Difference between revisions of "Vpn"

From Cncz
Jump to: navigation, search
(VPN (Virtual Private Network) connection)
m (VPNsec setup Android)
 
(191 intermediate revisions by 8 users not shown)
Line 1: Line 1:
== VPN (Virtual Private Network) connection ==
+
== VPN (Virtual Private Network) [verbinding][connection] ==
  
 
[nl]
 
[nl]
 +
C&CZ beschikt over een VPN server, waarmee alle gebruikers met hun [[studenten_login_|Science-login en wachtwoord]] een beveiligde toegang tot het netwerk kunnen krijgen. Er is ook een [https://www.ru.nl/ict/medewerkers/off-campus-werken/vpn/ RU-centrale VPN-service EduVPN], waar men met [http://www.ru.nl/wachtwoord RU-account en RU-wachtwoord] gebruik van kan maken.
  
* C&CZ beschikt over een VPN server, waarmee alle gebruikers met hun loginnaam/wachtwoord op een beveiligde toegang tot het netwerk kunnen krijgen. De werkplek thuis (of ergens anders op het Internet) wordt daarmee ook gezien als onderdeel van het campusnetwerk. Op deze manier kan men toegang krijgen tot faciliteiten die normaal alleen vanaf de campus toegankelijk zijn.
+
De werkplek thuis (of ergens anders op het Internet) wordt daarmee gezien als onderdeel van het campusnetwerk. Op deze manier kan men toegang krijgen tot faciliteiten die alleen vanaf het campusnetwerk toegankelijk zijn. Men kan hierbij denken aan [http://wiki.science.ru.nl/cncz/Diskruimte het aankoppelen van netwerkschijven] of toegang tot speciale servers.
Men kan hierbij denken aan het aankoppelen van netwerk-schijven of toegang tot speciale servers. Om bijvoorbeeld de eigen bestanden op je home directory (U: schijf) te benaderen kan men nu [http://wiki.science.ru.nl/cncz/Diskruimte deze procedure ]volgen.
+
<br>
 +
Voor het gebruik van de [http://www.ru.nl/ub UB (bibliotheek)] is de VPN niet nodig, want de UB gebruikt een proxy website, die na inloggen met [http://www.ru.nl/wachtwoord RU-account en RU-wachtwoord] toegang vanuit het hele Internet mogelijk maakt.
 +
[/nl]
 +
[en]
 +
C&amp;CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their [[studenten_login_|Science username and password]]. A [https://www.ru.nl/ict-uk/staff/working-off-campus/vpn/ RU-central VPN service EduVPN] can also be used with [http://www.ru.nl/idmuk/ RU-account and RU-password].
  
Voor het gebruik van [[Xwin32|X-win32]] is VPN niet nodig wanneer men de "ip smart" instelling gebruikt. Ook voor het gebruik van de [http://www.ru.nl/ub UB bibliotheek] is de VPN niet nodig, want de UB heeft een proxy website, die na inloggen met [http://www.ru.nl/wachtwoord RU-wachtwoord] toegang vanuit het hele Internet mogelijk maakt.
+
The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are [http://wiki.science.ru.nl/cncz/Diskruimte connecting to disk shares] or to special servers.
 +
<br>
 +
For the use of the [http://www.ru.nl/ub University library] one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your [http://www.ru.nl/idmuk/ RU-account and RU-password].
 +
[/en]
  
Voorbeelden van installatie en configuratie van de VPN voor:
+
== VPNSec ==
 +
[Algemeen][General]:
  
* [[vpn_windows98_|Windows 98]], [[vpn_windows2k_|Windows 2000]], [[vpn_windowsxp_|Windows XP]], [[vpn_windowsvista_|Windows Vista]], [[vpn_w7|Windows 7]]
+
*VPN-server/gateway: <b>vpnsec.science.ru.nl</b>, [op basis van][based on] [https://wikipedia.org/wiki/IPsec IPsec].
* [[vpn_mac|MacOS X]]
 
* [http://wiki.science.ru.nl/cncz/IPad#Science_VPN iPad]
 
