作者归档:zhiwei

android多用户多开

adb shell dumpsys user

Users:
  UserInfo{0:null:13} serialNo=0
    State: RUNNING_UNLOCKED
    Created: 
    Last logged in: +1h11m3s841ms ago
...
  UserInfo{10:Island:30} serialNo=1000
    State: RUNNING_UNLOCKED
    Created: +126d22h46m24s314ms ago
    Last logged in: +1h11m2s618ms ago
...
  UserInfo{11:Ake:10} serialNo=1001
    State: -1
    Created: +101d22h17m23s242ms ago
    Last logged in: +26d19h12m24s400ms ago
...
  UserInfo{12:新用户:10} serialNo=1002
    State: -1
    Created: +101d17h44m7s15ms ago
    Last logged in: +26d19h10m31s668ms ago
...
  UserInfo{13:新用户:10} serialNo=1003
    State: -1
    Created: +101d17h43m42s888ms ago
    Last logged in: +26d19h8m47s178ms ago

...
  UserInfo{14:新用户:10} serialNo=1004
    State: -1
    Created: +101d17h43m31s614ms ago
    Last logged in: +26d19h7m59s627ms ago
...
  UserInfo{999:Multi-App:4000030} serialNo=10
    State: RUNNING_UNLOCKED
    Created: +139d14h5m45s821ms ago
    Last logged in: +1h11m1s800ms ago
...

安装微信
pm path com.tencent.mm
    package:/data/app/com.tencent.mm-xQ4u7JtqOm0URxLput51Uw==/base.apk

pm install -r –user 12 /data/app/com.tencent.mm-xQ4u7JtqOm0URxLput51Uw==/base.apk

启动 user11 (Ake)的微信
adb shell am start –user 12 com.tencent.mm/.ui.LauncherUI

development/samples/browseable/BasicManagedProfile

如果是三方app需要修改几行代码。
development/samples/browseable/BasicManagedProfile/src/com/example/android/basicmanagedprofile/BasicManagedProfileFragment.java
private void setAppEnabled(String packageName, boolean enabled) {

// devicePolicyManager.enableSystemApp(
// BasicDeviceAdminReceiver.getComponentName(activity), packageName);

int userId = UserHandle.myUserId();
packageManager.installExistingPackageAsUser(packageName, userId);

}

小米

  UserInfo{999:XSpace:800010} serialNo=10
    Created: +41d19h10m37s555ms ago
    Last logged in: +1d22h35m41s688ms ago

https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/UserManager.java

中国移动的光纤宽带使用ipv6

Netgear V6400 V2

高级–>高级设置–>IPv6

勾选 ”使用与 IPv4 PPPoE 相同的登录信息”

广域网上的路由器IPv6地址
2409:8a4c:ca01:f0dc:7c22:f9ed:fea7:7c74/64

局域网上的路由器IPv6地址
2409:8a4c:ca1e:4760:9e3d:cfff:fe7a:7a6a/64

inet6 2409:8a4c:ca1e:4760:94e9:bc85:8fde:bc3b/64 scope global dynamic noprefixroute
valid_lft 256039sec preferred_lft 169639sec

Your Public IPv6 is: 2409:8a4c:ca1e:4760:94e9:bc85:8fde:bc3b
My IP Address Is:
IPv6: 2409:8a4c:ca1e:4760:94e9:bc85:8fde:bc3b

socat tun

下载 
http://www.dest-unreach.org/socat/download/socat-1.7.3.2.tar.gz

socat_buildscript_for_android.sh

编译arm64版本,需要修改

ANDROID_NDK="/media/data/Android/android-ndk-r15c"

...

${ANDROID_NDK}/build/tools/make-standalone-toolchain.sh \
 --arch=arm64 \
 --toolchain=aarch64-linux-android \
 --platform=android-23 \
 --install-dir="${OUT}/toolchain" \
 || exit 1

...

