Repository files navigation

简体中文 |English

Please visit theEasyTier Official Website to view the full documentation.

EasyTier is a simple, safe and decentralized VPN networking solution implemented with the Rust language and Tokio framework.

• Decentralized: No need to rely on centralized services, nodes are equal and independent.
• Safe: Use WireGuard protocol to encrypt data.
• High Performance: Full-link zero-copy, with performance comparable to mainstream networking software.
• Cross-platform: Supports MacOS/Linux/Windows/Android, will support IOS in the future. The executable file is statically linked, making deployment simple.
• Networking without public IP: Supports networking using shared public nodes, refer toConfiguration Guide
• NAT traversal: Supports UDP-based NAT traversal, able to establish stable connections even in complex network environments.
• Subnet Proxy (Point-to-Network): Nodes can expose accessible network segments as proxies to the VPN subnet, allowing other nodes to access these subnets through the node.
• Smart Routing: Selects links based on traffic to reduce latency and increase throughput.
• TCP Support: Provides reliable data transmission through concurrent TCP links when UDP is limited, optimizing performance.
• High Availability: Supports multi-path and switches to healthy paths when high packet loss or network errors are detected.
• IPv6 Support: Supports networking using IPv6.
• Multiple Protocol Types: Supports communication between nodes using protocols such as WebSocket and QUIC.
• Web Management Interface: Provides aweb-based management interface for easy configuration and monitoring.

1. Download the precompiled binary file

   Visit theGitHub Release page to download the binary file suitable for your operating system. Release includes both command-line programs and GUI programs in the compressed package.

2. Install via crates.io

   cargo install easytier

3. Install from source code

   cargo install --git https://github.com/EasyTier/EasyTier.git easytier

4. Install by Docker Compose

   Please visit theEasyTier Official Website to view the full documentation.

5. Install by script (For Linux Only)

   wget -O /tmp/easytier.sh"https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh"&& bash /tmp/easytier.sh install

   You can also uninstall/update Easytier by the command "uninstall" or "update" of this script

6. Install by Homebrew (For MacOS Only)

   brew tap brewforge/chinesebrew install --cask easytier

The following text only describes the use of the command-line tool; the GUI program can be configured by referring to the following concepts.

Make sure EasyTier is installed according to theInstallation Guide, and both easytier-core and easytier-cli commands are available.

Assuming the network topology of the two nodes is as follows

flowchart LRsubgraph Node A IP 22.1.1.1nodea[EasyTier\n10.144.144.1]endsubgraph Node Bnodeb[EasyTier\n10.144.144.2]endnodea <-----> nodeb

1. Execute on Node A:

   sudo easytier-core --ipv4 10.144.144.1

   Successful execution of the command will print the following.

   

2. Execute on Node B

   sudo easytier-core --ipv4 10.144.144.2 --peers udp://22.1.1.1:11010

3. Test Connectivity

   The two nodes should connect successfully and be able to communicate within the virtual subnet

   ping 10.144.144.2

   Use easytier-cli to view node information in the subnet

   easytier-cli peer

   

   easytier-cli route

   

   easytier-cli node

   

Based on the two-node networking example just now, if more nodes need to join the virtual network, you can use the following command.

sudo easytier-core --ipv4 10.144.144.2 --peers udp://22.1.1.1:11010

The--peers parameter can fill in the listening address of any node already in the virtual network.

Assuming the network topology is as follows, Node B wants to share its accessible subnet 10.1.1.0/24 with other nodes.

flowchart LRsubgraph Node A IP 22.1.1.1nodea[EasyTier\n10.144.144.1]endsubgraph Node Bnodeb[EasyTier\n10.144.144.2]endid1[[10.1.1.0/24]]nodea <--> nodeb <-.-> id1

Then the startup parameters for Node B's easytier are (new -n parameter)

sudo easytier-core --ipv4 10.144.144.2 -n 10.1.1.0/24

Subnet proxy information will automatically sync to each node in the virtual network, and each node will automatically configure the corresponding route. Node A can check whether the subnet proxy is effective through the following command.

