Hamachi

Official Thread [Here]

HOW-TO Secure Remote Access – Hamachi+VNC

---

Secure Remote Access with Hamachi and VNC
————————————————-
Update: 4/19/06 – Added ‘Single User’ configuration instructions for Hamachi and installation of gHamachi (Hamachi gtk GUI).
—-By KingOfNowhere

This is a How-To for setting up a secure VNC server by tunnelling it through a Hamachi virtual private network. By setting up VNC this way, it allows you to access your machine securely (using Hamachi’s encryption) and makes your machine accessable from anywhere on the net. Before I jump right in, here is some background:

Hamachi is a zero-config VPN client for Windows and Linux (currently Beta for Mac). It allows you to, very easily, create a virtual private network that can be logged into and accessed for all over the net. It does this by creating IP tunnels to each VPN client, making them directly accessable to all the other clients on the VPN. Hamachi also encrypts the connections it creates to allow for secure access.

VNC is a widely used, cross-platform application that allows for remote desktop access.

Together, these apps can allow for secure, remote access to you machine from anywhere.

Lastly, before I begin the guide, I would like to give credit to those I referenced for this guide:

HOWTO: Hamachi Linux Guide (2.4.x and 2.6.x) By Kamel

and

HOWTO: Set up VNC server with resumable sessions By Tichondrius

thx guys. Anyway on to the guide.
———————————————

Part 1: Hamachi

1.A) The ‘tun’ Module

The very first part of the Hamachi installation is to enable IP Tunnelling support in your kernel. This can be done like this:

Code:

sudo modprobe tun

then open your /etc/modules file and add tun to the list of modules:

Code:

 sudo gedit /etc/modules

If you are using a standard Ubuntu kernel, this should be all you need to do. However, if you compiled your own kernel, you made need to recompile it with IP Tunnelling support (only if you recieve an erro with ‘modprobe’). If anyone needs help installing the module, see HOWTO: Hamachi Linux Guide (2.4.x and 2.6.x) By Kamel

1.B) Installing Hamachi

Okay, now on to the actual Hamachi software. But first, we need to make sure that a valid tunnelling node has been created in /dev. This is done like this:

Code:

ls /dev/net/tun

If you get a “No Such File or Directory” error, you need to create a new node like this:

Code:

sudo mkdir /dev/netsudo mknod /dev/net/tun c 10 200

Okay, now that we have a valid IP Tunnel node, time to install Hamachi.

Download the latest version of Hamachi from http://www.hamachi.cc/download.

Enter the directory where you downloaded it and here is how to install it:

Code:

#Extract the archivetar -zxvf hamachi-0.9.9.9-x.tar.gzcd hamachi-0.9.9.9-x/

#install Hamachisudo make installsudo tuncfg

#Hamachi is installed

1.C) Setting User Permissions

For security sake, we are going to set the permissions of Hamachi so that it can only be started by members of the ‘hamachi’ group. This is done like so:

Code:

#Create the 'hamachi' groupsudo groupadd hamachi

#Add your user to the groupsudo gpasswd -a user hamachi

#Add root to the groupsudo gpasswd -a root hamachi

#Set socket permissionssudo chmod 760 /var/run/tuncfg.sock

#Finally, changing the group of the filesudo chgrp hamachi /var/run/tuncfg.sock

Now that permissions are done, on to configuration.

1.D) Hamachi Configuration – System Service

Follow this section if you want Hamachi to run as a system service (in the background). I chose to list this method of configuration first because it seemed most relivant to the guide. If you want to have Hamachi run as a user application and install the gtk frontend, skip to section ’1.E’.

1.D.1) Base Configuration

Creating an initial configuration can be done like so:

Code:

sudo hamachi-init -c /etc/hamachi

the result should be something like this:

Code:

Initializing Hamachi configuration (/etc/hamachi). Please wait ..

  generating 2048-bit RSA keypair .. ok  making /etc/hamachi directory .. ok  saving /etc/hamachi/client.pub .. ok  saving /etc/hamachi/client.pri .. ok  saving /etc/hamachi/state .. ok

Authentication information has been created. Hamachi can now be started with'hamachi start' command and then brought online with 'hamachi login'.

Okay, next is to start Hamachi:

Code:

sudo hamachi -c /etc/hamachi start

Now that we are up and running, you need to set your nickname:

Code:

sudo hamachi -c /etc/hamachi set-nick "YourNickHere"

Next, we need to login to Hamachi and then either login to an existing network or create a new one. Like this:

Code:

#Login to Hamachisudo hamachi -c /etc/hamachi login

#To join an existing networksudo hamachi -c /etc/hamachi join network password

#Or to create a new networksudo hamachi -c /etc/hamachi create network password

#Lastly, to go online to the network you joinedsudo hamachi -c /etc/hamachi go-online network

*NOTE ABOUT NETWORK PASSWORDS*
I would recommend visiting http://grc.com/passwords for a random string password. They are very strong passwords and adds to the security of your setup.

Now your machine is up and running on it’s own Hamachi VPN. The last part of the installation is a script written by Kamel that will allow Hamachi to run on startup.

1.D.2) Hamachi Startup Script

Open gedit and save the following as /etc/init.d/hamachi

Code:

#!/bin/sh

hamachi_start() {  echo "Starting hamachi..."  /sbin/tuncfg  /usr/bin/hamachi -c /etc/hamachi start  /bin/chmod 760 /var/run/tuncfg.sock  /bin/chgrp hamachi /var/run/tuncfg.sock}

hamachi_stop() {  echo "Stopping hamachi..."  killall tuncfg  /usr/bin/hamachi -c /etc/hamachi stop}

hamachi_restart() {  hamachi_stop  sleep 1  hamachi_start}

case "$1" in'start')  hamachi_start  ;;'stop')  hamachi_stop  ;;'restart')  hamachi_restart  ;;*)  hamachi_startesac

Lastly, you need to make the script executable and add it to startup:

Code:

sudo chmod +x /etc/init.d/hamachisudo update-rc.d hamachi defaults

1.E) Hamachi Configuration – User Application

Follow this section if you want Hamachi to run as a user application and to use the pretty gtk frontend. If you want to have Hamachi run as a system service in the background, go back to section ’1.D’.