* [[vpn_linux_|Linux]]
 
  
''<b>Let op</b>: gebruikers van F-Secure moeten de [[vpn_F-Secure|Firewall configuratie aanpassen]] om blokkeren van GRE op te heffen.''
+
=== VPNsec setup Windows 10 ===
  
Om gebruik te kunnen maken van de VPN-server heeft men een [[studenten_login_|login]] met bijbehorend wachtwoord voor de B-Faculteit nodig. Bezoek eventueel [http://dhz.science.ru.nl/ DHZ] (Doe Het Zelf).
+
* '''Windows''': [Maak een *nieuwe* VPN aan, met server vpnsec.science.ru.nl, dat is alles. Uitgebreide instructies:][Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. Detailed instructions:]
  
[/nl]  
+
[nl]
 +
Vanuit Windows Configuratiescherm, ga naar:
 +
* Netwerk en Internet
 +
* Netwerkcentrum
 +
* Een nieuwe verbinding of een nieuw netwerk instellen
 +
* Verbinding met een bedrijfsnetwerk maken -> Volgende
 +
* Ik wil een nieuwe verbinding maken
 +
* Mijn Internetverbinding (VPN) gebruiken
 +
* Geef het Internet-adres voor de verbinding op. Internet-adres: vpnsec.science.ru.nl
 +
* Naam van deze verbinding: Science VPNsec (of iets anders) en klik "Maken".
  
 +
* Gebruiken: klik in de taakbalk op het vliegtuig/Internet-icoon en klik op "Science VPNsec" en "Verbinding maken".
 +
* Vul de Science loginnaam en het bijbehorende wachtwoord in. Daarna: "Verbonden".
 +
[/nl]
 
[en]
 
[en]
 +
From Windows Settings, take the following route:
 +
* Networks and Internet
 +
* VPN
 +
* Add a VPN connection
 +
* Fill in
 +
*:
 +
{| class="wikitable" style="margin-left: 20px;"
 +
|VPN provider
 +
|Windows (built-in)
 +
|default choice
 +
|-
 +
|Connection name
 +
|Science-VPNsec
 +
|choose something
 +
|-
 +
|Server name or address
 +
|vpnsec.science.ru.nl
 +
|provide as stated
 +
|-
 +
|VPN type
 +
|Automatic
 +
|default choice
 +
|-
 +
|Type of sign-in info
 +
|User name and password
 +
|default choice
 +
|-
 +
|User name (optional)
 +
|Science account
 +
|optional
 +
|-
 +
|Password (optional)
 +
|Science password
 +
|optional
 +
|}
 +
* Save
 +
[/en]
 +
 +
=== VPNsec setup Windows 7/8 ===
 +
 +
* '''Windows''': [Maak een *nieuwe* VPN aan, met server vpnsec.science.ru.nl, dat is alles. Uitgebreide instructies staan verderop.][Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. Detailed instructions are below.]
 +
 +
[nl]
 +
Vanaf het Windows Controle paneel:
 +
* Netwerk en Internet
 +
* Netwerk en Sharing Center
 +
* Een nieuwe verbinding of netwerk maken
 +
* Verbinding met een werkplek maken -> Volgende
 +
* Gebruik mijn Internet verbinding (VPN)
 +
* Vul het Internet adres in: vpnsec.science.ru.nl
 +
* en kies een naam voor de verbinding, bv.: Science VPNsec
 +
* Daarna wordt om de Science loginnaam en wachtwoord gevraagd.
 +
[/nl]
 +
[en]
 +
From the windows Control panel, take the following route:
 +
* Network and Internet
 +
* Network and Sharing Center
 +
* Setup a new connection or network
 +
* Connect to a workspace -> Next
 +
* Use my Internet connection (VPN)
 +
* Fill in the Internet address: vpnsec.science.ru.nl
 +
* and connection name, for example: Science VPNsec
 +
* You'll be prompted for your Science username and password.
 +
[/en]
 +
 +
=== VPNsec setup macOS ===
 +
 +
* '''OS X 10.11''' El Capitan [en hoger][and higher]: Download [en installeer][and install] [[Media:vpnsec-macosx.mobileconfig|vpnsec-macosx.mobileconfig]] [op je][to your] Apple computer.<br/>[Pas de <b>Authentication Settings...</b> in <b>System Preferences</b> &rarr; <b>Network</b> &rarr; <b>VpnSec</b> aan door je Science account en wachtwoord in te vullen][Adapt the <b>Authentication Settings...</b> in <b>System Preferences</b> &rarr; <b>Network</b> &rarr; <b>VpnSec</b> to match your Science account and password].
 +
* '''OS X 10.7''' Lion [en hoger][and higher]: [installeer][install] [https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX strongSwan] [met][with] "IKEv2 EAP (Username/Password)". [De <strong>strongSwan App</strong> heeft een bekend probleem. De huidige [[VpnSec_MacOS_X_strongSwan_App|oplossing]] is echter niet erg gebruikersvriendelijk.][The strongSwan App has a known problem. The current [[VpnSec_MacOS_X_strongSwan_App|solution]] is, however, not very easy.]  [Of gebruik de][Or use the] [https://wiki.science.ru.nl/cncz/Vpn#OpenVPN_for_Linux_.26_MacOS OpenVPN] service.
 +
 +
=== VPNsec setup iOS ===
 +
 +
* '''iOS''' (iPhone/iPad): Download [en installeer][and install] [[Media:vpnsec.mobileconfig|vpnsec.mobileconfig]] [op je][to your] iPhone/iPad. [Getest op iPad met iOS 9, volgens documentatie werkt iOS 8 ook, maar ongetest][Tested on iPad with iOS 9, according to documentation iOS 8 should work too, but is yet untested].
 +
 +
=== VPNsec setup Android ===
 +
* '''Android''': [Installeer de][Install the] [https://play.google.com/store/apps/details?id=org.strongswan.android strongSwan] app [met][with] "IKEv2 EAP (Username/Password)". '''NB: [sommige tekens in een wachtwoord moeten worden ge-escaped met een][some special characters in the password should be escaped using a] "\"'''.
  
