Exit Node capability #6
Comments
|
Yes. It is possible to make Omniedge the Exit node. It needs some routes rules from the devices. A node will be used as a Exit Node(server), and forward traffics for other nodes. In order to enable Exit Node, there are two main work for Each clients:
|
|
https://github.com/ntop/n2n/blob/dev/doc/Routing.md
Basically you can compile the clients to have the EXIT function according to the #n2n doc: |
|
Will add exit node feature to cli and make it automatically. |
|
That's great news! |
|
The How to compile: https://github.com/omniedgeio/omniedge#compile Here is how: On the exit node side
On the client sideLinux (works)
EXIT_NODE_IP="100.100.100.1"
CUSTOMIZE_SUPERNODE_IP="11.22.33.44"
DNS_SERVER="8.8.8.8"
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
cp /etc/resolv.conf /etc/resolv.conf.my_bak
echo "nameserver $DNS_SERVER" > /etc/resolv.conf
ip route add $CUSTOMIZE_SUPERNODE_IP via "$CURRENT_GW"
ip route del default
ip route add default via $EXIT_NODE_IP
ip route del default
ip route del $CUSTOMIZE_SUPERNODE_IP via "$CURRENT_GW"
ip route add default via "$CURRENT_GW"
mv /etc/resolv.conf.my_bak /etc/resolv.confWindows (Waiting for test)#Prepare
EXIT_NODE_IP="100.100.100.1" #Get from api
CUSTOMIZE_SUPERNODE_IP="11.22.33.44" #Get from api
DNS_SERVER="8.8.8.8" #Get from api
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
#Set
route delete
route ADD $CUSTOMIZE_SUPERNODE_IP MASK 255.255.255.0 $CURRENT_GW
route ADD 0.0.0.0 MASK 255.255.255.0 $EXIT_NODE_IP
#Restore
route delete $CUSTOMIZE_SUPERNODE_IP
route delete 0.0.0.0
route ADD 0.0.0.0 MASK 255.255.255.0 $CURRENT_GWmacOS (Waiting for test)#Prepare
EXIT_NODE_IP="100.100.100.1" #Get from api
CUSTOMIZE_SUPERNODE_IP="11.22.33.44" #Get from api
DNS_SERVER="8.8.8.8" #Get from api
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
# Set
route -n add -net $CUSTOMIZE_SUPERNODE_IP $CURRENT_GW
route -n add -net 0.0.0.0 $EXIT_NODE_IP
# Restore
route delete -net $CUSTOMIZE_SUPERNODE_IP
route delete -net 0.0.0.0
route -n add -net 0.0.0.0 $CURRENT_GWAndroidTBD iOSTBD |
|
Awesome, will do! |
|
I was able to test it out and it works as intended but I was hoping for more of a client zero-configuration option. In this solution, the routing works because you're telling each client the default route to use. I was hoping you could define the routing at the server/cloud UI level. Or, if that isn't possible, perhaps limit the client configuration to specifying the exit node IP like Step 3 of https://tailscale.com/kb/1103/exit-nodes/ I'm also mostly interested in the mobile app use case for exit nodes. I'd like to route the mobile data through a Linux exit node. P.S. you'll want to add |
|
Thanks for the testing. And Thanks for pointing the missing |
|
Excellent, looking forward to it. By the way, your bandwidth speeds (thanks to n2n) are much higher than Tailscale or ZeroTier. <3 |
|
It would also be ideal to pair exit node capability with always-on VPN on the client. If you configured the mobile app to support MDM configuration like https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment OmniEdge would be great for my use case. |
|
ping |
It will take longer than I expected to release this feature. The barrie is not the technology but the regulation. |
|
Interesting. Any specific regulation or just general privacy concerns? Companies routinely monitor device behavior. Perhaps a label in the app noting the mode is enabled? |
|
OmniEdge is a C-Corp in Delaware, US, but the owner is Chinese Citizen who will travel frequently to China for other business. VPN service with exit node function needs license. It's funny but true. There is a way to fix this: OmniEdge opens a Chinese branch and apply the VPN license or the owner keeps staying outside of China. |
|
I see. Thanks for that background. Would you be able to create a code branch with the exit node functionality so I can locally build and test and if/when the regulation is resolved the tech piece will be done? |
|
I am sorry that we can not do it at the moment. |
|
No worries, thanks for trying 🙂 |
Does OmniEdge have Exit Node capability? (route all network traffic destined for the public Internet through a specific node)
https://omniedge.io/docs/article/architecture mentions
Forward TCP and UDP traffic over the virtual network, either directly or indirectly. Provide local DNS resolution for proxied requests.so I'm hoping this is possible.The text was updated successfully, but these errors were encountered: