 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I heard about this on Steve Gibson's "Security Now!" podcast (http://www.odeo.com/audio/523556/view): http://hamachi.cc/ Hamachi is a zero-configuration virtual private networking application with an open security architecture and NAT-to-NAT traversal capabilities. It's a VPN that takes about 5 minutes to set up. Perhaps a decent alternative to OpenVPN. The implementation combines aspects of peer-to-peer networks and remote access services like GoToMyPC. Similar to the latter both the client and the server make outbound connections to an intermediary server that brokers the connection. This allows it to be a quick and simple installation that requires no configuration, and doesn't need ports to be opened on your firewall. Unlike GoToMyPC it isn't a remote desktop tool, it's a full VPN. Another important distinction is that instead of using TCP connections, it tunnels the VPN through UDP packets, which they briefly talk about here: http://hamachi.cc/howitworks The big deal about this is that, once the connection has been brokered, it allows them to setup direct peer-to-peer connections between the two end-points, traversing NAT routers on both ends. Compare that to GoToMyPC that uses TCP connections: GoToMyPC's servers not only broker the connection, but remain in the middle, sort of like a proxy, which uses up their bandwidth and is partly why their service carries a monthly fee. They don't explain it, but I believe the reason why this works has to do with the firewalling rules typically used for UDP. Because UDP is a connectionless protocol, when your computer sends a UDP packet to some remote computer, your firewall opens up a window (period of time) in which it will accept any UDP packet from that remote computer directed at the originating port. So what Hamachi probably does is have both ends connect to a brokering server, have them learn of each other's public IP address and agree on a set of ports, then they both start firing UDP packets at each other directly, which causes each firewall to open up for packets from the other party. (Theories or facts to the contrary are welcome. I'm guessing there are other P-to-P tools that use this same technique.) The software is available for both Windows 2000/XP (won't install on NT) and Linux. I gave it a spin and it is a trivial install. The installation process creates a new network interface, and the first time you run the app. you get assigned a permanently static private IP address. It comes with an interactive tutorial that walks you through joining a test network. You can then create your own virtual network by supplying a network name and a password, and with those credentials any machine can be joined to the network (no need for IP addresses or any other information). Each machine can be joined to multiple virtual networks. Hamachi is under a proprietary commercial license, is closed source, but free. Their business model is to charge for premium services, such as a version that runs as a Windows service (so the machine stays joined to the network even when no one is logged in), or a service that provides something similar to the GoToMyPC-style proxying for users with more restrictive firewalls. They also plan to make the brokering server software available - probably for a fee. Steve Gibson gave their security architecture his approval, for whatever that might be worth. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