${ROOT}/configure \
 --host \
 --disable-openssl \
 --disable-unix \
 CC="${OUT}/toolchain/bin/aarch64-linux-android-gcc -fPIE -pie " \
 || exit 1

测试

服务端 (pc debian buster x86_64)

socat -d -d UDP-LISTEN:1234,reuseaddr TUN:172.16.8.1/24,up


socat UDP:192.0.2.2:9000,bind=192.0.2.1:9000  TUN:10.0.1.1/24,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up

手机客户端 

 mkdir /dev/net
 ln -s /dev/tun /dev/net/tun

socat UDP:192.168.1.183:1234 TUN:172.16.8.2/24,up


socat UDP:192.0.2.1:9000,bind=192.0.2.2:9000  TUN:10.0.1.2/24,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up

手动添加ip rule

ip rule add prio 100 from all lookup 100
ip route add table 100 172.16.8.1 dev tun0

从手机上ping 服务器

ping 172.16.8.1

参考文章:
http://www.dest-unreach.org/socat/doc/socat-tun.html

Building TUN based virtual networks with socat

http://tinc_gui.poirsouille.org/
Lollipop uses several routing tables, depending on the available interfaces and/or users

android ip tuntap add不能使用的问题

# ip tuntap add  mode tun name tun0
open: No such file or directory

因为android对linux内核修改了, tun clone device在 /dev/tun

做个符号连接就可以了

# mkdir /dev/net
# ln -s /dev/tun /dev/net/tun

simpletun测试

服务端

# ip tuntap add  mode tun name tun0

# ip tuntap list
tun0: tun persist

# ip link set tun0 up

# ip addr add 172.16.8.1/24 dev tun0

运行
simpletun -i tun0 -s -p 1234 -u -d 

android客户端

ip tuntap add  mode tun name tun0

ip link set tun0 up
ip addr add 172.16.8.2/24 dev tun0

simpletun -i tun0  -c 192.168.1.183  -p  1234  -u -d

netd ndc 命令

# ndc ipfwd status
211 0 Forwarding disabled

# ndc ipfwd status
211 0 Forwarding enabled

# ndc interface list

# ndc interface getcfg wlan0
213 0 00:ec:0a:70:85:92 192.168.1.124 24 up broadcast running multicast

# ndc ipfwd add tun0 wlan0

# ndc nat enable rndis0 tun0

# ndc tether status
210 0 Tethering services started

# ndc tether interface list
111 0 rndis0
200 0 Tether operation succeeded

# ndc tether dns list
115 0 100
112 0 fd3b:fbcb:a1a::1
112 0 192.168.1.1
200 0 Tether operation succeeded

# ndc netd network route add

# iptables -S natctrl_FORWARD                                      
-N natctrl_FORWARD
-A natctrl_FORWARD -i wlan0 -o rndis0 -m state --state RELATED,ESTABLISHED -g natctrl_tether_counters
-A natctrl_FORWARD -i rndis0 -o wlan0 -m state --state INVALID -j DROP
-A natctrl_FORWARD -i rndis0 -o wlan0 -g natctrl_tether_counters
-A natctrl_FORWARD -j DROP


# iptables -S natctrl_nat_POSTROUTING -t nat                                                                                                                    
-N natctrl_nat_POSTROUTING
-A natctrl_nat_POSTROUTING -o wlan0 -j MASQUERADE

成功了

# ndc nat enable tun0 wlan0 1                                                                                                                                     
200 0 Nat operation succeeded


# iptables -S natctrl_nat_POSTROUTING -t nat                                                                                                                      
-N natctrl_nat_POSTROUTING
-A natctrl_nat_POSTROUTING -o wlan0 -j MASQUERADE


iptables -S natctrl_FORWARD                                                                                                                                     
-N natctrl_FORWARD
-A natctrl_FORWARD -i wlan0 -o tun0 -m state --state RELATED,ESTABLISHED -g natctrl_tether_counters
-A natctrl_FORWARD -i tun0 -o wlan0 -m state --state INVALID -j DROP
-A natctrl_FORWARD -i tun0 -o wlan0 -g natctrl_tether_counters
-A natctrl_FORWARD -j DROP

android netd RouteController

https://android.googlesource.com/platform/system/netd/+/refs/heads/master/server/RouteController.cpp

标记进入网络的包

iptables -t mangle -A routectrl_mangle_INPUT -i wlan0 -j MARK --set-mark 0x/0x  

这样, 内核可以
1)使用正确的fwmark(也因此能选择正确的路由) 来回复(TCP 复位, ICMP错误, ping回复, SYN确认等)
2)标记一些”接受从这个接口来的连接”的socket, 以便这些连接永远保持在同样的网络接口

