Hamachi p2p vpn



A few days back I was at grc to run a “shields up” scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi… so I revisited and gave a read to the Security Now! transcript. And then visited the Hamachi site. I’ve got to say, I’m impressed on a couple of levels with Hamachi. 1st it sounds as though they’ve done a great approach to a secure free VPN implementation. (Steve Gibson is a pretty good reference….) It’s also easy to install and use and beyond that there are linux/Windows versions of the client currently, Mac will be released after the 1.0 for Linux and Windows.


There are some things that Hamachi does very well and some things that you would be best off looking at openvpn or another VPN approach for. Here’s what it’s great at though, a quick, easy ad-hoc zero-config peer 2 peer (p2p) secure VPN. For starters I installed it on a couple of my linux systems (ok – all 3). The idea is this, when you install hamachi and initialize it, you get assigned a 5.*.*.* network address for your “hamachi” (or ham0) adapter. (Basically tun). 5. addresses technically don’t exist, so by doing this it’s guarantied not to conflict with other networking setups. (However, only 16 million or so machines can use it?)

After initializing you create a network and assign it a password (or join another network with a password.) As you add machines to the network, the central server is contacted by each machine and then it is able to tell each client how to contact the others, so the server does the handshaking (authenticated by a public key from each client.) After that the clients contact each other (no traffic should be passing through the hamachi server at this point.) All with strong encryption. When you stop and re-start hamachi it remembers it’s last state, so if you’re on a public machine make sure to LEAVE network, then it would have to ask for authentication next go around.

The interesting thing is it’s ability to do NAT traversal. They say that the server is actually able to negotiate connections 97% of the time (no pinhole forwards, no firewall adjustments.) Which is pretty impressive. I did actually find a 3% situation once I branched outside of my own (firewalled) network. The next host I added to my network was behind a router and additional firewall (two hops to get to the outside world.) This one failed to find any of the others. The next test after that was a machine with just a software firewall (windows machine) and discovery between that and the “behind the firewall” machines on my network was fairly quick and reliable.

For a situation where you want to specifically connect to a few specific machines and have a secure connection to those machines, this might just be the way to do it. One nice thing that I see is that for instance, with my laptop, I have NO configuration changes to make when it’s mobile, the server deals with all the nasty “figure out where I am” stuff. From what I can see the VPN client is BSD licensed. The biggest disadvantage I see is that it’s a machine to machine connection, not a machine to network connection like openvpn could support. I know I’ve only scratched the surface in covering what it does…. But if you’re looking for a free and easy secure VPN implementation this very well could suit your needs.

Related Posts

Blog Traffic Exchange Related Posts
  • iScsi and AoE with linux A few days ago I had reason to investigate iscsi and AoE (ata over ethernet). Both are protocols for sharing a physical drive over the network at the block level. Let me put it in context first. Traditional network file shares have been done like this.... Computer A has a......
  • Network Security - Defenses against arp spoofing So, we've spent a couple articles talking about arp spoofing. It sounds really bad, it's a frighteningly easy way to do a "mitm" or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There's got to be an easy fix right? Um..........
  • Network Security guide for the home or small business network - Part 18 - What about Dialup Users? So, most everything so far has been targetted to high speed internet users or business networks. That means if I use dialup I'm safe. Wrong. For starters, in many ways dialup internet is LESS of a risk than high speed broadband for two main reasons. First, high speed/broadband connections are......
Blog Traffic Exchange Related Websites
  • The Security Innovation Network (SINET) 2010 - Increasing Awareness of Innovative Cyber-Security Companies and Products The Security Innovation Network (SINET) Workshop was held on October 26th and 27th at The National Press Club in Washington, D.C. The workshop was truly a place were security issues of today were being solved with innovative solutions of tomorrow. The purpose of SINET was to bring innovative cyber-security......
  • Pinball Machines Collectibles -> Arcade, Jukeboxes and Pinball -> Pinball-> Machines Pinball machines are very special to many people and over the years, they have become very collectible. Whether you are looking for a pinball machine to restore or one that is in perfect order, they are a great addition to any......
  • How To Use Your Blog To Promote Your Services Most blog owners are interested in monetizing their blogs but few are able to do so in spite of the many options that are open for earning money on blogs. The following article talks about selling your service to your readers and doing it the right way.These pointers will help......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site