| LinHES Forums http://forums.linhes.org/ |
|
| Hamachi a zero config VPN for windows linux.. and soon mac! http://forums.linhes.org/viewtopic.php?f=5&t=7422 |
Page 1 of 1 |
| Author: | gr8nash [ Sat Dec 17, 2005 1:20 pm ] |
| Post subject: | Hamachi a zero config VPN for windows linux.. and soon mac! |
some of you have maybe heard of this.. BEST THING SINCE SLICED Bread!!!!!!!! almost no joke.. i have it running on A26 though you do have a couple steps to do BESIDES the README file install.. it mentions howto create a TUN .. you need to as knoppmyth has no "/dev/net/tun" http://www.hamachi.cc/ its a FREE _almost_ ZERO config vpn using AES 256 so its HELL-a-secure and runs on windows, linux.. and soon mac.. it also.. need _NO_ ports open.. so it runs on companies with over protective IT admins.. anyway now i can manage my mythbox from work.. without ssh.. and port forwarding.. also works PERFECT with dialup.. .. has my vote to be included with knoppmyth.. but either way.. i will be using this for years!! This is a cool time to be alive. =) edit: for alot of background about what it is.. listen to mr security himself (the guy who coined and discovered spyware) steve gibson, talking about it. http://media.grc.com/sn/SN-018.mp3 |
|
| Author: | Girkers [ Mon Dec 19, 2005 12:46 am ] |
| Post subject: | |
A mate of mine has been using this for sometime on his Windoze box for gaming. Good to see it going to the Linux platform. |
|
| Author: | willem [ Mon Dec 19, 2005 1:38 am ] |
| Post subject: | |
Seems like an interesting package. Personally I have good experience with OpenVPN (http://www.openvpn.net). Also pretty straight forward to setup. Be careful calling Mr. Gibson a security expert. Apparently his status is very debatable: See "Criticisms" and listed links at: http://en.wikipedia.org/wiki/Steve_Gibson |
|
| Author: | gr8nash [ Mon Dec 19, 2005 8:12 am ] |
| Post subject: | |
ahh wikipdia.. Criticisms on the internet?? http://www.usatoday.com/news/opinion/ed ... edit_x.htm ahh well opinions are like armpits everyone has four or more  for reference see the popularity of gentoo =)
i have been listening to steve for years and have never found any problems.. |
|
| Author: | willem [ Tue Dec 20, 2005 2:14 am ] |
| Post subject: | |
Good point! Wikipedia's credibility is debatable too. The links mentioned in the wikipedia article about Steve Gibson I already read some time ago. They show Mr. Gibson stirs up emotions without always backing it with facts. That doesn't mean that when he raves about Hamachi, he's not right. Just for me it's not a major selling point, hence my reaction. But agreed always be critical on your Internet sources.
|
|
| Author: | Xsecrets [ Tue Dec 20, 2005 4:47 pm ] |
| Post subject: | |
well anyone who raves about a security application with a built in "man in the middle" attack has to be questioned. Not that it makes the application less secure than say standard im or p2p, but the "server" you use to establish the connection (an thus knows the key) could belong do anyone since it's a p2p type application. |
|
| Author: | aaronb [ Tue Dec 20, 2005 4:52 pm ] |
| Post subject: | Re: Hamachi a zero config VPN for windows linux.. and soon m |
gr8nash wrote: it also.. need _NO_ ports open.. so it runs on companies with over protective IT admins.. anyway now i can manage my mythbox from work.. without ssh.. and port forwarding..
Doesn't work for me at work. Requires UDP traffic, so it's a no-go for me. Everything besides TCP/port 80/443 is blocked here. |
|
| Author: | pkscout [ Tue Dec 20, 2005 6:43 pm ] |
| Post subject: | |
Xsecrets wrote: well anyone who raves about a security application with a built in "man in the middle" attack has to be questioned. Not that it makes the application less secure than say standard im or p2p, but the "server" you use to establish the connection (an thus knows the key) could belong do anyone since it's a p2p type application.
Um, actually not so much. The way this works, when you create a machine profile (i.e. install the software), the server creates a public/private key pair, keeps the private key and gives the machine the public key. When you start creating the networks, the server only lets you in if you have a public key that matches the private key. So the only way a man in the middle attack will work is if the new guy has the private key. If that's true you were screwed anyway. |
|
| Author: | pkscout [ Tue Dec 20, 2005 6:45 pm ] |
| Post subject: | Re: Hamachi a zero config VPN for windows linux.. and soon m |
aaronb wrote: Doesn't work for me at work. Requires UDP traffic, so it's a no-go for me. Everything besides TCP/port 80/443 is blocked here.
Yikes! That takes paranoid to a new level. Not even port 25 for email? Guess all you can do is surf the web all day.
|
|
| Author: | aaronb [ Tue Dec 20, 2005 11:51 pm ] |
| Post subject: | Re: Hamachi a zero config VPN for windows linux.. and soon m |
pkscout wrote: Yikes! That takes paranoid to a new level. Not even port 25 for email? Guess all you can do is surf the web all day. And I do it enough to make up for all the other things I can't do. 
|
|
| Author: | Xsecrets [ Wed Dec 21, 2005 1:00 am ] |
| Post subject: | |
Quote: Um, actually not so much. The way this works, when you create a machine profile (i.e. install the software), the server creates a public/private key pair, keeps the private key and gives the machine the public key. When you start creating the networks, the server only lets you in if you have a public key that matches the private key. So the only way a man in the middle attack will work is if the new guy has the private key. If that's true you were screwed anyway.
still doesn't really matter as the entire tunnel has to be built through that server from both ends separately, so that server can easily grab all the data in an unencrypted form if someone were to hack that capability into it. that is the only way it can get around a NAT on both ends. Like I said the likelyhood of this happening is probably not great, but for the tinfoil hat types it's still there. |
|
| Author: | pkscout [ Wed Dec 21, 2005 5:35 am ] |
| Post subject: | |
Xsecrets wrote: still doesn't really matter as the entire tunnel has to be built through that server from both ends separately, so that server can easily grab all the data in an unencrypted form if someone were to hack that capability into it. that is the only way it can get around a NAT on both ends. Like I said the likelyhood of this happening is probably not great, but for the tinfoil hat types it's still there.
Well, that's not my understanding of the way this thing works. As I understand it, the public/private key is used to figure out who is *allowed* to build a tunnel between whom. The server is also used to figure out how the peers can talk and then the two peers setup the tunnel. The server isn't involved in the tunnel at all, and no data is ever sent to the server. The server is only faciliating the exchange, not participating in it. |
|
| Author: | gr8nash [ Fri Dec 23, 2005 2:26 am ] |
| Post subject: | |
Quote: Well, that's not my understanding of the way this thing works. As I understand it, the public/private key is used to figure out who is *allowed* to build a tunnel between whom. The server is also used to figure out how the peers can talk and then the two peers setup the tunnel. The server isn't involved in the tunnel at all, and no data is ever sent to the server. The server is only faciliating the exchange, not participating in it.
thats exactly right.. As far as it not working.. i have had 1 of my setups where it didnt work as well.. hamachii says about 3-5 % of the networks wont be supported for whatever reason.. but when it works.. 4 out of 5 places for me.. it works perfect.. without opening or forwarding ports.. |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|