调用关系
int PhysicalNetwork::addInterface(const std::string& interface)
RouteController::addInterfaceToPhysicalNetwork(mNetId, interface.c_str(), mPermission))
modifyPhysicalNetwork(netId, interface, permission, ACTION_ADD))
     getRouteTableForInterface
     modifyIncomingPacketMark
     modifyExplicitNetworkRule
     modifyOutputInterfaceRules


union Fwmark {
    uint32_t intValue;
    struct {
        unsigned netId          : 16;
        bool explicitlySelected :  1;
        bool protectedFromVpn   :  1;
        Permission permission   :  2;
        bool uidBillingDone     :  1;
    };
    Fwmark() : intValue(0) {}

    static inline uint32_t getUidBillingMask() {
        Fwmark m;
        m.uidBillingDone = true;
        return m.intValue;
    }

};





    fwmark.netId = netId;
    fwmark.explicitlySelected = true;
    fwmark.protectedFromVpn = true;
    fwmark.permission = permission;

     const uint32_t mask = ~Fwmark::getUidBillingMask();

ip rule命令选项

ip rule { add | del } SELECTOR ACTION

解释:
SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] [ iif STRING ] [ oif STRING ] [ pref NUMBER ]

ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ realms [SRCREALM/]DSTREALM ] [ goto NUMBER ]

——————–
policy routing 策略路由

每个规则的选择器应用于{源地址,目标地址,传入接口,tos,fwmark},如果选择器与数据包匹配,则执行操作。
动作一般返回 下一条的地址, 和使用的网络端口. 
然后终止查找
否则, 继续匹配下一条规则

NAT和伪装规则 具有 选择 要转换或者伪装的新IP地址的属性。

规则有5种类型
unicast
blackhole
prohibit
unreachable
nat
——————-
iif 选择要匹配的传入设备。 如果接口是环回,则规则仅匹配源自此主机的数据包。
这意味着您可以为转发和本地数据包创建单独的路由表,从而完全隔离它们。

oif 选择要匹配的传出设备。 传出接口仅适用于源自 绑定到设备的本地socket的数据包。

——————————
动作:

nat 要转换的IP地址块的基础(用于源地址)。 ADDRESS可以是NAT地址块(由NAT路由选择)的开始,也可以是本地主机地址(甚至为零)。 在最后一种情况下,路由器不会转换数据包,而是将它们伪装成此地址。 使用map-to代替nat意味着同样的事情。

vpn server route

0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all oif dummy0 uidrange 0-0 lookup dummy0
10500: from all oif rmnet_data0 uidrange 0-0 lookup rmnet_data0
10500: from all oif rmnet_data1 uidrange 0-0 lookup rmnet_data1
13000: from all fwmark 0x10063/0x1ffff lookup local_network
13000: from all fwmark 0x1000b/0x1ffff lookup rmnet_data0
13000: from all fwmark 0x10079/0x1ffff lookup rmnet_data1
14000: from all oif dummy0 lookup dummy0
14000: from all oif rmnet_data0 lookup rmnet_data0
14000: from all oif rmnet_data1 lookup rmnet_data1
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network
19000: from all fwmark 0xb/0x1ffff lookup rmnet_data0
19000: from all fwmark 0x79/0x1ffff lookup rmnet_data1
22000: from all fwmark 0x0/0xffff lookup rmnet_data1
23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main
32000: from all unreachable

ip route show table rmnet_data1
default via 10.69.124.197 dev rmnet_data1 proto static
10.69.124.196/30 dev rmnet_data1 proto static scope link

ip route show table main
10.69.124.196/30 dev rmnet_data1 proto kernel scope link src 10.69.124.198

—————————————————–

0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all oif dummy0 uidrange 0-0 lookup dummy0
10500: from all oif rmnet_data0 uidrange 0-0 lookup rmnet_data0
10500: from all oif rmnet_data1 uidrange 0-0 lookup rmnet_data1