1.E.1) Base Configuration

Creating an initial configuration can be done like so:

Code:

hamachi-init

the result should be something like this:

Code:

Initializing Hamachi configuration (/home/user/.hamachi). Please wait ..

  generating 2048-bit RSA keypair .. ok  making (/home/user/.hamachi directory .. ok  saving (/home/user/.hamachi/client.pub .. ok  saving (/home/user/.hamachi/client.pri .. ok  saving (/home/user/.hamachi/state .. ok

Authentication information has been created. Hamachi can now be started with'hamachi start' command and then brought online with 'hamachi login'.

Okay, next is to start Hamachi:

Code:

hamachi start

Now that we are up and running, you need to set your nickname:

Code:

hamachi set-nick "YourNickHere"

Next, we need to login to Hamachi and then either login to an existing network or create a new one. Like this:

Code:

#Login to Hamachihamachi login

#To join an existing networkhamachi join network password

#Or to create a new networkhamachi create network password

#Lastly, to go online to the network you joinedhamachi go-online network

*NOTE ABOUT NETWORK PASSWORDS*
I would recommend visiting http://grc.com/passwords for a random string password. They are very strong passwords and adds to the security of your setup.

Now your machine is up and running on it’s own Hamachi VPN. The last part of the installation is to install the GUI for Hamachi. Here is how that is done.

1.E.2) Hamachi GUI (gHamachi) Installation

First, visit the Hamachi forums and download the most recent version of the gHamachi frontend for either gtk 2.0 or gtk 1.2 (whichever you prefer).

gHamachi can be found here.

Second, simply unpack the gHamachi tarball, copy the binary to /usr/bin, and give it permission to run (chmod +x).

Code:

tar xfz gHamachi_gtk2.tar.gzsudo mv ghamachi /usr/bin/sudo chmod +x /usr/bin/ghamachi

Once that is done, the Hamachi GUI is completely installed.

Start the GUI like this:

Code:

ghamachi

Hamachi is all set up now, now on to VNC.

Part 2: VNC

This section of my guide is largely based on Tichondrius’ Guide, nice guide man. This part of the guide is currently intended only for those using the Gnome desktop. For those of you using KDE or something else, please refer to other threads on this forum or the VNC Homepage.

2.A) Enabling XDMCP in Gnome

There are a few settings that need to be set inside Gnome before we begin:

System -> Administration -> Login Screen Setup
Security Tab -> Enable XDMCP
XDMCP Tab -> Disable “Honor Indirect Requests”

Next we need to install the required packages.

2.B) Installing VNC and xinetd

First, make sure you have the Universe repository added to your apt.sources. If you dont know how to do that, look here.

Next, install VNC and xinetd:

Code:

sudo apt-get install vnc4server xinetd

Next, set a VNC password:

Code:

sudo vncpasswd /root/.vncpasswd

Then, open gedit and save the following as /etc/xinetd.d/Xvnc:

Code:

service Xvnc{        type = UNLISTED        disable = no        socket_type = stream        protocol = tcp        wait = yes        user = root        server = /usr/bin/Xvnc        server_args = -inetd :1 -query localhost -geometry 1024x768 -depth 16 -once -fp /usr/share/X11/fonts/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd        port = 5901}

Lastly, restart xinetd and it is all setup:

Code:

sudo /etc/init.d/xinetd stopsudo killall Xvncsudo /etc/init.d/xinetd start

You can test the VNC server with this:

Code:

vncviewer localhost:1

At this point, both Hamachi and VNC have been installed and configured on your machine. Next are some recommended firewall settings to keep you secure and keep everything runing smoothly.

Part 3: Settings and Usage

3.A) Firewalls

To keep your machine secure with these newly installed services, I recommend these additional settings in your firewall:

For XDMCP -> only allow incoming connections from 5.x.x.x (Hamachi subnet) to Ports 6000-6009

For VNC -> only allow incoming connections from 5.x.x.x (Hamachi subnet) to Port 5901

Filtering these ports this way, will only allow Hamachi connections to connect to these services.

*NOTE FOR FIRESTARTER USERS*
If you use the Firestarter firewall, then you must add these two lines to your ‘/etc/firestarter/user-pre’ file to accept connections on the Hamachi interface:

Code:

$IPT -A INPUT -i ham+ -j ACCEPT$IPT -A OUTPUT -o ham+ -j ACCEPT

Then restart Firestarter:

Code:

sudo /etc/init.d/firestarter restart

I do not know if there are similar configuration changes required by iptables. If anyone can comment, please do.

3.B) Usage

Now that your machine is all setup and configured, accessing your machine remotely becomes as easy as a few simple steps.

- On the Connecting Machine -

You need to install Hamachi on the connecting machine and join the network your destination machine is on.

Then, you need to install a VNC Viewer on the connecting machine.

Once Hamachi is setup and VNC Viewer is installed on the connecting machine, all you need to do now is open a VNC connection to your destination machine’s Hamachi IP address (ex. 5.x.x.x) on display 1 (ex. 5.x.x.x:1).

For Example:

Server = 5.18.36.109:1

*Do not forget to specify the ‘:1′ after the IP address, otherwise you won’t connect.

Then, all you have to do is enter your VNC password, then login as your user.

Now that you are logged into your machine remotely, my guide is done here.

pages: 1 2