MJR wrote:
I replied and it's in the archive. Maybe your inbound email is broken?
Odd: now I look for it its in my list mailbox unread, but I've never seen it. Brain failure on my part, I guess.
Back then, MJR said:
Once the basic idea is figured out (which does take a non-networking person like me some time), it seemed to be a simple task of generating some encryption keys, setting up the link and saving the commands to config files. I was using pppd - ssh - slirp to form the link and do the network address translations (NAT), which seemed to work pretty well without needing root on a system inside the remote network.
Unfortunately I have to do this for Windows clients as well as Linux ones (typically it'll be using a Linux server to provide access to a Windows network, but using Windows clients outside the office). I've had some success with OpenVPN (more so than with IPSec) but it always seems very painfull to set up what seem like fairly standard systems. Maybe I should have another crack at it and ask here when I get stuck.
Windows networking across VPN is crap anyway (SMB protocol issues I guess, but it's always slow and hardwork) but Hamachi doesn't solve that either.
A bit of slick packaging and testing looks like hamachi's only innovation. Those get blown out of the water for me by being single-platform and unreviewable. Am I being too harsh?
Well it isn't single platform any more, but it remains closed source and therefore as a security product the review issue is a significant one (hence the subject: I'd like to find an OSS equivalent).
It is very easy to use, in that I can download a client and get it talking to my own VPN without any significant configuration (and, significantly, without having to make any changes to - say - the office I'm trying to connect to. All I need to know is the network name and its password. So far it's not that different from other VPN offerings, other than ease of use, but its peer-to-peer nature is what makes it interesting to me; I could have half a dozen machines on half a dozen different networks all connected to the same VPN without traffic going through a central server. (Hamachi uses a central server to mediate the connections but no actual data flows through it.) I believe there are a lot of similarities with the way (for example) Skype works, but I'm no expert on Skype either.
All of this raises security concerns, mostly from the inability to review the code. Where I'm playing with it I'm using non-critical machines and additional firewalls limiting what can come through the VPN. That said, it is useful as it stands and I would use it more if I could address the security issues.
FWIW Hamachi under Linux does have some code which has to be run as root, and for that source is provided, suggesting the author is aware of these issues.
Mark Rogers, More Solutions Ltd