I don't know if anyone here has played with Hamchi: www.hamachi.cc
Essentially its a closed source (but free as in beer) VPN system which uses a peer-to-peer infrastructure. Effectively it allows anyone to join a VPN (with the right passwords, etc) without any of the normal "fun" associated with VPN configuration.
It has two major downfalls:
1. It's Windows only at present (a Linux client is coming, though) 2. As I said above, its closed source.
The second point is the one that concerns me most. Security software which is not open source basically just bothers me. Of-course point 1 is also a side effect of point 2 (it's not the developer's priority, so it's not been done, where with the OSS model I'm pretty sure it would have been by now).
Since I'm new to Hamachi, its quite possible that there are similar OSS projects. Does anyone here know of anything like it?
[I will say that on Windows platforms Hamachi is very effective at what it does.]
Mark Rogers, More Solutions Ltd
Mark Rogers asked:
Essentially its a closed source (but free as in beer) VPN system which uses a peer-to-peer infrastructure. Effectively it allows anyone to join a VPN (with the right passwords, etc) without any of the normal "fun" associated with VPN configuration.
Just out of interest, what do you consider the normal "fun"?
Once the basic idea is figured out (which does take a non-networking person like me some time), it seemed to be a simple task of generating some encryption keys, setting up the link and saving the commands to config files. I was using pppd - ssh - slirp to form the link and do the network address translations (NAT), which seemed to work pretty well without needing root on a system inside the remote network.
That's TCP, which doesn't seem to handle network disruption as well. I did try a UDP-based one, but it didn't work, didn't give enough debug output and I didn't continue after ppp/ssh worked.
A bit of slick packaging and testing looks like hamachi's only innovation. Those get blown out of the water for me by being single-platform and unreviewable. Am I being too harsh?
I don't know whether there's one out there, but an ALUGger told me that Xandros has VPN in its business edition. Anyone know what software is used for that?
A month ago I wrote:
I don't know if anyone here has played with Hamchi: www.hamachi.cc
Nobody replied on this, so I'm not sure if that's lack of knowledge or lack of interest, but in case it's not the latter there does now seem to an early Linux client for Hamachi (you need to register on the forums and ask for it at this stage, but it proves that it is being progressed). My attempts at installing it have been 100% successful, which is nice.
It's still closed source, of-course, but I don't know of any OSS alternatives (I daresay they'll come if Hamachi proves useful).
Mark Rogers, More Solutions Ltd
On Wed, Jun 15, 2005 at 11:06:34AM +0100, Mark Rogers wrote:
A month ago I wrote:
I don't know if anyone here has played with Hamchi: www.hamachi.cc
Nobody replied on this, so I'm not sure if that's lack of knowledge or lack of interest, but in case it's not the latter there does now seem to an early Linux client for Hamachi (you need to register on the forums and ask for it at this stage, but it proves that it is being progressed). My attempts at installing it have been 100% successful, which is nice.
Well, given that it is (well was) Windows only software I'm not surprised that there isn't much interest on a Linux mailing list.
I for one would not be am certainly not really interested as it is closed and non-free software which when it comes to security stuff doesn't really excite me all that much, especially given that the company doesn't really have all that much to say about itself so I have no idea who they are or what their track record is. Let alone the idea of running a VPN on Windows machines in the first place... although, I have run hardware VPNs from several manufacturers in the past (think Cisco and Netscreen) but at least they don't suffer from running on a Windows box in the first place.
Adam
Adam Bower wrote:
Well, given that it is (well was) Windows only software I'm not surprised that there isn't much interest on a Linux mailing list.
The purpose of the email here was to try and determine if there were similar but OSS alternatives.
Now that there is a Linux client (and it took me 5 mins to get working from a standing start with no prior knowledge of how it works, something I can't say about any VPN stuff I've done before) I will doubtless play with it a bit more (I can see use getting my home PC talking to my office test web server for development work, for example). But I'm not going to go far until I understand the security a bit (well a lot) better. An OSS version would therefore be much better.
