Hamachi: Roll Your Own VPNs
June 05, 2006
This handy new freeware tool enables creation and management your own "zero-configuration" virtual private networks (VPN).
Prior to the existence of the Internet as we know it today, if you needed a secure connection between two systems on remote networks, your choices were essentially to use a dedicated high-speed circuit like a T1 line or to rely on a slow modem, with both options often getting quite expensive.
How Hamachi Works
There are several reasons that conventional VPN configuration can be so difficult. For starters, differences in implementation between manufacturers of routers, firewalls, and client software can and often do cause interoperability problems. And even if you're using the same equipment or software on both ends, a VPN can be a pain in the neck when you're trying to connect two networks using network address translation (NAT).
NAT is used on countless networks these days and lets multiple systems on a private LAN communicate with the Internet using a single public IP address. The problem is that in order to translate the addresses between the private and public networks, NAT must modify the address information within network packets. This usually prevents VPNs from working because the modified packets are interpreted as having been compromised.
To get around the various obstacles to a successful VPN connection, Hamachi borrows a technique used by peer-to-peer applications such as instant messaging (IM) software. It employs a external server it calls a mediation server that servers as a sort of directory and matchmaker for Hamachi clients. The mediation server authenticates clients through the exchange of encryption keys, tracks clients so they can locate each other behind routers and firewalls, and helps facilitate the setting up of secure connection between systems.
Applied Networking claims that once the mediation server has successfully established a connection between Hamachi clients, the secure connection is solely between the peers and no encrypted traffic passes through Hamachi servers. (The server does send regular keep-alive signals to clients, however, in order to keep idle connections up and running.)
Installation and Setup
Hamachi uses a very minimalist interface that's extremely simple and easy to use. The first time you run the software a brief tutorial takes you through a tour of the interface, but it's almost unnecessary since there are a mere three buttons on the client the power button activates the Hamachi interface, the network button lets you create or join an existing network, and the gear button is for configuring application settings, of which there are only a handful.
When you install Hamachi, it creates its own virtual network interface on your system that has configuration parameters separate from those of your regular wired or wireless adapters. This Hamachi interface can be found alongside the others when you view your network connections in Windows, but it remains disabled until you turn on Hamachi using the aforementioned power button.
To create or join a Hamachi network, you click the network button and are prompted to supply a network name and password. As the connection is established, the Hamachi network interface is assigned its own IP address in a range separate from the one you're already using. For example, our test system's physical network adapter was configured with an address in the 192.168.1.x range, but our Hamachi adapter's IP address was assigned 220.127.116.11. (Although this address is technically a public IP address, in this case it's accessible only through the Hamachi network.)