Hamachi (software)
LogMeIn Hamachi is an easy- to-configure, proprietary VPN client with a built-in Instant Messenger. It allows you to create a virtual LAN over the Internet. Programs that otherwise only work on local networks, can be so over the Internet use, such as computer games or file sharing programs.
Function
The connection between the computers is using a central server operated by the provider (mediation server), bibi.hamachi.cc constructed. If the server because of a corresponding firewall rule or by default is not available, no new connections are possible. However, existing tunnels continue to function (tunnel persistence ).
The user data then flow through a peer -to -peer system between the different computers themselves, and not centrally via Hamachi.
The IP addresses used for the tunnel are in the area 5.0.0.0 / 8 This public IP range has been allocated on 30 November 2010 by the IANA to RIPE, thus it leads to collisions with IP addresses on the Internet. In an active Hamachi tunnel Internet hosts are not reachable in the network 5.0.0.0 / 8. On November 19, 2012 LogMeIn waving on the range 25.0.0.0 / 8, which was used at that time exclusively by the Ministry of Foreign Affairs of Great Britain, which is why the manufacturer of the tunnel software does not see any problems here.
To avoid having to configure the NAT router port redirections, a STUN -like NAT traversal technique is used, whose exact function is kept secret.
First there was Hamachi only for the Microsoft Windows platform, meanwhile beside a Linux and Mac version are published. All versions are still in beta. The software is proprietary and will remain unfree according to the developers.
Security
Kerckhoffs ' principle states that the security of a cryptographic method is based only on the secrecy of the key and not on the secrecy of the algorithm itself, since the program is closed source, security can not be determined by an audit. A description of the security architecture by the manufacturer is available in English.
The for the function of the system is strictly necessary and operated by the manufacturer server stores the user name, the password, the statically allocated 25.0.0.0 / 8 IP address and a token used for authentication. In addition, the server for each established tunnel can log the actual public IP address of the user, the start and the duration of the connection and the other users involved. In addition, there is a possibility for which there is no concrete evidence indicates that more information is transmitted from the client to the server in the encrypted packets.
All participants of a tunnel have the same access to the computers of stakeholders, such as a LAN, NAT and firewall function upstream router is bridged. Therefore, appropriate measures must be taken to avoid potential security issues that arise from the fact.
Use
In addition to the VPN function that makes, among other things, the use of network games, the program also allows text and files between the connected computers to exchange. It is e.g. also suitable to create server in order to play games.
Press
- Ahlers, Ernst: The power in the network - securely tighten A private LAN through the Internet. In: c't 7/2006, p 104: The private network: system choice.