### Install EasyTier as a Windows Service using install.cmd Source: https://easytier.cn/guide/network/install-as-a-windows-service This command executes the 'install.cmd' script, which is responsible for setting up EasyTier as a Windows service. The script guides the user through configuration prompts and automatically starts the service upon successful installation. Ensure all prerequisites, including EasyTier binaries and nssm.exe, are in the same directory. ```batch install.cmd ``` -------------------------------- ### Install and Start Fail2ban (Fedora) (Shell) Source: https://easytier.cn/guide/network/host-public-server These commands demonstrate how to install, enable, and start the fail2ban service on Fedora 42. This is a prerequisite for configuring it to protect EasyTier nodes. ```shell # install fail2ban sudo dnf install fail2ban # enable and start sudo systemctl enable --now fail2ban ``` -------------------------------- ### Install EasyTier with One-Click Script (Linux) Source: https://easytier.cn/guide/installation This bash script provides a one-click installation for EasyTier on Linux systems. It requires the 'unzip' utility to be installed beforehand and allows specifying a GitHub proxy for faster downloads. ```bash wget -O /tmp/easytier.sh "https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh" && sudo bash /tmp/easytier.sh install --gh-proxy https://ghfast.top/ ``` -------------------------------- ### Install EasyTier using Docker Source: https://easytier.cn/guide/installation This snippet shows how to pull and run the EasyTier Docker image. It includes instructions for both the official Docker Hub and a domestic mirror, ensuring the container has privileged access and uses the host network. ```sh # docker.io のミラー ``` ```sh docker pull easytier/easytier:latest docker run -d --privileged --network host easytier/easytier:latest # 国内ユーザーは DaoCloud ミラーも使用可能 ``` ```sh docker pull m.daocloud.io/docker.io/easytier/easytier:latest docker run -d --privileged --network host m.daocloud.io/docker.io/easytier/easytier:latest ``` -------------------------------- ### Manage EasyTier Service (Linux) Source: https://easytier.cn/guide/installation After installation using the one-click script on Linux, EasyTier is registered as a system service. This command allows you to start the EasyTier service using the default configuration. ```bash systemctl start easytier@default ``` -------------------------------- ### Install EasyTier from Source Source: https://easytier.cn/guide/installation This command installs EasyTier using Cargo, the Rust package manager. It requires a pre-existing Rust development environment and the installation of LLVM. The installation is performed directly from the official GitHub repository. ```sh cargo install --git https://github.com/EasyTier/EasyTier.git easytier ``` -------------------------------- ### Download Installation and Uninstallation Scripts using PowerShell Source: https://easytier.cn/guide/network/install-as-a-windows-service This snippet demonstrates how to download the 'install.cmd' and 'uninstall.cmd' scripts from GitHub using PowerShell's 'Invoke-WebRequest' cmdlet. These scripts automate the process of installing and removing EasyTier as a Windows service. ```powershell iwr "https://github.com/EasyTier/EasyTier/raw/refs/heads/main/script/install.cmd" -OutFile "install.cmd" iwr "https://github.com/EasyTier/EasyTier/raw/refs/heads/main/script/uninstall.cmd" -OutFile "uninstall.cmd" ``` -------------------------------- ### Verify EasyTier Installation (Windows Command Line) Source: https://easytier.cn/guide/installation For Windows users, after downloading and extracting the EasyTier command-line program, use this command in PowerShell to verify the installation by checking the program's version. ```powershell .\easytier-core.exe --version ``` -------------------------------- ### Run EasyTier with Multiple Configuration Files (Shell) Source: https://easytier.cn/guide/network/config-file Allows specifying multiple configuration files using the -c parameter. EasyTier loads these configurations in a single process to start multiple virtual networks. ```shell easytier-core -c ./config1.yaml -c ./config2.yaml ``` -------------------------------- ### Verify EasyTier Installation (Command Line) Source: https://easytier.cn/guide/installation After manually downloading and extracting the EasyTier command-line program, you can verify the installation by checking its version. This command is applicable to Linux, macOS, and FreeBSD systems. ```bash ./easytier-core --version ``` -------------------------------- ### Initialize Network Environment for