Networking

Use Hamachi VPN on your Linux clients

If you need to set up a VPN on your Linux machine, and you don't want to deal with the hassle of configuring OpenVPN (or passing traffic through a router), there is a solution. Jack Wallen has the details in this tip.

If you've used Linux in a business environment, you know there are times when you might need to host a VPN on that Linux machine in order to access said machine from other locations. If you need such a service, you could go through the steps of installing a tool like OpenVPN (which is, of course, an outstanding open source VPN solution) or, you can do this the easy way and install the Hamachi VPN GUI for a very easy VPN setup.

I want to demonstrate how to install Hamachi and Haguichi on a Ubuntu desktop installation so you can see how easy it can be to add your Linux desktop to a VPN.

What you need

There are two pieces to this puzzle:

There are a few different GUI options that you may come across for Linux: Hamachi GUI and Haguichi. Hamachi GUI seems to be outdated and not terribly reliable. Haguichi, on the other hand, is quite reliable. We'll install that tool to use as a GUI front-end, but before you install that, you must install Hamachi2.

Installation

First, download the Hamachi2 deb from the Logmein download page. Once you have that downloaded, do the following:

  1. Open up a terminal window.
  2. Change to the directory housing the newly downloaded .deb file.
  3. Issue the command sudo dpkg -i logmein-hamachi_XXX_xxx.deb (Where XXX is the release number and xxx is the architecture for your hardware). NOTE: If your installation doesn't complete, you might need to open up Synaptic to "fix" the broken packages. This is an easy way to catch all of the dependencies.
  4. Type your sudo password and hit Enter.
  5. Allow the installation to complete.

With that piece installed, you are ready to install the GUI. Instead of downloading a .deb file, we are going to add the PPA for Haguichi to our system. Once the PPA is added, Haguichi can be installed using apt-get. Here are the steps:

  1. Open up a terminal.
  2. Issue the command sudo add-apt-repository ppa:webupd8team/haguichi.
  3. Issue the command sudo apt-get update.
  4. Issue the command sudo apt-get install haguichi.

I will say the Haguichi client does seem to be a bit more reliable than Hamachi GUI.

Connect to, or create a VPN network

Figure 1

Now that you have everything installed, click Applications | Internet | Haguichi. When the Haguichi window opens (at left), click Client | Join Network. A new window will open where you can enter the credentials for the VPN you want to join. You can also create a new network by clicking Client | Create Network. You will have to enter a name and a password for that network. This should go without saying, but make sure your password follows standard strong password practices. Do NOT create a week password for a VPN network connection.

Once you are joined to a VPN network you can browse other machines on the network by double-clicking the listed machine, which will open up a file browser window for all available shares on that machine. NOTE: If the target machine has no shares, you will not be able to browse the machine.

You can also change the nickname of the machine you are working on. This is handy when the hostnames of the various machines on your network are similar. To change the nickname click Client | Change Nickname and then enter the new information.

Final thoughts

If you need to connect a Linux machine to an Hamachi VPN (or need to quickly create a VPN network) you can't go wrong with Hamachi2 and either Hamachi GUI or Haguichi. The setup time is fast, the tools are user-friendly, and it beats having to walk through the more complex configuration of OpenVPN. The downside? Although the source code of the Haugichi software is 100% open source, it does rely on the Hamachi service which uses non-open source software. That's picking at nits, but some open source users are purists.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

14 comments
pgit
pgit

"ubuntu" is "Linux" so far as the general public is concerned. ;)

joe
joe

This article leaves out half (or more) of the Linux boxes out there. It only addresses the Debian/Ubuntu distributions. It should also have the commands and information for the rpm based distros, like Fedora, Suse and RHEL & clones.

hideya
hideya

This article is very interesting for me. But I'm using PacktiX as vpn software. We can use this on both server and client. This is very useful for me. And this is released as OSS , the name is "UT-VPN". Thanks.

pgit
pgit

Like a lot of vpn apps this is a client only. They assume you already have a vpn set up somewhere to access. I have found no open source and free vpn servers for windows, the only free server I can find is openvpn. It is a bear to set up but once going, it's very secure and performs well. I suppose setting up a client is ripe for simplification. I'll have to give this one a try and see if it really is 'easy.' The benchmark I would use is the vpn client tool in the Mandriva control center. A few clicks, fill in some paths in provided windows and you're off...

NightMonkey
NightMonkey

Just a heads up for folks here. Using a VPN to gain access to an internal machine from the outside might run afoul of the internal network's owner's policies. If that network owner is responsible for your pay, you might think twice before just poking holes and joining networks together with VPNs, no matter who makes the software. At worst, it could be considered an illegal access. Ask first. :)

cbader
cbader

Would this work for connecting to a CheckPoint firewall that uses a client certificate as an authentication mechanism?

robo_dev
robo_dev

It is possible that the 5.x may be handed out in the future. Of course I would assume that this would simply cause authentication to fail, not route your VPN through Uzbekestan or anything...

TelcoChuck
TelcoChuck

What about the 5.x.x.x ip address range that Hamachi reserves but is not allocated to anyone? Is there any possibility / probability with the ip address shortage that the range may be allocated to a different party? What would be the dangers of using the product in such a situation?

pgit
pgit

OpenVPN is totally free and does provide a server, although there's no server for WINDOWS. ~(8 \)

hideya
hideya

I could understand the license of OpenVPN thanks to you.

pgit
pgit

That is a specific, more feature-enhanced product they provide, "Access Server" is a trade name. I would imagine this makes the whole thing a LOT easier, more secure and integrates easily with Exchange, mail or what have you. If you're up to it, you can do this with the basic free OpenVPN under the GPL, but any 'advanced' features you'd need would be your responsibility to create them. With the paid version you are guaranteed a modicum of support from the developers. With the free version you will probably get support in the community forums but it would be someone volunteering to help you, and there's no guarantee that they are providing the right answers! I find most open source communities to be extremely helpful. But there is the potential that you may have a huge problem and nobody volunteers any answers. You have to weigh how much responsibility you want to have yourself, versus passing the buck to someone else, for a fee. I may be lucky but most of my clients are very understanding of the nature of open source. I'm up front with it's pitfalls as well as advantages. Fortunately most open source apps are so well written I don't have a lot of troubles with it. But let me tell you, there's been a few days when I wished like heck this problem were somebody else's responsibility. That'll happen with any software, but so long as your windows licenses are up to date, you WILL ultimately get help from Microsoft if absolutely needed. I never run anything else on a firewall machine other than the firewall, I use dedicated hardware on the perimeter. VPN at this point is a matter of forwarding the port to the VPN server. If I need added security there's options like allowing connections only from known remote IPs, which you'd do on the VPN server with iptables. So long as you don't let the server key out of the bag, OpenVPN is pretty dang secure.

pgit
pgit

I will keep my eye on that project and test it when they release an English localization. OpenVPN can be temperamental in some environments, if someone were to build an easier, more comprehensive build I'd consider using it. If you are going to try OpenVPN I suggest testing on debian. It's been the easiest to work with so far, and the most stable as well. Be well out there... =)