* C&amp;CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their username/password. The computer at home (or anywhere on the Internet) becomes a part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus.
+
=== VPNsec setup Linux ===
  
The most common of such services are connecting to disk shares or special servers. To access your files on your home directory (U: Drive) you can follow [http://wiki.science.ru.nl/cncz/Diskruimte this procedure].
+
* '''Linux''': [nl][[vpnsec_Linux_install|VPNsec Linux installatie en configuratie]][/nl][en][[vpnsec_Linux_install|VPNsec Linux installation and configuration]][/en]
 +
* '''Ubuntu 16.04''': [Er is een bekende bug waaraan gewerkt wordt, zie: ][There is a known bug people are trying to fix, see ][https://bugs.launchpad.net/bugs/1570352 msg4923789]. [Inmiddels is er een 'work around'. deze vraagt echter wat handwerk. Zie: ][A work around currently exists, requiring some manual configuration. See: ][https://wiki.science.ru.nl/cncz/Vpnsec_Linux_install VPNsec Linux installation and configuration]. [Of gebruik de][Or use the] [https://wiki.science.ru.nl/cncz/Vpn#OpenVPN_for_Linux_.26_MacOS OpenVPN] service.
  
For the use of [[Xwin32|X-win32]], it is not necessary to use VPN, because one can use the "ip smart" setting of X-win32. For the use of the [http://www.ru.nl/ub University library] one does not need VPN, because the library has a proxy website, which can be used from anywhere on the Internet after logging in  with  your [http://www.ru.nl/wachtwoord RU-password].
+
== OpenVPN [voor][for] Linux ==
 +
[Voor o.a. Linux gebruikers die moeite hebben om de VPNsec service werkend te krijgen, biedt C&CZ een OpenVPN service aan.][For e.g. Linux users that have trouble getting VPNsec working on their systems, C&CZ provides an OpenVPN service.]
  