1. Check whether the routing information has been synchronized, the proxy_cidrs column shows the proxied subnets.

   easytier-cli route

   

2. Test whether Node A can access nodes under the proxied subnet

   ping 10.1.1.2

EasyTier supports networking using shared public nodes. The currently deployed shared public node istcp://public.easytier.cn:11010.

When using shared nodes, each node entering the network needs to provide the same--network-name and--network-secret parameters as the unique identifier of the network.

Taking two nodes as an example, Node A executes:

sudo easytier-core -i 10.144.144.1 --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010

Node B executes

sudo easytier-core --ipv4 10.144.144.2 --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010

After the command is successfully executed, Node A can access Node B through the virtual IP 10.144.144.2.

EasyTier can be used as a WireGuard server to allow any device with WireGuard client installed to access the EasyTier network. For platforms currently unsupported by EasyTier (such as iOS, Android, etc.), this method can be used to connect to the EasyTier network.

Assuming the network topology is as follows:

flowchart LRios[[iPhone \n WireGuard Installed]]subgraph Node A IP 22.1.1.1nodea[EasyTier\n10.144.144.1]endsubgraph Node Bnodeb[EasyTier\n10.144.144.2]endid1[[10.1.1.0/24]]ios <-.-> nodea <--> nodeb <-.-> id1

To enable an iPhone to access the EasyTier network through Node A, the following configuration can be applied:

Include the --vpn-portal parameter in the easytier-core command on Node A to specify the port that the WireGuard service listens on and the subnet used by the WireGuard network.

# The following parameters mean: listen on port 0.0.0.0:11013, and use the 10.14.14.0/24 subnet for WireGuardsudo easytier-core --ipv4 10.144.144.1 --vpn-portal wg://0.0.0.0:11013/10.14.14.0/24

After successfully starting easytier-core, use easytier-cli to obtain the WireGuard client configuration.

$> easytier-cli vpn-portalportal_name: wireguard############### client_config_start ###############[Interface]PrivateKey = 9VDvlaIC9XHUvRuE06hD2CEDrtGF+0lDthgr9SZfIho=Address = 10.14.14.0/32# should assign an ip from this cidr manually[Peer]PublicKey = zhrZQg4QdPZs8CajT3r4fmzcNsWpBL9ImQCUsnlXyGM=AllowedIPs = 10.144.144.0/24,10.14.14.0/24Endpoint = 0.0.0.0:11013# should be the public ip(or domain) of the vpn serverPersistentKeepalive = 25############### client_config_end ###############connected_clients:[]

Before using the Client Config, you need to modify the Interface Address and Peer Endpoint to the client's IP and the IP of the EasyTier node, respectively. Import the configuration file into the WireGuard client to access the EasyTier network.

Every virtual network (with same network name and secret) can act as a public server cluster. Nodes of other network can connect to arbitrary nodes in public server cluster to discover each other without public IP.

Run you own public server cluster is exactly same as running an virtual network, except that you can skip config the ipv4 addr.

You can also join the official public server cluster with following command:

sudo easytier-core --network-name easytier --network-secret easytier -p tcp://public.easytier.cn:11010

You can useeasytier-core --help to view all configuration items

• Support features such TCP hole punching, KCP, FEC etc.
• Support iOS.

We welcome and encourage community contributions! If you want to get involved, please submit aGitHub PR. Detailed contribution guidelines can be found inCONTRIBUTING.md.

• ZeroTier: A global virtual network for connecting devices.
• TailScale: A VPN solution aimed at simplifying network configuration.
• vpncloud: A P2P Mesh VPN
• Candy: A reliable, low-latency, and anti-censorship virtual private network

EasyTier is released under theApache License 2.0.

• Ask questions or report problems:GitHub Issues
• Discussion and exchange:GitHub Discussions
• Telegram：https://t.me/easytier
• QQ Group: 949700262