Nikolay Borodin f3713698dc Tweaking README.md
2026-07-01 04:35:03 +02:00
2026-07-01 00:19:14 +02:00
2025-10-11 01:15:41 +02:00
2025-10-02 20:17:49 +02:00
2026-03-10 09:58:14 +02:00
2026-06-29 21:27:06 +02:00
2026-07-01 00:19:14 +02:00
2025-10-02 20:22:38 +02:00
2023-08-13 20:38:28 +00:00
2026-07-01 04:35:03 +02:00

Logo{width=128px}

Lanemu

Download | Issues | Documentation (Wiki) | Discord icon{width=16px}Discord

Table of contents

[[TOC]]

Overview

Lanemu icon{width=16px}Lanemu is a fork of Lanemu icon{width=16px}P2PVPN, originally created by Wolfgang Ginolas. The original project is no longer being developed.

The purpose of this project is to create a sufficiently simple and reliable solution for setting up virtual local networks that does not require advanced skills to configure. As in the original project, no central server is required.

Join the Discord icon{width=16px}Lanemu Discord server to chat with developers and organize games.

Screenshot

How to use

Windows

  1. Install the TAP-Win32 Adapter OAS driver by running add_driver.bat in the driver directory (preferably as administrator).
  2. Run Lanemu.exe (requires OpenJDK to be installed, recommended) or Lanemu-legacy.exe (older version which requires Oracle Java SE 8, 64 bit). Depending on your system settings, you may need to run the application as an administrator so that it can configure the network interface.

Note

You can use OpenJDKDownloader.exe for a quick download of OpenJDK.

If you have OpenJDK already installed, you can make a symbolic link on the NTFS file system.

For example:

mklink /d "C:\Users\monsterovich\Desktop\Lanemu\build\jdk" "C:\path_to_openjdk"

Alternatively, you can use the newer TAP-Windows Adapter V9 driver and download it from the OpenVPN website.

Lanemu prefers the installed TAP V9 driver by default. You can change the TAP driver preference by applying set_use_tapv9 or set_use_tapoas registry file.

Important

Users may not be able to ping you, or you may not be able to ping other users due to a firewall rule that is enabled by default in Windows and blocks ICMPv4 requests.

Linux

The application needs to be run as root via sudo java -jar Lanemu.jar or Lanemu.desktop / Lanemu-pkexec.

If you don't want to run the application as root, you can alternatively give the CAP_NET_ADMIN capability to java interpreter.

sudo setcap cap_net_admin=eip /path/to/java

Then you can run Lanemu as a normal user without sudo.

When you start the application, you will be prompted to configure the tap interface via ip / ifconfig which requires root privileges.

[!note] Note for tray If you want to use native tray in GUI mode, make sure that the ayatana-appindicator3-0.1 libnotify libraries are installed.

In Debian-based distributions, these dependencies can be installed with the command: sudo apt install libnotify4 libayatana-appindicator3-1

[!note] Note for run0 For distributions that use run0 instead of sudo and pkexec, there is a script for running Lanemu as root.

Similarly, for Lanemu to run ip / ifconfig as root internally, you need to set the environment variable:

export MAKEROOT_BIN=run0

FreeBSD

Compiling for FreeBSD

Mac OS

  • Install tap driver by following instructions.
  • Download & install OpenJDK.

Lanemu must be run as a root user: sudo java -jar Lanemu.jar.

Running in the background

java -jar Lanemu.jar --headless --access=access.dat --name=Supernode --port=2103 --vpn.ip=10.6.10.10 --vpn.mask=255.255.0.0

where access.dat is a private invitation.

Run Lanemu with the --help parameter for extra documentation.

Creating a network

To create a new network, you need to specify its name. Other values are:

  • VPN network address (ex. 10.6.0.0);
  • Subnet mask (ex. 255.255.0.0);
  • Known hosts to which participants will join by default;
  • BitTorrent tracker HTTP(S)/UDP addresses;
  • BitTorrent DHT bootstrap node addresses;
  • WhatIsMyIPv4/6 HTTP(S) addresses.

The default number of participants is 2¹⁶, which corresponds to the subnet mask.

Next, you need to send invitations to users. There are two types of "certificates" in the application: a network certificate (analogous to the root certificate) and an access certificate, which is signed by the network certificate.

Clicking "Allow invitation of others" will generate an invitation based on the network private keys, which means that the invited users can invite as many other users as they like and create as many private invitations as they like.

If you disable this option, only a private invitation will be generated that can be given an expiration time.

Note

You can send users a pre-configured profile.ini file that automatically accepts your invitation on first launch:

default.autoInvite=invitation_file.txt

Caution

Do not edit the invitation file (except bootstrap.* parameters), otherwise the signature verification will fail. The network.* parameters are checked on the client-side when the invitation text/file is imported, and the access.* parameters are checked on the other user side when peers are connecting to each other.

Joining a network

To join the network, all you have to do is simply accept the invitation. To do this, you need to click on the accept invitation button and import the invitation file into the application or copy its contents into the input field. If the OK button does not appear enabled, the invitation has not passed the verification check.

If the connection to the peers didn't happen through BitTorrent tracker(s) or DHT, you can connect to any of the peers manually by specifying ip:port in the information window and retrieve other network members through this peer.

A direct connection between all members of the network may not occur immediately. It's sufficient for at least one network member to have a port forwarded. If both network members are behind NAT, they can only connect through a third member.

Port forwarding

  • In TCP + UDP mode (legacy). Port n is used for both TCP and UDP.
  • In RUDP + UDP mode. Ports n and n + 1 are used for UDP.

By default, UPnP is enabled in graphical mode, which forwards all these ports automatically.

With the specified STUN server when RUDP is enabled, the external UDP port will also be determined if the peer is behind NAT.

Note

TCP and RUDP are incompatible; if you use one of these protocols, users will not be able to connect to you using the other.

Security

The following cryptographic algorithms are used in the application:

  • RSA-4096 for peer authentication.
  • AES-128-GCM for encrypting peer-to-peer trafic.
  • SHA-512 with RSA algorithm is used to sign invitations.

💵 Donations

Buy me a coffee!

  • Donate via Boosty → https://boosty.to/monsterovich
  • Bitcoin cash: bitcoincash:qr94cvs5rxu86r8j2t0ykg0qqr2nqr8apqfnk7rcke
  • Bitcoin: 1KYGcoihkHfga5vEV1TMZNrvu2vzCFmnFN
Languages
Java 76.6%
C 7.6%
Makefile 7.3%
C++ 5.9%
Shell 2.3%
Other 0.3%