Examples of installation and configuration of the VPN:
+
=== [Opzetten van OpenVPN op Linux][Setting up OpenVPN on Linux] ===
 +
[Zorg dat je het package openvpn ge&iuml;nstalleerd hebt. Voor op Debian gebaseerde distributies zoals Ubuntu, gebruik:][Make sure you have the openvpn package installed. For Debian based distributions (like Ubuntu), run:]
 +
 +
sudo apt-get install openvpn
  
* [[vpn_windows98_|Windows 98]], [[vpn_windows2k_|Windows 2000]], [[vpn_windowsxp_|Windows XP]], [[vpn_windowsvista_|Windows Vista (dutch only, in preparation)]], [[vpn_w7|Windows 7]]
+
[Download daarna het openvpn configuratiebestand:][Next, download the openvpn configuration file:]
* [[vpn_mac|MacOS X]]
 
* [http://wiki.science.ru.nl/cncz/IPad#Science_VPN iPad]
 
* [[vpn_linux_|Linux]]
 
  
''<b>Note</b>: users of F-secure need to [[vpn_F-Secure|change the Firewall configuration]] to lift blocking of GRE.''
+
wget https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn
  
To use this VPN server you will need an [[studenten_login_|account]] with password for the Faculty of Science. Visit [http://diy.science.ru.nl/ DIY] (Do It Yourself).  
+
=== [Start OpenVPN op Linux][Starting OpenVPN on Linux] ===
 +
[Start de OpenVPN tunnel als volgt:][Startup the OpenVPN tunnel as follows:]
 +
 
 +
sudo openvpn openvpn-science.ovpn
 +
 
 +
[Er zal gevraagd worden naar de Science loginnaam an wachtwoord.][You'll be asked for your science login name and password.]
 +
[De verbinding kan verbroken worden door Control+C te tikken.][Hit Control+C to terminate the OpenVPN connection.]
 +
 
 +
=== [Al het Internet verkeer door OpenVPN][All traffic through OpenVPN] ===
 +
 
 +
[Gebruik OpenVPN's '''--redirect-gateway autolocal''' optie (of zet het in het config bestand als '''redirect-gateway autolocal''')][Use OpenVPN's '''--redirect-gateway autolocal''' option (or put it in the config file as '''redirect-gateway autolocal''')]
 +
 
 +
== OpenVPN [voor][for] macOS ==
 +
 
 +
[nl]
 +
Dit begint met de keus van OpenVPN client software: Het OpenVPN protocol zit niet in macOS. Daarom is client software nodig, die het verkeer af kan handelen dat door de OpenVPN tunnel moet, dat verkeer kan kan versleutelen en doorsturen naar de OpenVPN server. En natuurlijk moet die client software ook het verkeer dat terugkomt kunnen ontsleutelen. Zie [https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-macos/ OpenVPN.net] voor verschillende mogelijkheden.
 +
[/nl]
 +
[en]
 +
This starts with the choice of OpenVPN client software: The OpenVPN protocol is not one that is built into macOS. Therefore a client program is required that can handle capturing the traffic you wish to send through the OpenVPN tunnel, and encrypting it and passing it to the OpenVPN server. And of course, the reverse, to decrypt the return traffic. See [https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-macos/ OpenVPN.net] for several options.
 
[/en]
 
