一下命令:
$ sudo ./edge -c mynetwork -k mysecretpass -a 192.168.100.2 -f -l supernode.ntop.org:7777
[sudo] password for adlink:
06/Sep/2021 13:52:49 [edge_utils.c:3621] adding supernode = supernode.ntop.org:7777
06/Sep/2021 13:52:49 [edge.c:976] WARNING: switching to AES as key was provided
06/Sep/2021 13:52:49 [edge.c:1016] starting n2n edge 2.9.0 Sep 6 2021 13:52:17
06/Sep/2021 13:52:49 [edge.c:1022] using compression: none.
06/Sep/2021 13:52:49 [edge.c:1023] using AES cipher.
06/Sep/2021 13:52:49 [edge_utils.c:332] number of supernodes in the list: 1
06/Sep/2021 13:52:49 [edge_utils.c:334] supernode 0 => supernode.ntop.org:7777
06/Sep/2021 13:52:49 [edge_utils.c:423] successfully created resolver thread
06/Sep/2021 13:52:49 [edge.c:1047] use manually set IP address
06/Sep/2021 13:52:49 [edge.c:1163] created local tap device IP: 192.168.100.2, Mask: 255.255.255.0, MAC: 2A:98:19:2B:32:F8
06/Sep/2021 13:52:49 [edge.c:1233] WARNING: n2n has not been compiled with libcap-dev; some commands may fail
06/Sep/2021 13:52:49 [edge.c:1238] dropping privileges to uid=65534, gid=65534
06/Sep/2021 13:52:49 [edge.c:1263] edge started
06/Sep/2021 13:52:49 [edge_utils.c:1054] successfully joined multicast group 224.0.0.68:1968
06/Sep/2021 13:52:50 [edge_utils.c:2614] [OK] edge <<< ================ >>> supernode
参数说明
| 参数 | 含义 |
|---|---|
| -d | 虚拟网卡名 |
| -a | [static: 或者 dhcp:]虚拟网段 (IP),static 模式其实可以不用加那个 static: 直接写 IP 就行 |
| -c | 用于区分节点的社区 (组) 名 |
| -k | 用于加密的字符串 |
| -K | 用于加密的 Key 文件,和 - k 不能共存 |
| -s | 子网掩码 |
| -l | supernode 的 IP: 端口,可以指定多个 supernode 的 |
| -i | NAT 打洞间隔 |
| -b | 当使用 DHCP 时定期刷新 IP |
| -p | 指定本地端口 |
| -u | 指定运行所用的 UID |
| -g | 指定运行所用的 GID |
| -f | 前台运行 |
| -m | 为虚拟网卡指定 MAC 地址 |
| -r | 启用包转发,当 - a 指定 DHCP 时需要启用 |
| -E | 接收组播 MAC 地址 |
| -v | 输出比较详细的 log |
| -t | 指定用于管理的 UDP 端口 |
3. 测试
3.1 ping测试
DLAP221 ping PC
$ ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=451 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=453 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=452 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=450 ms
64 bytes from 192.168.100.2: icmp_seq=5 ttl=64 time=450 ms
PC ping DLAP221
$ ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=436 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=434 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=434 ms
64 bytes from 192.168.100.1: icmp_seq=4 ttl=64 time=435 ms
64 bytes from 192.168.100.1: icmp_seq=5 ttl=64 time=466 ms
3.2 ssh登录测试
从PC端ssh登录到DLAP221设备:
ssh -l HwHiAiUser 192.168.100.1
The authenticity of host '192.168.100.1 (192.168.100.1)' can't be established.
ECDSA key fingerprint is SHA256:p8N+/XArdQdE9MQt1bANLr4vNE+2BFi5Depd+yoV/6c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.1' (ECDSA) to the list of known hosts.
HwHiAiUser@192.168.100.1's password:
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.19.95+ aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
Last login: Mon Sep 6 04:53:47 2021 from 192.168.31.150
HwHiAiUser@davinci-mini:~$
4. 自启动服务(可选)
配置 DLAP221节点 edge 服务脚本
$ vim /lib/systemd/system/n2n_edge.service
[Unit]
Description=n2n edge
Wants=network-online.target
After=network-online.target
[Service]
ExecStartPre=/bin/sh -c 'until ping -c1 supernode.ntop.org; do sleep 1; done;'
ExecStart=/usr/local/n2n/sbin/edge -l supernode.ntop.org:7777 -c n2n0 -a 172.168.3.1 -k 5tgb6yhn7ujm -f
[Install]
WantedBy=multi-user.target
注册服务并启动服务
$ systemctl enable n2n_edge
Created symlink from /etc/systemd/system/multi-user.target.wants/n2n_edge.service to /lib/systemd/system/n2n_edge.service.
$ systemctl start n2n_edge
扫一扫
773
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