Testing (Bash) Source: https://easytier.cn/guide/perf This script sets up network namespaces, bridges, and virtual Ethernet pairs for testing network performance. It also configures IP forwarding and iptables rules. Ensure root privileges for execution and that 'iperf3' and 'iptables' are installed. ```bash apt update apt install iperf3 iptables -y ip netns add red ip netns add green ip link add br0 type bridge ip link set br0 up ip addr add 192.168.0.1/16 dev br0 ip link add vethcab0 type veth peer name red0 ip link set vethcab0 master br0 ip link set red0 netns red ip netns exec red ip link set lo up ip netns exec red ip link set red0 up ip netns exec red ip addr add 192.168.0.2/16 dev red0 ip netns exec red ip route add default via 192.168.0.1 ip link set vethcab0 up ip link add vethcab1 type veth peer name green0 ip link set vethcab1 master br0 ip link set green0 netns green ip netns exec green ip link set lo up ip netns exec green ip link set green0 up ip netns exec green ip addr add 192.168.0.3/16 dev green0 ip netns exec green ip route add default via 192.168.0.1 ip link set vethcab1 up sysctl net.ipv4.ip_forward=1 sysctl net.bridge.bridge-nf-call-iptables=0 sysctl net.bridge.bridge-nf-call-ip6tables=0 sysctl net.ipv6.conf.lo.disable_ipv6=0 # Note: EasyTier does not depend on public network services, so iptables forwarding can be omitted. iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -i eht0 -j ACCEPT iptables --policy FORWARD ACCEPT nohup ip netns exec red iperf3 -s & ``` -------------------------------- ### Start EasyTier Core (Windows) Source: https://easytier.cn/guide/network/quick-networking Launches the EasyTier core service on a Windows system to join a virtual network. It automatically assigns a virtual IP address and connects to a specified network using a shared node. Requires administrator privileges. ```powershell # Administrator privileges required .\easytier-core.exe -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010 ``` -------------------------------- ### Install EasyTier using Docker Compose Source: https://easytier.cn/guide/installation This Docker Compose configuration sets up EasyTier and optionally Watchtower for automatic updates. It defines necessary container settings, including network mode, capabilities, volumes, and command-line arguments for EasyTier. ```yaml services: watchtower: # いつもeasytierイメージを自動単更するために使用,必要なければこの部分を削除してください image: containrrr/watchtower container_name: watchtower restart: unless-stopped environment: - TZ=Asia/Shanghai - WATCHTOWER_NO_STARTUP_MESSAGE volumes: - /var/run/docker.sock:/var/run/docker.sock command: --interval 3600 --cleanup --label-enable easytier: image: easytier/easytier:latest # 国内ユーザーは m.daocloud.io/docker.io/easytier/easytier:latest も使用可能 hostname: easytier container_name: easytier labels: com.centurylinklabs.watchtower.enable: 'true' restart: unless-stopped network_mode: host cap_add: - NET_ADMIN - NET_RAW environment: - TZ=Asia/Shanghai devices: - /dev/net/tun:/dev/net/tun volumes: - /etc/easytier:/root - /etc/machine-id:/etc/machine-id:ro # 宿主机机器码をマッピング command: -d --network-name <ユーザ> --network-secret <パスワード> -p tcp://public.easytier.cn:11010 ``` -------------------------------- ### Start and Load EasyTier Service (Bash) Source: https://easytier.cn/guide/network/install-as-a-macos-service These commands manage the EasyTier service lifecycle. 'launchctl start easytier' initiates the service, while 'launchctl load -w' ensures the service is loaded and will automatically restart upon system login or reboot. The '-w' flag is crucial for persistent service activation. ```bash sudo launchctl start easytier launchctl load -w /Library/LaunchDaemons/easytier.plist ``` -------------------------------- ### Register EasyTier as a System Service using NSSM Source: https://easytier.cn/guide/faq This response suggests using NSSM (Non-Sucking Service Manager) to install EasyTier as a Windows service. This ensures EasyTier starts automatically on system boot and runs reliably in the background. ```text 用nssm建立一个系统服务 ``` -------------------------------- ### Set up UDP with Encryption using Bash and iperf Source: https://easytier.cn/guide/perf This snippet demonstrates how to set up network namespaces and run iperf tests for UDP traffic with encryption. It includes commands for starting an iperf server in different network namespaces and then running an iperf client to test connectivity. The '-k' flag suggests a specific mode or option for the 'xxx' command, likely related to encryption or specific protocol handling. ```bash ip netns exec red xxx -k iperf -s 8.134.146.7:29872 -w 1234 --ip 10.26.0.2 ip netns exec