10500: from all oif rndis0 uidrange 0-0 lookup local_network

13000: from all fwmark 0x10063/0x1ffff lookup local_network
13000: from all fwmark 0x1000b/0x1ffff lookup rmnet_data0
13000: from all fwmark 0x10079/0x1ffff lookup rmnet_data1
14000: from all oif dummy0 lookup dummy0
14000: from all oif rmnet_data0 lookup rmnet_data0
14000: from all oif rmnet_data1 lookup rmnet_data1

14000: from all oif rndis0 lookup local_network

15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network

18000: from all iif rndis0 lookup rmnet_data1

19000: from all fwmark 0xb/0x1ffff lookup rmnet_data0
19000: from all fwmark 0x79/0x1ffff lookup rmnet_data1
22000: from all fwmark 0x0/0xffff lookup rmnet_data1
23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main
32000: from all unreachable

ip route show table main
10.69.124.196/30 dev rmnet_data1 proto kernel scope link src 10.69.124.198
192.168.42.0/24 dev rndis0 proto kernel scope link src 192.168.42.129 linkdown

———————————–

ip rule show

0: from all lookup local
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all oif dummy0 uidrange 0-0 lookup dummy0
10500: from all oif rmnet_data0 uidrange 0-0 lookup rmnet_data0
10500: from all oif rmnet_data1 uidrange 0-0 lookup rmnet_data1

10500: from all oif rndis0 uidrange 0-0 lookup local_network
11000: from all iif tun0 lookup local_network

12000: from all fwmark 0x0/0x20000 iif lo uidrange 0-99999 lookup tun0

12000: from all fwmark 0xc007a/0xcffff lookup tun0

13000: from all fwmark 0x10063/0x1ffff lookup local_network
13000: from all fwmark 0x1000b/0x1ffff lookup rmnet_data0
13000: from all fwmark 0x10079/0x1ffff lookup rmnet_data1

13000: from all fwmark 0x1007a/0x1ffff uidrange 0-99999 lookup tun0
13000: from all fwmark 0x1007a/0x1ffff uidrange 0-0 lookup tun0

14000: from all oif dummy0 lookup dummy0
14000: from all oif rmnet_data0 lookup rmnet_data0
14000: from all oif rmnet_data1 lookup rmnet_data1
14000: from all oif rndis0 lookup local_network
14000: from all oif tun0 uidrange 0-99999 lookup tun0
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network

18000: from all iif rndis0 lookup rmnet_data1

19000: from all fwmark 0xb/0x1ffff lookup rmnet_data0
19000: from all fwmark 0x79/0x1ffff lookup rmnet_data1
21000: from all fwmark 0x7a/0x1ffff lookup rmnet_data1
22000: from all fwmark 0x0/0xffff lookup rmnet_data1
23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main
32000: from all unreachable

android ip route

ip rule show

ip rule show                                                                                                                                                  
0:	from all lookup local 
10000:	from all fwmark 0xc0000/0xd0000 lookup legacy_system 
10500:	from all oif dummy0 uidrange 0-0 lookup dummy0 
10500:	from all oif rmnet_data0 uidrange 0-0 lookup rmnet_data0 
13000:	from all fwmark 0x10063/0x1ffff lookup local_network 
13000:	from all fwmark 0x1000b/0x1ffff lookup rmnet_data0 
14000:	from all oif dummy0 lookup dummy0 
14000:	from all oif rmnet_data0 lookup rmnet_data0 
15000:	from all fwmark 0x0/0x10000 lookup legacy_system 
16000:	from all fwmark 0x0/0x10000 lookup legacy_network 
17000:	from all fwmark 0x0/0x10000 lookup local_network 
19000:	from all fwmark 0xb/0x1ffff lookup rmnet_data0 
23000:	from all fwmark 0x0/0xffff uidrange 0-0 lookup main 
32000:	from all unreachable

ip route show table 0

                                                                                                                                    
default dev dummy0  table dummy0  proto static  scope link 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
fe80::/64 dev dummy0  table dummy0  proto kernel  metric 256  pref medium
default dev dummy0  table dummy0  proto static  metric 1024  pref medium
fe80::/64 dev rmnet_data0  table rmnet_data0  proto kernel  metric 256  mtu 2000 pref medium
default via fe80::5d6:b137:94a8:7216 dev rmnet_data0  table rmnet_data0  proto ra  metric 1024  expires 31452sec hoplimit 255 pref medium
local ::1 dev lo  table local  proto none  metric 0  pref medium
local fe80::96a:dd37:62a0:97 dev lo  table local  proto none  metric 0  pref medium
local fe80::1497:ebff:fed9:ea6d dev lo  table local  proto none  metric 0  pref medium
ff00::/8 dev dummy0  table local  metric 256  pref medium
ff00::/8 dev rmnet_data0  table local  metric 256  mtu 2000 pref medium

