{"id":13628170,"url":"https://github.com/nknorg/nconnect","last_synced_at":"2026-01-14T23:24:21.547Z","repository":{"id":37928046,"uuid":"288387368","full_name":"nknorg/nconnect","owner":"nknorg","description":"Securely connect to remote machines without the need of any server, public IP address, or publicly exposed ports.","archived":false,"fork":false,"pushed_at":"2023-11-25T08:11:17.000Z","size":6203,"stargazers_count":110,"open_issues_count":1,"forks_count":32,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-17T11:58:32.695Z","etag":null,"topics":["blockchain","decentralization","networking","nkn","p2p","sdn","vpn"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nknorg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-18T07:35:22.000Z","updated_at":"2025-03-26T13:11:53.000Z","dependencies_parsed_at":"2024-06-20T02:59:15.028Z","dependency_job_id":"7ce9f2d4-205d-4a88-94ae-09ebd5df836e","html_url":"https://github.com/nknorg/nconnect","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/nknorg/nconnect","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nknorg%2Fnconnect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nknorg%2Fnconnect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nknorg%2Fnconnect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nknorg%2Fnconnect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nknorg","download_url":"https://codeload.github.com/nknorg/nconnect/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nknorg%2Fnconnect/sbom","scorecard":{"id":690259,"data":{"date":"2025-08-11","repo":{"name":"github.com/nknorg/nconnect","commit":"18c4d5bc8adcd128a863c53aeb3b0aeeb60891aa"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 14/26 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/nknorg/nconnect/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/nknorg/nconnect/go.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/Dockerfile:2","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.2.0 not signed: https://api.github.com/repos/nknorg/nconnect/releases/131424978","Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/nknorg/nconnect/releases/98022718","Warn: release artifact v1.0.9 not signed: https://api.github.com/repos/nknorg/nconnect/releases/95017616","Warn: release artifact v1.0.8 not signed: https://api.github.com/repos/nknorg/nconnect/releases/64091138","Warn: release artifact v1.0.7 not signed: https://api.github.com/repos/nknorg/nconnect/releases/61249099","Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/nknorg/nconnect/releases/131424978","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/nknorg/nconnect/releases/98022718","Warn: release artifact v1.0.9 does not have provenance: https://api.github.com/repos/nknorg/nconnect/releases/95017616","Warn: release artifact v1.0.8 does not have provenance: https://api.github.com/repos/nknorg/nconnect/releases/64091138","Warn: release artifact v1.0.7 does not have provenance: https://api.github.com/repos/nknorg/nconnect/releases/61249099"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"82 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2955 / GHSA-869c-j7wc-8jqv","Warn: Project is vulnerable to: GO-2023-1737 / GHSA-2c4m-59x9-fr2g","Warn: Project is vulnerable to: GO-2024-2459 / GHSA-ppxx-5m9h-6vxf","Warn: Project is vulnerable to: GO-2024-2682 / GHSA-c33x-xqrf-c478","Warn: Project is vulnerable to: GO-2024-3302 / GHSA-px8v-pp82-rcvr","Warn: Project is vulnerable to: GO-2025-3638 / GHSA-pmc3-p9hx-jq96","Warn: Project is vulnerable to: GHSA-vfrj-fv6p-3cpf","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-vf6r-87q4-2vjf","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx","Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4","Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653","Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj","Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67","Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w","Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2","Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3","Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx","Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx","Warn: Project is vulnerable to: GHSA-q4q5-c5cv-2p68","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T02:09:33.351Z","repository_id":37928046,"created_at":"2025-08-22T02:09:33.351Z","updated_at":"2025-08-22T02:09:33.351Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28437981,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","decentralization","networking","nkn","p2p","sdn","vpn"],"created_at":"2024-08-01T22:00:47.536Z","updated_at":"2026-01-14T23:24:21.526Z","avatar_url":"https://github.com/nknorg.png","language":"Go","funding_links":[],"categories":["Before using VPN, please modify **[DNS](https://www.dnsperf.com/#!dns-resolvers)** to ensure that the vpn server is correct resolve. [How to Change Your DNS](https://www.wikihow.com/wikiHowTo?search=dns) **[Change sim Mobile data APN](https://apkpure.com/apn-settings/net.thenatureweb.apnsettings)**"],"sub_categories":[],"readme":"# nConnect\n\n[![GitHub license](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE) [![Go Report Card](https://goreportcard.com/badge/github.com/nknorg/nconnect)](https://goreportcard.com/report/github.com/nknorg/nconnect) [![Build Status](https://travis-ci.org/nknorg/nconnect.svg?branch=master)](https://travis-ci.org/nknorg/nconnect) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](#contributing)\n\nnConnect allows you to securely connect to remote machines without the need of\nany server, public IP address, or publicly exposed ports. It features end-to-end\nencryption for top level security, and multi-path aggregation for maximum\nthroughput.\n\nnConnect provides several modes. When using the VPN mode, any TCP-based\napplication that works in the same local network will continue to work remotely\nas if those machines are in the same local network. A TUN device mode and a\nSOCKS proxy mode are also available for advanced users.\n\nnConnect uses [nkn-tunnel](https://github.com/nknorg/nkn-tunnel) for end to end\ntunneling, thus benefits from all the advantages of\n[nkn-tunnel](https://github.com/nknorg/nkn-tunnel):\n\n- Network agnostic: Neither sender nor receiver needs to have public IP address\n  or port forwarding. NKN tunnel only establishes outbound (websocket)\n  connections, so Internet access is all they need on both sides.\n\n- Top level security: All data are end to end authenticated and encrypted. No\n  one else in the world except the sender and receiver can see or modify the content\n  of the data. The same public key is used for both routing and encryption,\n  eliminating the possibility of man in the middle attack.\n\n- Decent performance: By aggregating multiple overlay paths concurrently, one\n  can usually get much higher throughput than direct connection. Even using the\n  free mode, one can still get \u003c100ms end to end latency and 10+mbps end to end\n  throughput.\n\n- Everything is open source and decentralized. The default free mode is,\n  suggested by its name, free of charge (If you are curious, node relay traffic\n  for clients for free to earn mining rewards in NKN blockchain); while in tuna\n  mode, nConnect (server mode) will pay NKN token directly to relay service\n  providers.\n\n## Build\n\n```shell\nmake\n```\n\n## Usage\n\nnConnect needs to be started in either server or client mode, server mode allows\nincoming connections from client mode.\n\nWhen started for the first time, nConnect will generate a config file\n`config.json` in the current working directory. This file contains your private\nkey and should not be shared.\n\nWhen started in server mode, nConnect might generate some data files in the\ncurrent working directory. You will also need the directory `web` located in the\ncurrent working directory if admin web dashboard is enabled.\n\n### Server Mode\n\nThe minimal arguments to start nConnect in server mode is just\n\n```shell\n./nConnect -s\n```\n\nBut most of the time you might want to start nConnect server with a few useful\narguments:\n\n```shell\n./nConnect -s --tuna --admin-http 127.0.0.1:8001\n```\n\n- `--tuna` enables tuna mode, which gets much better performance but requires\n  you to purchase data plan (you can find the link in admin web dashboard). This\n  argument is required if you want to be compatible with nConnect mobile and\n  desktop clients.\n\n- `--admin-http 127.0.0.1:8001` starts the admin web dashboard at\n  `http://127.0.0.1:8001`. You can visit this address in your browser to change\n  various config (e.g. access control), bind with nConnect mobile client, etc.\n  Do not make this port public as anyone who can access this endpoint can change\n  your configuration. If you want the best security, disable the admin dashboard\n  once you have done using it.\n\n#### Access Control\n\nBefore you can connect from nConnect client mode, you need to add your nConnect\nclient address (see [Get Your Client Address](#get-your-client-address) for how\nto get it) to allowed addresses. You can do it using the admin web dashboard, or\nmanually edit the `config.json` file, which will be generated after first run.\n\nThere are two lists of allowed address:\n\n- Accept address: address in this list will be able to connect to nConnect\n  server.\n\n- Admin address: address in this list will be able to connect to nConnect server\n  and manage nConnect server config and permissions (import/export account,\n  view/change accept addresses and admin addresses, etc).\n\nItems in each list are regular expressions. If you want to add a nConnect client\npublic key to the list, it is important that you add `$` to the end to match\nthe public key part. For example,\n`ad37e248005113dd42be15a4885e6446e9e23f35537dfa6c584f2563a7e8f96d$`\nwill allow any address using this public key, such as\n`ad37e248005113dd42be15a4885e6446e9e23f35537dfa6c584f2563a7e8f96d`\nand\n`nkn.ad37e248005113dd42be15a4885e6446e9e23f35537dfa6c584f2563a7e8f96d`.\n\n#### Get Your Server Address\n\nYou will need your nConnect server address in order to connect from nConnect client. You can get your server address using:\n\n```shell\n./nConnect -s --address\n```\n\nwhich can be passed to the `-a` argument on the nConnect client side.\n\n### Client Mode\n\nBefore connecting to nConnect server, you will first need to set up nConnect\nserver side correctly. Make sure you have done these:\n\n- Add client address or public key to server's allowed list, see [Access\n  Control](#access-control).\n\n- Get server address, see [Get Your Server Address](#get-your-server-address).\n\nWhen starting nConnect in client mode, you have a few sub-modes as options:\n\n- [VPN Mode](#vpn-mode): TCP connections made to nConnect server's local IP\n  address will be captured transparently and tunneled to nConnect server. Most\n  applications will work without any further configurations.\n\n- [TUN Device Mode](#tun-device-mode): create a TUN device, TCP connections\n  routed via this device will be tunneled to nConnect server.\n\n- [SOCKS Proxy Mode](#socks-proxy-mode): create a local SOCKS proxy, TCP\n  connections routed through this proxy will be tunneled to nConnect server.\n\n#### VPN Mode\n\nStart nConnect client in VPN mode requires root privilege in most cases:\n\n```shell\nsudo ./nConnect -c -a \u003cserver-addr\u003e --tuna --vpn\n```\n\nReplace `\u003cserver-addr\u003e` with the server address you get in [Get Your Server\nAddress](#get-your-server-address), and add `--tuna` only if nConnect starts\nwith `--tuna` as well.\n\nIn the console you should see one or more `Adding route \u003clocal-ip\u003e/32`. You can\nthen connect to server machine using any one of these local IP addresses as if\nthey are in the same local network, e.g. `ssh user@\u003clocal-ip\u003e`.\n\nBy default, all local IP addresses on the server machine will be added to routes,\nbut you can manually specify which IP or IP range you would like to route\nthrough the VPN using `--vpn-route` arguments. Use `./nConnect -h` for all available arguments.\n\nIf you start multiple nConnect clients in VPN mode, make sure to use different\nsubnets for both `--tun-addr` and `--tun-gateway` (e.g. `10.0.86.X` for one\nclient, `10.0.87.X` for another client).\n\nIf you are using windows, you will need to install the network adaptor driver\nand change adaptor info beforehand. The simplest way of doing that is to install\nnConnect client for windows before using nConnect command line version.\n\n#### TUN Device Mode\n\nStart nConnect client in TUN mode requires root privilege in most cases:\n\n```shell\nsudo ./nConnect -c -a \u003cserver-addr\u003e --tuna --tun\n```\n\nReplace `\u003cserver-addr\u003e` with the server address you get in [Get Your Server\nAddress](#get-your-server-address), and add `--tuna` only if nConnect starts\nwith `--tuna` as well.\n\nAfter nConnect client is started, the TUN device will be up and running. TCP\nconnections routed via this device will be tunneled to nConnect server. You will\nneed to modify system routing table yourself to determine what traffic should be\nrouted through the TUN device.\n\nYou can also change the name, IP, gateway, network mask and DNS resolvers of the TUN device. Use `./nConnect -h` for\nall available arguments.\n\nIf you start multiple nConnect clients in TUN device mode, make sure to use\ndifferent subnets for both `--tun-addr` and `--tun-gateway` (e.g. `10.0.86.X`\nfor one client, `10.0.87.X` for another client).\n\nIf you are using windows, you will need to install the network adaptor driver\nand change adaptor info beforehand. The simplest way of doing that is to install\nnConnect client for windows before using nConnect command line version.\n\n#### SOCKS Proxy Mode\n\n```shell\n./nConnect -c -a \u003cserver-addr\u003e --tuna\n```\n\nReplace `\u003cserver-addr\u003e` with the server address you get in [Get Your Server\nAddress](#get-your-server-address), and add `--tuna` only if nConnect starts\nwith `--tuna` as well.\n\nAfter nConnect client is started, a SOCKS proxy will be listening at\n`127.0.0.1:1080`. TCP connections routed through this proxy will be tunneled to\nnConnect server. You can change the SOCKS proxy listening address using `-l`\nargument. Use `./nConnect -h` for all available arguments.\n\n#### Get Your Client Address\n\nYou will need your nConnect client address to add to allowed addresses on\nnConnect server side. You can get your client address using:\n\n```shell\n./nConnect -c --address\n```\n\nThe address typically contains one or more dot, with the part after last dot\nbeing your client public key.\n\n### UDP mode\n\nYou can enable UDP when starting nConnect server with tuna mode\n\n```shell\n./nConnect -s --tuna --udp\n```\n\n### Use nConnect as library\n\nYou can also use nConnect as library. Please check [proxy_test.go](tests/proxy_test.go) for usages.\n\n### Use pre-built Docker image\n\nPre-requirement: Have working docker software installed. For help with that\nvisit [official docker\ndocs](https://docs.docker.com/install/#supported-platforms)\n\nWe host the latest Docker image on our official Docker Hub account. You can get\nit by\n\n```shell\n$ docker pull nknorg/nconnect\n```\n\nand run it with\n\n```shell\ndocker run --rm -it --net=host -v ${PWD}:/nConnect/data nknorg/nconnect\n```\n\nfollowed by the command line argument you want to add.\n\nNote: If you are running nConnect in TUN or VPN mode inside Docker, you need to\nbe able to access TUN device inside Docker (e.g. `--cap-add=NET_ADMIN --device\n/dev/net/tun:/dev/net/tun`).\n\n## nConnect Client Connects to Multi Servers\n\nNow nConnect client can connect to multiple servers. You can edit `config.json` to add multiple servers admin addresses:\n\n```\n{\n  \"Client\": true,\n  \"Server\": false,\n  \"identifier\": \"alice\",\n  \"seed\": \"\",\n  \"remoteAdminAddr\": [\n      \"nConnect.bob1.7cafe0ae02789f8eb6b293e46b0ac5cf8f92f73042199c8161e5b5f90b13dcb5\",\n      \"nConnect.bob2.7cafe0ae02789f8eb6b293e46b0ac5cf8f92f73042199c8161e5b5f90b13dcb5\",\n      \"nConnect.bob3.7cafe0ae02789f8eb6b293e46b0ac5cf8f92f73042199c8161e5b5f90b13dcb5\",\n  ],\n  \"localSocksAddr\": \"127.0.0.1:1080\",\n}\n\n```\n\nAfter config multi `remoteAdminAddr`, the nConnect client will add routing information to each Server's local IP. So you can access all the servers by their local IP address.\n\nSpecifically, the first item in the `remoteAdminAddr` will become the default server which will get the forwarded data whose targets are beyond all these servers' local IP addresses. Such as access to the website by domain, or some other applications.\n\nYou can use command argument to connect to multiple servers too. Use multi times argument `-a` to pass multi servers addresses:\n\n```\nnConnect -c -a server-address1 -a server-address2 -a server-address3\n\n```\n\n## Use `config.json` to Simplify Command Arguments\n\nYou can use `config.json` to simplify command arguments. Copy config.client.json or config.server.json as `config.json` and edit it before starting your nConnect client or server. After saving `config.json`, you can start nConnect simply.\n\n## Set up a Virtual Private Network by nConnect\nYes, nConnect supports setting up a virtual private network. It means many computers can join a nConnect virtual network, and access each other just like all nodes are in a local network no matter where they are.\n\nIn nConnect private virtual network, there are two types of nodes:\n\n* **manager node**\nThe manager node is the network administrative node that configures network parameters and authorizes network members. It is just like a registry portal and privilege management center.\n\nBased on NKN decentralized network, you can set up nConnect manager node anywhere and only need to connect to the internet. Each nConnect manager has an NKN address, which is used to identify this node and used for other members to register into the network.\n\n* **member node**\nThe member nodes are the members of the network. All member nodes need to register with the network manager first. After the manager node authorizes the member's `join network` request, the member node will have a network-specific IP and mask. All the member nodes (not including the manager node) can communicate by their network-specific IP no matter where they are. And the data transmitted between network members are encrypted, and high secured.\n\nTo set up a nConnect network, you need firstly to start a network manager node. \n\n### Start a network manager\nTo start the network manager, we copy `config.network.json` to `config.manager.json`:\n\n```\ncp config.network.josn config.manager.json\n\n```\n\nThen edit config.json, enable `NetworkManager`, and give a value to \"identifier\", just like below:\n\n```\n{\n    \"identifier\": \"manager\",\n    \"AdminHTTPAddr\": \"127.0.0.1:8000\",\n}\n\n```\n\n\u003e If you want to access your manager web page from another computer, you may set `AdminHTTPAddr` in a public IP instead of `127.0.0.1`. But it is not safe and not recommanded. After finishing your network configuration, had better change it back to `127.0.0.1`. It means people can access this web page only from this computer.\n\nThen start nConnect as a network manager with parameter `-m -f config.manager.json` :\n\n```\n./nConnect -m -f config.manager.json\n\n```\n\nAfter nConnect network manager starts, you can see a console printed message:\n\n```\nnConnect network manager is listening at: manager.0ec192083....\nNetwork manager web serve at:  http://127.0.0.1:8000/network\n```\n\nCopy this listening address: `manager.0ec192083....`, it is the manager's address. Other member nodes need this address to join this network.\nAfter the manager starts, you can visit the web service `http://127.0.0.1:8000/network` (default), to config, to manage the network.\n\nIf you want to access nConnect manager from a public IP, you may configure `AdminHTTPAddr` with your computer's public IP.  But do remember that other people can access your manager web page too. After configuring your network, you had better disable `AdminHTTPADDR` and set it to \"127.0.0.0\" or empty.\n\n### Start network member and join the network\nOn another computer, you can start a network member, and let it join the nConnect which you start above.\nFirst, you copy `config.network.json` to `config.member.json`\n\n```\ncp config.network.json config.member.json\n\n```\n\nThen edit `config.member.json` to edit `identifier`, `managerAddress` and `nodeName`.\n\n```\n{\n    \"identifier\": \"alice\",\n    \"managerAddress\": \"manager.0ec192083....\",\n    \"nodeName\": \"alice\",\n    \"seed\": \"...\",\n    \"AdminHTTPAddr\": \"127.0.0.1:8000\",\n}\n\n```\n\nSet `managerAddress` as your network manager's listening address, and identify your node name `nodeName`. Each network member should have a different `nodeName`.\nThe field `seed` is the seed of the wallet which you use to pay for the `tuna` fee. Please keep it secured. If your wallet has zero balance, then nConnect Server cannot start at `tuna` mode.\n\n\u003e On Unix-like systems you may need to preface commands with `sudo`, while on Windows you will need to use an `administrator-mode` command prompt. \n\nThen you can start this node to join the network:\n\n```\nsudo ./nConnect -n -s -c -f config.member.json --tuna --vpn --udp\n```\n\nor \n\n```\n./nConnect.exe -n -s -c -f config.member.json --tuna --vpn --udp\n```\n\n`-n` means this is a network member `node`\nFor a network member, you may start both `-c` client, and `-s` server, which means you can access other nodes, and other nodes can access you too. \nOr you can only set `-c`, which means you can access other nodes, but you don't want other nodes to access you.\nOr you can only set `-s`, which means you can only be accessed, and you don't want to access other nodes.\n\n\u003e A nice tips, when you start nConnect with parameters `-s`, `-tuna`, it means you start nConnect Server and connect to `TUNA` service providers, you need make sure your seed's wallet have NKN tokens, which is used for paying `TUNA` service. And don't worry, it's definitely a low cost for data transmitting compare to other type tunneling service.\n\n#### How to join nConnect network without NKN balance\n\nIf you only want to join the nConnect network as a client, it means you can access other member nodes, but other nodes needn't access your node. You can start nConnect without parameter `-s`, which means it will not start nConnect server, and won't spend any NKN tokens.\n\nThis is especially useful when you only want to test the network functions and works for most network members.\n\nThis is to start a node to join the network without starting nConnect server, and needn't spend any NKN tokens.\n\n```\nsudo ./nConnect -n -c -f config.member.json --tuna --vpn --udp\n```\n\nor \n\n```\n./nConnect.exe -n -c -f config.member.json --tuna --vpn --udp\n```\n\n### Manage the network\n\nWhen a network member starts, it first will send a `JoinNetwork` message to the network manager.\nAfter the network administrator should open the manager's web administrate page `http://127.0.0.1:8000/network` (default), to configure the network name, IP range, netmask, and gateway.\n\nThere are two lists on the manager's web page:\n\n* Waiting for Authorization\n  This lists all the nodes which are waiting for authorization to join this network. The administrator can accept it or reject it.\n  Only authorized nodes can become network members and will get a network-specific IP address.\n  When authorizing a node, it will pop up a dialog to set this node's permission to other nodes which decides if all members or only some of them can access this node.\n\n* Network Members\n  In the network members list, the administrator can reset nodes' access permission and remove a node from the network (authorization).\n\nIf you don't see your node information in `Waiting for Authorization`, please click the `Refresh` button to fetch updated data from the manager.\n\n### Test your network\n\nTo test your network, you can run a TCP/UDP server on a member node, and run a TCP/UDP client on another member node to do some echo tests.\n\n* Start a TCP and UDP server, so another node can access your node\n\n```\ngo run tests/tools/main.go -server\n```\n\n* Start a TCP client to access another node if you know his IP, such as making an echo test to `10.0.86.3` node:\n\n```\ngo run tests/tools/main.go -serverAddr 10.0.86.3\n```\n\n* Start a UDP client to access another node if you know his IP, such as making an echo test to `10.0.86.3` node:\n\n```\ngo run tests/tools/main.go -serverAddr 10.0.86.3 -udp\n```\n\nYou should see both the server and client's echo test messages.\n\n### Interact with the nConnect node by command line interface\n\nNow we provide a command line interface to interact with the running nConnect process.\n\n```\n./nConnect -i \u003ccmd\u003e\n```\nThe \u003ccmd\u003e can be:\n\n```\nhelp:        this help\njoin:        join network\nleave:       leave network\nstatus:      get network status\nlist:       list nodes I can access and nodes which can access me.\n```\n\nYou can input these sub-commands to interact with the nConnect network member:\n\n* join: to join a network that is configured with a manager address;\n* leave: to leave a network;\n* status: to show your nConnect network member information, such as your node's IP information.\n* list: to list nodes I can access and nodes that can access me.\n\n## Contributing\n\n**Can I submit a bug, suggestion or feature request?**\n\nYes. Please open an issue for that.\n\n**Can I contribute patches?**\n\nYes, we appreciate your help! To make contributions, please fork the repo, push\nyour changes to the forked repo with signed-off commits, and open a pull request\nhere.\n\nPlease sign off your commit. This means adding a line \"Signed-off-by: Name\n\u003cemail\u003e\" at the end of each commit, indicating that you wrote the code and have\nthe right to pass it on as an open source patch. This can be done automatically\nby adding -s when committing:\n\n```shell\ngit commit -s\n```\n\n## Community\n\n- [Forum](https://forum.nkn.org/)\n- [Discord](https://discord.gg/c7mTynX)\n- [Telegram](https://t.me/nknorg)\n- [Reddit](https://www.reddit.com/r/nknblockchain/)\n- [Twitter](https://twitter.com/NKN_ORG)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnknorg%2Fnconnect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnknorg%2Fnconnect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnknorg%2Fnconnect/lists"}