green xxx -k iperf -s 8.134.146.7:29872 -w 1234 --ip 10.26.0.3 ip netns exec green iperf3 -c 10.26.0.2 ``` -------------------------------- ### Run EasyTier Node with Web Console Management (Shell) Source: https://easytier.cn/guide/network/web-console This command starts an EasyTier node and connects it to the Web Console server. You need to replace `` with your registered username. The `--machine-id` parameter is recommended for persistent configurations, especially in Docker environments. ```shell sudo ./easytier-core -w sudo ./easytier-core -w --machine-id abc123 ``` -------------------------------- ### Start EasyTier Core (Linux) Source: https://easytier.cn/guide/network/quick-networking Launches the EasyTier core service on a Linux system to join a virtual network. It automatically assigns a virtual IP address and connects to a specified network using a shared node. Requires administrator privileges. ```sh # Administrator privileges required ./easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010 ``` -------------------------------- ### Test EasyTier UDP Performance (Bash) Source: https://easytier.cn/guide/perf This sequence tests EasyTier's UDP performance. It starts an EasyTier core instance in the 'red' namespace, then connects another instance in the 'green' namespace, and finally runs an iperf3 test. The first command initiates the server in 'red' and the second command starts the client in 'green' connecting to the server. The last command performs the actual throughput test. ```bash ip netns exec red easytier-core -i 10.126.126.2 --multi-thread -u ip netns exec green easytier-core -i 10.126.126.3 -p udp://192.168.0.2:11010 --multi-thread -u ip netns exec green iperf3 -c 10.126.126.2 ``` -------------------------------- ### Install Buildx Component for Docker on CentOS 7 Source: https://easytier.cn/guide/faq This message indicates that the BuildKit feature in Docker requires the 'buildx' component. The provided URL offers instructions on how to install it. This is necessary for building Docker images with BuildKit enabled on systems like CentOS 7. ```text ERROR: BuildKit is enabled but the buildx component is missing or broken. Install the buildx component to build images with BuildKit: https://docs.docker.com/go/buildx/ ``` -------------------------------- ### Start EasyTier Node on Node B (Shell) Source: https://easytier.cn/guide/network/decentralized-networking Starts an EasyTier node on Node B in DHCP mode, automatically assigning a virtual IP. It connects to Node A using the specified public address and port. This command is also used for subsequent nodes joining the network. ```shell sudo easytier-core -d -p udp://22.1.1.1:11010 ``` -------------------------------- ### Run EasyTier with Configuration File (Shell) Source: https://easytier.cn/guide/network/config-file Specifies a configuration file path using the -c parameter to run EasyTier. Configuration in the file can be overridden by command-line arguments. ```shell easytier-core -c ./config.yaml ``` -------------------------------- ### Run Multiple EasyTier Networks Source: https://easytier.cn/guide/network/quick-networking Demonstrates how to run multiple EasyTier core instances on the same device, each connected to a different virtual network. This requires specifying unique network names and different listening ports (`-l`) to avoid conflicts. ```sh # Administrator privileges required ./easytier-core --network-name net1 -p tcp://public.easytier.cn:11010 -l 11010 ./easytier-core --network-name net2 -p tcp://public.easytier.cn:11010 -l 21010 ``` -------------------------------- ### Configure Easytier Shared Node Source: https://easytier.cn/guide/network/quick-networking This configuration snippet shows how to set up a shared node for Easytier by specifying the peer URI. It's a TOML format configuration file. ```toml [peer] uri = "tcp://public.easytier.cn:11010" [flags] ``` -------------------------------- ### Check QUIC Proxy Connection Status (EasyTier CLI) Source: https://easytier.cn/guide/network/kcp-proxy This command uses the EasyTier CLI to display the connection status of active QUIC proxy links. It shows source, destination, start time, state, and transport type for each connection. ```bash $ easytier-cli proxy ┌────────────────────┬───────────────────┬─────────────────────────┬───────────┬────────────────┐ │ src │ dst │ start_time │ state │ transport_type │ ├────────────────────┼───────────────────┼─────────────────────────┼───────────┼────────────────┤ │ 10.126.126.7:51838 │ 10.147.223.128:22 │ 2025-02-07 10:39:08 UTC │ Connected │ Quic │ └────────────────────┴───────────────────┴─────────────────────────┴───────────┴────────────────┘ ``` -------------------------------- ### Start EasyTier Node on Node A (Shell) Source: https://easytier.cn/guide/network/decentralized-networking Initializes an EasyTier node on Node A, specifying the virtual network IP address. It listens on default ports for various protocols (TCP, UDP, WebSocket, WireGuard) and can be configured to use custom ports via the -l flag or disable listening with --no-listener. ```shell sudo easytier-core -i 10.144.144.1 ``` -------------------------------- ### Manage EasyTier Systemd Service (Shell) Source: https://easytier.cn/guide/network/install-as-a-systemd-service These commands are used to manage the EasyTier systemd service. `systemctl enable` ensures the service starts on boot, `systemctl start` starts the service immediately, and `systemctl stop` halts the service. These are the recommended modern commands for systemd-based systems. ```sh systemctl enable easytier.service ``` ```sh systemctl start easytier.service ``` ```sh systemctl stop easytier.service ``` -------------------------------- ### Test 'Certain Networking Tool A' UDP Performance (Bash) Source: https://easytier.cn/guide/perf This sequence tests the UDP performance of 'Certain Networking Tool A'. It starts the tool's server in the 'red' namespace and the client in the 'green' namespace, then uses iperf3 to measure throughput. Replace 'xxx' with the actual command for 'Certain Networking Tool A'. ```bash ip netns exec red xxx -k iperf -s 8.134.146.7:29872 --ip 10.26.0.2 ip netns exec green xxx -k iperf -s 8.134.146.7:29872 --ip 10.26.0.3 ip netns exec green iperf3 -c 10.26.0.2 ``` -------------------------------- ### Start EasyTier as a Public Shared Node (Shell) Source: https://easytier.cn/guide/network/host-public-server To run EasyTier as a public shared node without root privileges, simply start the `easytier-core` command without any arguments. This node will then be available for other users to connect to for network formation. ```shell easytier-core ``` -------------------------------- ### Enable QUIC Proxy on Link Initiator (EasyTier) Source: https://easytier.cn/guide/network/kcp-proxy This command enables the QUIC proxy functionality on the EasyTier core application when initiating a link. QUIC proxy is designed to improve bandwidth in high packet loss scenarios. ```sh sudo easytier-core --enable-quic-proxy ``` -------------------------------- ### View KCP Proxy Connection Status Source: https://easytier.cn/guide/network/kcp-proxy Displays the current status of KCP proxy connections using the EasyTier CLI tool. The output includes source and destination IPs, connection start time, state, and the transport type (TCP or KCP). This command is essential for monitoring and debugging the KCP proxy. ```bash $ easytier-cli proxy ``` -------------------------------- ### Self-Host EasyTier Web Console (Shell) Source: https://easytier.cn/guide/network/web-console This command deploys the EasyTier Web Console with both frontend and backend services. It specifies ports for the API server and configuration server. The `--api-host` parameter is crucial for the frontend to locate the backend. ```shell ./easytier-web-embed \ --api-server-port 11211 \ --api-host "http://127.0.0.1:11211" \ --config-server-port 22020 \ --config-server-protocol udp ``` -------------------------------- ### View EasyTier Route Information Source: https://easytier.cn/guide/network/quick-networking Shows the routing table for the EasyTier virtual network via the `easytier-cli route` command. This helps in understanding how traffic is directed between nodes and across different network segments. ```sh easytier-cli route ``` -------------------------------- ### macOS: Bypass File Corruption Warning for EasyTier GUI Source: https://easytier.cn/guide/gui This command is necessary for macOS users after installing the EasyTier GUI application. It removes extended attributes from the application bundle, which macOS sometimes flags as potentially corrupted, allowing the application to run without issues. ```bash xattr -c /Applications/easytier-gui.app ``` -------------------------------- ### Uninstall EasyTier Windows Service using uninstall.cmd Source: https://easytier.cn/guide/network/install-as-a-windows-service This command executes the 'uninstall.cmd' script, which handles the removal of the EasyTier Windows service. The script will stop the service if it is running and then delete it from the system. This is a clean way to remove the service. ```batch uninstall.cmd ``` -------------------------------- ### Test EasyTier TCP Performance with Encryption (Bash) Source: https://easytier.cn/guide/perf This sequence tests EasyTier's TCP performance with AES-128-GCM encryption enabled. It starts EasyTier instances in both 'red' and 'green' namespaces and then runs an iperf3 test to measure throughput. Encryption is enabled by default when no '-u' flag is present. ```bash ip netns exec red easytier-core -i 10.126.126.2 --multi-thread ip netns exec green easytier-core -i 10.126.126.3 -p tcp://192.168.0.2:11010 --multi-thread ip netns exec green iperf3 -c 10.126.126.2 ``` -------------------------------- ### Test EasyTier UDP Performance with Encryption (Bash) Source: https://easytier.cn/guide/perf This sequence tests EasyTier's UDP performance with AES-128-GCM encryption enabled. It starts EasyTier instances in both 'red' and 'green' namespaces and then runs an iperf3 test to measure throughput. Encryption is enabled by default when no '-u' flag is present. ```bash ip netns exec red easytier-core -i 10.126.126.2 --multi-thread ip netns exec green easytier-core -i 10.126.126.3 -p udp://192.168.0.2:11010 --multi-thread ip netns exec green iperf3 -c 10.126.126.2 ``` -------------------------------- ### Load TUN Driver and Create TUN Device on Linux Source: https://easytier.cn/guide/faq These commands are used on Linux to ensure the TUN driver is loaded and the necessary device file for TUN is created. This is crucial for network tunneling functionalities, especially when running in environments like Docker. ```bash modprobe tun mkdir -p /dev/net sudo mknod /dev/net/tun c 10 200 ``` -------------------------------- ### Retrieve WireGuard Client Configuration (Shell) Source: https://easytier.cn/guide/network/use-easytier-with-wireguard-client After successfully starting the EasyTier core with the `--vpn-portal` argument, this command retrieves the WireGuard client configuration. The output includes interface details (private key, assigned address) and peer information (public key, allowed IPs, endpoint). Users must manually update the client's IP address and the server's public endpoint. ```sh $> easytier-cli vpn-portal portal_name: wireguard client_config: [Interface] PrivateKey = 9VDvlaIC9XHUvRuE06hD2CEDrtGF+0lDthgr9SZfIho= Address = 10.14.14.0/24 # should assign an ip from this cidr manually [Peer] PublicKey = zhrZQg4QdPZs8CajT3r4fmzcNsWpBL9ImQCUsnlXyGM= AllowedIPs = 192.168.80.0/20,10.147.223.0/24,10.144.144.0/24 Endpoint = 0.0.0.0:11013 # should be the public ip of the easytier server connected_clients: [] ``` -------------------------------- ### Systemd Service File Configuration (INI) Source: https://easytier.cn/guide/network/host-public-server This is a sample systemd service unit file for EasyTier. It includes settings for description, dependencies, execution command, restart policy, and importantly, `LimitNOFILE` to prevent file descriptor exhaustion on servers. ```ini [Unit] Description=EasyTier Service After=network.target syslog.target Wants=network.target [Service] Type=simple ExecStart=/usr/local/bin/easytier-core --hostname --network-name --network-secret -p tcp://public.easytier.top:11010 Restart=always RestartSec=3 LimitNOFILE=1048576 Environment=TOKIO_CONSOLE=1 [Install] WantedBy=multi-user.target ``` -------------------------------- ### Create EasyTier Systemd Service File (Shell) Source: https://easytier.cn/guide/network/install-as-a-systemd-service This snippet shows the content of the systemd service file for EasyTier. It defines the service's description, dependencies, execution command, and the target runlevel. Ensure to replace placeholder values like x.x.x.x, xxx, and yyy with your actual network details. ```shell [Unit] Description=EasyTier Service After=network.target syslog.target Wants=network.target [Service] Type=simple ExecStart=/root/easytier-core --ipv4 x.x.x.x --network-name xxx --network-secret yyy --peers tcp://peer_host:11010 [Install] WantedBy=multi-user.target ``` -------------------------------- ### Perform LoopBack Test (Bash) Source: https://easytier.cn/guide/perf This command executes an iperf3 test between two network namespaces ('green' and a namespace where the iperf3 server is assumed to be running, implicitly 'red' in this context) to measure basic network throughput without any additional tooling. ```bash ip netns exec green iperf3 -c 192.168.0.2 ``` -------------------------------- ### Test Network Connectivity Source: https://easytier.cn/guide/network/quick-networking Tests the network connectivity between nodes in a virtual network established by EasyTier. It uses the standard ping command to verify if nodes can reach each other using their assigned virtual IP addresses. ```sh ping 10.126.126.1 ping 10.126.126.2 ```