ip route show table dummy0

                                                                                                                 
default dev dummy0  proto static  scope link 

开启 wifi

0:	from all lookup local 
10000:	from all fwmark 0xc0000/0xd0000 lookup legacy_system 
10500:	from all oif dummy0 uidrange 0-0 lookup dummy0 
10500:	from all oif rmnet_data0 uidrange 0-0 lookup rmnet_data0 

10500:	from all oif wlan0 uidrange 0-0 lookup wlan0 

13000:	from all fwmark 0x10063/0x1ffff lookup local_network 
13000:	from all fwmark 0x1000b/0x1ffff lookup rmnet_data0 

13000:	from all fwmark 0x10074/0x1ffff lookup wlan0 

14000:	from all oif dummy0 lookup dummy0 
14000:	from all oif rmnet_data0 lookup rmnet_data0 

14000:	from all oif wlan0 lookup wlan0 

15000:	from all fwmark 0x0/0x10000 lookup legacy_system 
16000:	from all fwmark 0x0/0x10000 lookup legacy_network 
17000:	from all fwmark 0x0/0x10000 lookup local_network 
19000:	from all fwmark 0xb/0x1ffff lookup rmnet_data0 

19000:	from all fwmark 0x74/0x1ffff lookup wlan0 
22000:	from all fwmark 0x0/0xffff lookup wlan0 

23000:	from all fwmark 0x0/0xffff uidrange 0-0 lookup main 
32000:	from all unreachable

ip route show table wlan0

                                                                                                                                    
default via 192.168.1.1 dev wlan0  proto static 
192.168.1.0/24 dev wlan0  proto static  scope link 

ip route show table main

                                                                                                                                 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.155 

ip route show table 0

                                                                                                                                     
default via 192.168.1.1 dev wlan0  table wlan0  proto static 
192.168.1.0/24 dev wlan0  table wlan0  proto static  scope link 
default dev dummy0  table dummy0  proto static  scope link 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.155 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev wlan0  table local  proto kernel  scope link  src 192.168.1.155 
local 192.168.1.155 dev wlan0  table local  proto kernel  scope host  src 192.168.1.155 
broadcast 192.168.1.255 dev wlan0  table local  proto kernel  scope link  src 192.168.1.155 
fd3b:fbcb:a1a::/64 dev wlan0  table wlan0  proto kernel  metric 256  pref medium
fd3b:fbcb:a1a::/64 dev wlan0  table wlan0  proto static  metric 1024  pref medium
fd3b:fbcb:a1a::/48 via fe80::7aa3:51ff:fe35:9796 dev wlan0  table wlan0  proto ra  metric 1024  pref medium
fe80::/64 dev wlan0  table wlan0  proto kernel  metric 256  pref medium
fe80::/64 dev wlan0  table wlan0  proto static  metric 1024  pref medium
fe80::/64 dev dummy0  table dummy0  proto kernel  metric 256  pref medium
default dev dummy0  table dummy0  proto static  metric 1024  pref medium
fe80::/64 dev rmnet_data0  table rmnet_data0  proto kernel  metric 256  mtu 2000 pref medium
default via fe80::5d6:b137:94a8:7216 dev rmnet_data0  table rmnet_data0  proto ra  metric 1024  expires 31174sec hoplimit 255 pref medium
local ::1 dev lo  table local  proto none  metric 0  pref medium
local fd3b:fbcb:a1a:0:5d79:cfb8:a788:dea4 dev lo  table local  proto none  metric 0  pref medium
local fd3b:fbcb:a1a:0:80d5:910b:2d8f:1d86 dev lo  table local  proto none  metric 0  pref medium
local fe80::96a:dd37:62a0:97 dev lo  table local  proto none  metric 0  pref medium
local fe80::1497:ebff:fed9:ea6d dev lo  table local  proto none  metric 0  pref medium
local fe80::35a4:2e6c:d297:6c0a dev lo  table local  proto none  metric 0  pref medium
ff00::/8 dev dummy0  table local  metric 256  pref medium
ff00::/8 dev rmnet_data0  table local  metric 256  mtu 2000 pref medium
ff00::/8 dev wlan0  table local  metric 256  pref medium

开启VPN后
ip rule show


0:	from all lookup local 
10000:	from all fwmark 0xc0000/0xd0000 lookup legacy_system 
10500:	from all oif dummy0 uidrange 0-0 lookup dummy0 
10500:	from all oif rmnet_data0 uidrange 0-0 lookup rmnet_data0 
10500:	from all oif wlan0 uidrange 0-0 lookup wlan0 
11000:	from all iif tun0 lookup local_network 

12000:	from all fwmark 0x0/0x20000 iif lo uidrange 0-99999 lookup tun0 
12000:	from all fwmark 0xc0077/0xcffff lookup tun0 

13000:	from all fwmark 0x10063/0x1ffff lookup local_network 
13000:	from all fwmark 0x1000b/0x1ffff lookup rmnet_data0 
13000:	from all fwmark 0x10076/0x1ffff lookup wlan0 

13000:	from all fwmark 0x10077/0x1ffff uidrange 0-99999 lookup tun0 
13000:	from all fwmark 0x10077/0x1ffff uidrange 0-0 lookup tun0 

14000:	from all oif dummy0 lookup dummy0 
14000:	from all oif rmnet_data0 lookup rmnet_data0 
14000:	from all oif wlan0 lookup wlan0 

14000:	from all oif tun0 uidrange 0-99999 lookup tun0 

15000:	from all fwmark 0x0/0x10000 lookup legacy_system 
16000:	from all fwmark 0x0/0x10000 lookup legacy_network 
17000:	from all fwmark 0x0/0x10000 lookup local_network 
19000:	from all fwmark 0xb/0x1ffff lookup rmnet_data0 
19000:	from all fwmark 0x76/0x1ffff lookup wlan0 
21000:	from all fwmark 0x77/0x1ffff lookup wlan0 
22000:	from all fwmark 0x0/0xffff lookup wlan0 
23000:	from all fwmark 0x0/0xffff uidrange 0-0 lookup main 
32000:	from all unreachable

ip route show table main

                                                                                                                                 
172.16.8.0/24 dev tun0  proto kernel  scope link  src 172.16.8.9 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.155 

ip route show table tun0

                                                                                                                                    
default dev tun0  proto static  scope link 
8.8.0.0/16 dev tun0  proto static  scope link 
172.16.8.0/24 dev tun0  proto static  scope link 

ip route show table wlan0

                                                                                                                                  
default via 192.168.1.1 dev wlan0  proto static 
192.168.1.0/24 dev wlan0  proto static  scope link

ip route show table 0

default via 192.168.1.1 dev wlan0  table wlan0  proto static 
192.168.1.0/24 dev wlan0  table wlan0  proto static  scope link 

default dev tun0  table tun0  proto static  scope link 
8.8.0.0/16 dev tun0  table tun0  proto static  scope link 
172.16.8.0/24 dev tun0  table tun0  proto static  scope link 

default dev dummy0  table dummy0  proto static  scope link 
172.16.8.0/24 dev tun0  proto kernel  scope link  src 172.16.8.9 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.155 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
broadcast 172.16.8.0 dev tun0  table local  proto kernel  scope link  src 172.16.8.9 
local 172.16.8.9 dev tun0  table local  proto kernel  scope host  src 172.16.8.9 
broadcast 172.16.8.255 dev tun0  table local  proto kernel  scope link  src 172.16.8.9 
broadcast 192.168.1.0 dev wlan0  table local  proto kernel  scope link  src 192.168.1.155 
local 192.168.1.155 dev wlan0  table local  proto kernel  scope host  src 192.168.1.155 
broadcast 192.168.1.255 dev wlan0  table local  proto kernel  scope link  src 192.168.1.155 
fd3b:fbcb:a1a::/64 dev wlan0  table wlan0  proto kernel  metric 256  pref medium
fd3b:fbcb:a1a::/64 dev wlan0  table wlan0  proto static  metric 1024  pref medium
fd3b:fbcb:a1a::/48 via fe80::7aa3:51ff:fe35:9796 dev wlan0  table wlan0  proto ra  metric 1024  pref medium
fe80::/64 dev wlan0  table wlan0  proto kernel  metric 256  pref medium
fe80::/64 dev wlan0  table wlan0  proto static  metric 1024  pref medium
unreachable default dev lo  table tun0  proto static  metric 1024  error -113 pref medium
fe80::/64 dev dummy0  table dummy0  proto kernel  metric 256  pref medium
default dev dummy0  table dummy0  proto static  metric 1024  pref medium
fe80::/64 dev rmnet_data0  table rmnet_data0  proto kernel  metric 256  mtu 2000 pref medium
default via fe80::5d6:b137:94a8:7216 dev rmnet_data0  table rmnet_data0  proto ra  metric 1024  expires 30405sec hoplimit 255 pref medium
local ::1 dev lo  table local  proto none  metric 0  pref medium
local fd3b:fbcb:a1a:0:5d79:cfb8:a788:dea4 dev lo  table local  proto none  metric 0  pref medium
local fd3b:fbcb:a1a:0:80d5:910b:2d8f:1d86 dev lo  table local  proto none  metric 0  pref medium
local fe80::96a:dd37:62a0:97 dev lo  table local  proto none  metric 0  pref medium
local fe80::1497:ebff:fed9:ea6d dev lo  table local  proto none  metric 0  pref medium
local fe80::35a4:2e6c:d297:6c0a dev lo  table local  proto none  metric 0  pref medium
ff00::/8 dev dummy0  table local  metric 256  pref medium
ff00::/8 dev rmnet_data0  table local  metric 256  mtu 2000 pref medium
ff00::/8 dev wlan0  table local  metric 256  pref medium

build n2n vpn

2018年6月 官方重新开始维护的版本

0. 准备编译环境

apt install  cmake build-essential

1. 获取代码

git clone  https://github.com/ntop/n2n.git

2.编译

cd n2n
mkdir build
cd build
cmake ..
make

3.生成了
supernode

<pre>
Welcome to n2n v.2.3.0 for Linux-4.9.0-7-amd64
Built on Sep 16 2018 10:04:25
Copyright 2007-18 – ntop.org and contributors

supernode (see supernode.conf)
or
supernode -l [-f] [-v]

-l Set UDP main listen port to
-v Increase verbosity. Can be used multiple times.
-h This help message.

edge

edge  (see edge.conf)
or
edge -d  -a [static:|dhcp:] -c  [-k  | -K ]
    [-s ] [-u  -g ][-f][-m ] -l 
    [-p ] [-M ] [-r] [-E] [-v] [-t ] [-b] [-h]

-d           | tun device name
-a         | Set interface address. For DHCP use '-r -a dhcp:0.0.0.0'
-c            | n2n community name the edge belongs to.
-k          | Encryption key (ASCII) - also N2N_KEY=. Not with -K.
-K             | Specify a key schedule file to load. Not with -k.
-s              | Edge interface netmask in dotted decimal notation (255.255.255.0).
-l  | Supernode IP:port
-b                       | Periodically resolve supernode IP
                         | (when supernodes are running on dynamic IPs)
-p           | Fixed local UDP port.
-u                  | User ID (numeric) to use when privileges are dropped.
-g                  | Group ID (numeric) to use when privileges are dropped.
-f                       | Do not fork and run as a daemon; rather run in foreground.
-m          | Fix MAC address for the TAP interface (otherwise it may be random)
                         | eg. -m 01:02:03:04:05:06
-M                  | Specify n2n MTU of edge interface (default 1400).
-r                       | Enable packet forwarding through n2n community.
-E                       | Accept multicast MAC addresses (default=drop).
-v                       | Make more verbose. Repeat as required.
-t                 | Management UDP Port (for multiple edges on a machine).

Environment variables:
  N2N_KEY                | Encryption key (ASCII). Not with -K or -k.

类似所谓v2s版本的编译

git clone  https://github.com/meyerd/n2n
cd n2n/n2n_v2
mkdir build
cd build
cmake ..
make