[/en]
 +
 +
[Download daarna het openvpn configuratiebestand:][Next, download the openvpn configuration file:]
 +
 +
            [https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn]
 +
 +
== SSH SOCKS-Proxy to access journals (linux) ==
 +
There is a convenient alternative to VPN or the UB proxy website described above
 +
to access online journals from anywhere. With [http://en.wikipedia.org/wiki/Secure_Shell SSH]
 +
one can start a so called SOCKS Proxy-server, which can be used by web-browsers.
 +
 +
* Login to your Science account with ssh:
 +
 +
  ssh -D 8942 lilo.science.ru.nl      # (or any other login-server)
 +
  (Enter password if required)
 +
 +
If your Science username (e.g. "peter") is different on your local username use:
 +
 +
  ssh -D 8942 peter&#64;lilo.science.ru.nl
 +
 +
The -D flag starts "dynamic" application-level portforwarding. The port number
 +
(here 8942) can be any number above 1024 and below 65536. If a port is already
 +
in use by another process try a different number.
 +
 +
* Tell the web browser to use the server. In Firefox:
 +
 +
  * Edit - Preferences - Advanced - Settings
 +
  * Select "Manual proxy configuration"
 +
  * SOCKS Host: localhost      Port: 8942
 +
  * Select SOCKS v5
 +
  * OK
 +
 +
Chromium and Google Chrome can be called from the command line with the proxyserver option:
 +
 +
  chromium-browser --proxyserver="socks5://localhost:8942"
 +
 +
If you now go to a journal website i.e., [http://scitation.aip.org J. Chem. Phys.],
 +
you should see "Your access is provided by: Universiteitsbibliotheek" and
 +
you should have the same access as from within the Radboud University domain.
 +
 +
=== Run ssh in the background ===
 +
With these flags:
 +
 +
  ssh -f -N -D port user@lilo.science.ru.nl
 +
 +
ssh will run in the background (-f) and only setup the
 +
proxy server but not actually logon (-N).
 +
 +
=== Troubleshooting ===
 +
The "netstat" command may be used to troubleshoot problems:
 +
 +
  netstat -at
 +
 +
will show all active and non-active tcp sockets. In the above example you should
 +
see something like:
 +
 +
  MYPC:/home/peter $ netstat -at
 +
  Active Internet connections (servers and established)
 +
  Proto Recv-Q Send-Q Local Address          Foreign Address        State     
 +
  tcp        0      0 localhost:smtp          *:*                    LISTEN     
 +
  tcp        0      0 localhost:8942          *:*                    LISTEN     
 +
  tcp        0      0 *:ssh                  *:*                    LISTEN     
 +
  tcp        0      0 localhost:ipp          *:*                    LISTEN     
 +
  tcp        0      0 peter.home:36953        postvak.science.r:imaps ESTABLISHED
 +
  tcp        0      0 peter.home:36808        lilo3.science.ru.nl:ssh ESTABLISHED
 +
  tcp        0      0 localhost:smtp          *:*                    LISTEN     
 +
  tcp        0      0 localhost:8942          *:*                    LISTEN
  
 
[[Category:Internet]]
 
[[Category:Internet]]

Latest revision as of 13:13, 25 October 2019

VPN (Virtual Private Network) connection

C&CZ manages a VPN server, which makes it possible for all users to gain secure access to the network with their Science username and password. A RU-central VPN service EduVPN can also be used with RU-account and RU-password.

The computer at home (or anywhere on the Internet) becomes part of the campus network. In this way users can get access to services that are normally only accessible from computers on campus. The most common of such services are connecting to disk shares or to special servers.
For the use of the University library one does not need VPN, because the library has a proxy website, that can be used from anywhere on the Internet after logging in with your RU-account and RU-password.

VPNSec

General:

  • VPN-server/gateway: vpnsec.science.ru.nl, based on IPsec.

VPNsec setup Windows 10

  • Windows: Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. Detailed instructions:

From Windows Settings, take the following route:

  • Networks and Internet
  • VPN
  • Add a VPN connection
  • Fill in
VPN provider Windows (built-in) default choice
Connection name Science-VPNsec choose something
Server name or address vpnsec.science.ru.nl provide as stated
VPN type Automatic default choice
Type of sign-in info User name and password default choice
User name (optional) Science account optional
Password (optional) Science password optional
  • Save

VPNsec setup Windows 7/8

  • Windows: Just add a *new* VPN with server vpnsec.science.ru.nl, that's all. Detailed instructions are below.

From the windows Control panel, take the following route:

  • Network and Internet
  • Network and Sharing Center
  • Setup a new connection or network
  • Connect to a workspace -> Next
  • Use my Internet connection (VPN)
  • Fill in the Internet address: vpnsec.science.ru.nl
  • and connection name, for example: Science VPNsec
  • You'll be prompted for your Science username and password.

VPNsec setup macOS

  • OS X 10.11 El Capitan and higher: Download and install vpnsec-macosx.mobileconfig to your Apple computer.
    Adapt the Authentication Settings... in System PreferencesNetworkVpnSec to match your Science account and password.
  • OS X 10.7 Lion and higher: install strongSwan with "IKEv2 EAP (Username/Password)". The strongSwan App has a known problem. The current solution is, however, not very easy. Or use the OpenVPN service.

VPNsec setup iOS

  • iOS (iPhone/iPad): Download and install vpnsec.mobileconfig to your iPhone/iPad. Tested on iPad with iOS 9, according to documentation iOS 8 should work too, but is yet untested.

VPNsec setup Android

  • Android: Install the strongSwan app with "IKEv2 EAP (Username/Password)". NB: some special characters in the password should be escaped using a "\".

VPNsec setup Linux

OpenVPN for Linux

For e.g. Linux users that have trouble getting VPNsec working on their systems, C&CZ provides an OpenVPN service.

Setting up OpenVPN on Linux

Make sure you have the openvpn package installed. For Debian based distributions (like Ubuntu), run:

sudo apt-get install openvpn

Next, download the openvpn configuration file:

wget https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn

Starting OpenVPN on Linux

Startup the OpenVPN tunnel as follows:

sudo openvpn openvpn-science.ovpn

You'll be asked for your science login name and password. Hit Control+C to terminate the OpenVPN connection.

All traffic through OpenVPN

Use OpenVPN's --redirect-gateway autolocal option (or put it in the config file as redirect-gateway autolocal)

OpenVPN for macOS

This starts with the choice of OpenVPN client software: The OpenVPN protocol is not one that is built into macOS. Therefore a client program is required that can handle capturing the traffic you wish to send through the OpenVPN tunnel, and encrypting it and passing it to the OpenVPN server. And of course, the reverse, to decrypt the return traffic. See OpenVPN.net for several options.

Next, download the openvpn configuration file:

           https://gitlab.science.ru.nl/cncz/openvpn/raw/master/openvpn-science.ovpn

SSH SOCKS-Proxy to access journals (linux)

There is a convenient alternative to VPN or the UB proxy website described above to access online journals from anywhere. With SSH one can start a so called SOCKS Proxy-server, which can be used by web-browsers.

  • Login to your Science account with ssh:
 ssh -D 8942 lilo.science.ru.nl       # (or any other login-server)
 (Enter password if required)

If your Science username (e.g. "peter") is different on your local username use:

 ssh -D 8942 peter@lilo.science.ru.nl

The -D flag starts "dynamic" application-level portforwarding. The port number (here 8942) can be any number above 1024 and below 65536. If a port is already in use by another process try a different number.

  • Tell the web browser to use the server. In Firefox:
 * Edit - Preferences - Advanced - Settings
 * Select "Manual proxy configuration"
 * SOCKS Host: localhost      Port: 8942
 * Select SOCKS v5
 * OK

Chromium and Google Chrome can be called from the command line with the proxyserver option:

 chromium-browser --proxyserver="socks5://localhost:8942"

If you now go to a journal website i.e., J. Chem. Phys., you should see "Your access is provided by: Universiteitsbibliotheek" and you should have the same access as from within the Radboud University domain.

Run ssh in the background

With these flags:

 ssh -f -N -D port 

ssh will run in the background (-f) and only setup the proxy server but not actually logon (-N).

Troubleshooting

The "netstat" command may be used to troubleshoot problems:

 netstat -at

will show all active and non-active tcp sockets. In the above example you should see something like:

 MYPC:/home/peter $ netstat -at
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State      
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN      
 tcp        0      0 *:ssh                   *:*                     LISTEN      
 tcp        0      0 localhost:ipp           *:*                     LISTEN      
 tcp        0      0 peter.home:36953        postvak.science.r:imaps ESTABLISHED
 tcp        0      0 peter.home:36808        lilo3.science.ru.nl:ssh ESTABLISHED
 tcp        0      0 localhost:smtp          *:*                     LISTEN      
 tcp        0      0 localhost:8942          *:*                     LISTEN