supernode(1) USER COMMANDS supernode(1)

supernode - n2n supernode daemon

supernode <config file>
supernode [OPTION]...

N2N is a peer-to-peer VPN system. Supernode is a node introduction registry, broadcast conduit and packet relay node for the n2n system. On startup supernode begins listening on the specified UDP port for node registrations, and other packets to route. The supernode can service any number of communities and routes packets only between members of the same community. The supernode does not hold the community encryption key and so cannot snoop or inject packets into the community.

Supernode can service a number of n2n communities concurrently. Traffic does not cross between communities.

All logging goes to stdout.

The config file is similar to the command line, with one option per line. Lines starting with a "#" are ignored. An equal sign ('=') should be used between key and value. Example: -p=7777

listen on this fixed local UDP port, defaults to 7654
name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT)
ip address or name, and port of known supernode
fixed MAC address for the supernode, e.g.
'-m 10:20:30:40:50:60', random otherwise
disable MAC and IP address spoofing protection for all non-username-password-authenticating communities
modify the supernode version string which is distributed to the edges and shown at their management port output, up to 19 characters

file containing the allowed communities and any User / Password based authentication details (See ALLOWED COMMUNITIES FILE section)
subnet range for auto ip address service,
e.g. '-a 192.168.0.0-192.168.255.0/24',
defaults to '10.128.255.0-10.255.255.0/24'

disable daemon mode (UNIX) and run in foreground.
management UDP port, for multiple supernodes on a machine, defaults to 5645
sets the password for access to JSON API at the management port, defaults to 'n2n'. The password has to be provided for relevant access to JSON API at the management port.
use verbose logging
numeric user ID to use when privileges are dropped
numeric group ID to use when privileges are dropped
shows a quick reference including all available options
shows detailed parameter description

This file is a plain text file. Comments are introduced with a hash at the beginning of the line. A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community. Allowed communities can be specified with a regular expression.

Example community file:

# List of allowed communities
mynetwork
netleo
* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC

More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package.

set the federation name so it is not visible at the command line

Start supernode listening on UDP port 7654 with verbose output.
Shows the management status of a running supernode.

When supernode restarts it loses all registration information from associated edge nodes. It can take up to five minutes for the edge nodes to re-register and normal traffic flow to resume.

supernode is a daemon and any exit is an error

Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner

ifconfig(8) edge(8)
the documentation contained in the source code
the extensive documentation found in n2n's doc/ folder

July 16, 2021 version 3