⇡ # Tell me who your friend is
F2F stands for Friend-to-Friend. If you do not go into technical details, then F2F-networks are a subset of those familiar to many P2P-networks like Kad or eDonkey. Unlike them, in the F2F-network, or, as it is also called, Darknet, there can be only trusted participants, that is, people you personally know or at least trust in a sufficient degree. Such a network, built on trust between the participants, allows you to safely share information. Thus, it is protected from accidental "sexual" communication with amateurs to protect copyright in excess of any measure. However, if one of the participants is caught, then he can safely "surrender" and his friends. In practice, such cases are rare, because it is much easier to hack some Bittorrent trackers or file sharing. Sadly, most of the F2F networks that appeared in the 2000s, now if they are alive, are not very well. Some customers do not even know about the existence of UPnP or NAT-PMP.
Let's start by getting acquainted with this technology not from the classic F2F client, but with a peculiar implementation of the VPN connection – n2n. Unlike regular VPN connections, when clients connect to the server and all traffic goes through it, n2n works a little differently. This system also requires a "server" (supernode), which deals with "pandering" of several clients among themselves, and only then they transmit the data directly to each other. In the extreme case, when you break out of the firewall, NAT and other network barriers do not work, it will drive traffic through itself.
On the Web, you can find lists of public servers n2n, but it's better to use all your own, native. Once again we will be helped by the Ubuntu server in the Amazon cloud. Install and run n2n.
sudo apt-get install n2n Sudo supernode -l 443
The port number is passed as a parameter. For example, the 443 port is selected, since it is unlikely to be blocked in any public network, but you can use any other port. The main thing, do not forget to open this port for TCP / UDP in the settings of the Amazon EC2 firewall.
Clients, like the server, are available for Windows, Linux, Mac OS X and even for some alternative router firmware. For the OS from Microsoft there is a ready installer. If you do not have a TAP adapter installed, you will have to do this with Device Manager. In it we select "Action" -> "Install old device", go to the manual adding of devices and select the driver folder in the directory where n2n was installed. After installation, the TAP-Win32 Adapter V8 should appear in the list of network adapters.
Now on each of the clients on the command line, having armed with administrator rights, we move to the directory where n2n is installed, and execute the following command:
edge.exe -a 10.1.2.1 -c vpn2n -k password -l server-address: 443
The -a switch specifies the internal IP address of the machine, the -c parameter passes the name of the virtual network, and after -k, a password is given to access it. Finally, after -l you must specify the server's address and port. The second and subsequent machines run the same command, but the next internal IP address is specified. For the convenience of running clients n2n, there are several graphical shells.
You can now safely share information within the VLAN. Well, since we're talking about P2P-VPN, we can not help mentioning the curious project of the same name P2PVPN. The client is cross-platform and also requires the presence of a TAP adapter, and besides this, there is also manual port forwarding. But it is completely decentralized. An interesting feature is the installation of communication between participants through the Bittorrent tracker.
⇡ # RetroShare
Everything, get out of the console and go to the products for ordinary people. Next on the list is the old project RetroShare, which recently got a second wind. It works with a decentralized and encrypted F2F network. The client in the best traditions of P2P is a small harvester and supports search, file sharing, chat rooms, mail, forums and so on. The most important thing in it is lists and groups of friends or proxies. At the first start it is suggested to create a profile and generate a PGP-key for authentication. This procedure is resource-intensive.
After creating the account and logging in, go directly to the settings by clicking on the gear icon. In the Server section, enable UPnP and go to DarkNet or at least Private mode. Immediately indicate the speed limit of the incoming and outgoing channels. At the same time, for calming the nerves, in the section of Appearance we switch the language to English, for Russian localization is done by a professional Google translator in places.
A similar configuration must be made for another client. Now go to the friends tab and add a new contact by clicking on the plus sign and selecting Add friend. We need to get the PGP key from a friend and send it to us. The received keys must be inserted in the lower input field. In the next step, check the items for adding and authenticating a new acquaintance.
After a while, customers will find each other, and a new account will appear in the friends lists. To exchange files, you must make at least one folder available. In the menu on the left, click on the folder icon with the plus sign. We add folders that we want to share. Each of them is best left to be viewed for friends, but inaccessible to other network members.
To download files, go to the "Files" section, where we select a friend and watch his files and folders. In the context menu, you can run the command to download the required data. That, in fact, and all the wisdom. And in RetroShare you can search for files among common folders of friends, recommend a friend to the rest of the network, forward files in private messages and much more.
⇡ # Alliance P2P
This project is not very popular, although for the user it is much more convenient and simpler than others. The client is cross-platform and written in Java. Immediately after the start of the application, you will need to change the name (nickname) and check the network settings, that is, make sure that the port is normally thrown through UPnP. To improve security, you can add a list of networks from which you can connect, and also enable SSL + AES encryption. It is superfluous to prohibit automatic interaction with friends of friends – viewing, access to files, adding to a contact list and so on.
After the initial configuration, you must select the shared folders through the Add files to share dialog. Now you can invite your friends using the Add friends wizard. To do this, you need to generate codes (invitations), and you can add not only remote users, but also your neighbors over the local network. It's safer to use one-off invitations.
The generated invitation code is sent to another user who, using the same wizard, enters it and almost immediately joins your small F2F network. Note that the type of encryption must be the same for all clients. Well, in real life, the automatic transmission of the port does not always work, and manual is completely inaccessible. Consider this unpleasant feature.
Now you can view and download friends files. The program also provides a simple chat where you can send a link to download any of your files. As you can see, everything is very simple.
Once upon a time this was another fork of the famous Bittorrent client Vuze, but with an increased level of privacy protection. Now OneSwarm has grown to a real monster with a bunch of features that allow you to share files virtually without fear, including by building your own private F2F network. By default, the web interface is launched, although the program has a more sophisticated window GUI. Invite friends to your network in various ways. OneSwarm can import a contact list from a Google account, look for clients on the local network, add friends through a key exchange or through invitations. Still there is a mode of import of users from a public server on which, as a matter of fact, keys of other people are. It is more reliable to manually add friends and not "glow" in public places.
But even in this case, OneSwarm offers the separation of contacts according to the level of trust. By default, all added contacts can not see the list of files you have added. When creating or downloading a distribution, you can restrict the circle of friends to whom files from it will be available. All this allows you to ensure that when downloading a file found in the F2F network, you can not guarantee to say which user or user the desired file is located in.
However, this is not all that OneSwarm can do. For the sake of interest, you can look at the client's settings in the classic GUI by going to Advanced mode. Just do not peer long into this abyss of options, otherwise the abyss will peer at you. Seriously, if you do not understand what any adjustment is responsible for, then do not bother with it.
⇡ # Instead of confinement
Outside of the article there were such famous projects as GNUNet or Freenet, which can also help in the creation of F2F-networks. However, for most, they will be quite difficult to configure and use, and the speed of file sharing in them is not so high. The above projects are cross-platform, have a clear interface and are sufficiently maintained and developed. It would be superfluous to remind readers that it is possible to use F2F-networks, just like any other, for a legal file exchange. Well, if you are pirating, then the SSZB. Have fun!
If you notice an error – select it with the mouse and press CTRL + ENTER.