I for one would not be am certainly not really interested as it is closed and non-free software which when it comes to security stuff doesn't really excite me all that much
Agreed, but I do like the peer-to-peer approach (mostly because it is very flexible and it seems to work very well) provided the security issues can be addressed.
I don't know of any p2p VPN OSS applications, though. I would really like to know if there are any.
Let alone the idea of running a VPN on Windows machines in the first place...
I prefer having a VPN to access a Windows machine rather than having to actually visit one!
I have run hardware VPNs from several manufacturers in the past (think Cisco and Netscreen) but at least they don't suffer from running on a Windows box in the first place.
We use a hardware VPN in the office, but either its closed to external IP addresses that haven't been specifically allowed access (which is secure but inflexible if I get stuck on site and need access to office files), or it allows access to anyone who can guess a username/password (which is flexible but not as secure). At least using the P2P method you have the flexibility of the second method without having an open port on a firewall shouting "guess me" to the rest of the world.
Mark Rogers, More Solutions Ltd
Mark Rogers wrote:
Nobody replied on this, so I'm not sure if that's lack of knowledge or lack of interest [...]
I replied and it's in the archive. Maybe your inbound email is broken?
MJR wrote:
I replied and it's in the archive. Maybe your inbound email is broken?
Odd: now I look for it its in my list mailbox unread, but I've never seen it. Brain failure on my part, I guess.
Back then, MJR said:
Once the basic idea is figured out (which does take a non-networking person like me some time), it seemed to be a simple task of generating some encryption keys, setting up the link and saving the commands to config files. I was using pppd - ssh - slirp to form the link and do the network address translations (NAT), which seemed to work pretty well without needing root on a system inside the remote network.
Unfortunately I have to do this for Windows clients as well as Linux ones (typically it'll be using a Linux server to provide access to a Windows network, but using Windows clients outside the office). I've had some success with OpenVPN (more so than with IPSec) but it always seems very painfull to set up what seem like fairly standard systems. Maybe I should have another crack at it and ask here when I get stuck.
Windows networking across VPN is crap anyway (SMB protocol issues I guess, but it's always slow and hardwork) but Hamachi doesn't solve that either.
A bit of slick packaging and testing looks like hamachi's only innovation. Those get blown out of the water for me by being single-platform and unreviewable. Am I being too harsh?
Well it isn't single platform any more, but it remains closed source and therefore as a security product the review issue is a significant one (hence the subject: I'd like to find an OSS equivalent).
It is very easy to use, in that I can download a client and get it talking to my own VPN without any significant configuration (and, significantly, without having to make any changes to - say - the office I'm trying to connect to. All I need to know is the network name and its password. So far it's not that different from other VPN offerings, other than ease of use, but its peer-to-peer nature is what makes it interesting to me; I could have half a dozen machines on half a dozen different networks all connected to the same VPN without traffic going through a central server. (Hamachi uses a central server to mediate the connections but no actual data flows through it.) I believe there are a lot of similarities with the way (for example) Skype works, but I'm no expert on Skype either.
All of this raises security concerns, mostly from the inability to review the code. Where I'm playing with it I'm using non-critical machines and additional firewalls limiting what can come through the VPN. That said, it is useful as it stands and I would use it more if I could address the security issues.
FWIW Hamachi under Linux does have some code which has to be run as root, and for that source is provided, suggesting the author is aware of these issues.
Mark Rogers, More Solutions Ltd
"Mark Rogers" mark@quarella.co.uk wrote:
It is very easy to use, in that I can download a client and get it talking to my own VPN without any significant configuration (and, significantly, without having to make any changes to - say - the office I'm trying to connect to. All I need to know is the network name and its password.
So the remote office is already running some VPN server?
So far it's not that different from other VPN offerings, other than ease of use, but its peer-to-peer nature is what makes it interesting to me;
I think that's the way VPNs should work, but routing can get fun: which remote networks are best reached over each VPN. One situation is where one of the remote offices has a subscription to a particular resource: as well as traffic for the remote office network, you want to route traffic for the subscription service through that VPN.
-
Adam Bower -
Mark Rogers -
MJ Ray