Running Hamachi VPN P2P as a Service on Windows and Linux box...

crosspost from http://rextang.net/blogs/work/

So after I've solved the clock and time problem on my Linux box, it's now time to think about others. I found Hamachi and wrote a post about it couple weeks ago. I found that it's really simple to install and easy to use when I am not able to have a VPN environment outside the world. Now I got Windows Servers accessing with Terminal Service, and also got Linux boxes accessing using SSH or VNC over XDMCP, it would be more secure if I can access those boxes via those procotols on a VPN based tunnel.

Hamachi is built as a windows client app. it also got linux client. Windows client needs to become paid user to have the "Run as Service" function, and linux will need some more steps to let it run when system boot on. so my next homework is to build my own VPN P2P server communication private network using hamachi and let hamachi running as service on each OS box.

After doing a search to Google, found this post (also listing on Digg) talking about making hamachi windows client running as a service in any windows platform (including XP), and also contained links pointing to let hamachi running as a service on linux, Mac, and other platforms, that's the answer of this homework.

On windows side, running client windows app as a service is an old tricks of using instsrv.exe and srvany.exe, and it's the same way on that post to make hamachi run as a system service inside windows.

On linux side, the main study is to understand the system boot up sequences and know where to put hamachi client also solve the access premission problems.

Read the post about detail explaination and installation steps. I'll just memo the instructions here for my backup note.

Windows Clients / Servers: (original post)

• Download Windows 2003 resource kit tools (or search google for it)
• install the resource kit to get instsrv.exe and srvany.exe on "c:\program files\Windows Resource Kits\" and copy those 2 files to hamachi directory.
• go to hamachi installed dir, run "instsrv.exe AutoHamachi "c:\program files\hamachi\srvany.exe" " to create the system service record. "AutoHamachi" is just service name and can name it yourself.
• open regedit, locate "HKLM\SYSTEM\CurrentControlSet\Services\AutoHamachi\", create a key named "Parameters"
• inside "Parameters" key, new a string value with name "Application" and value "c:\\program files\\hamachi\\hamachi.exe -srvany -config "C:\Documents and Settings\Administrator\Application Data\Hamachi" ", config path is your user account path if you are not running as administrator account.
• go to control panel under services pannel , locate AutoHamachi service, see the properties, on "Log On" tab remember to check "Local System Account" and "Allow service to interact with desktop" , then just start the service and everything is done. (remember to make the startup type to Automatic).

Linux Servers: (original post)

• download the hamachi package.
• making "/usr/src/hamachi" dir., unpack download tar.gz file with "tar -zxvf filename.tar.gz" and put the unzip stuffs in that dir.
• go to "/usr/src/hamachi/package-version/" dir, run "make install" to install hamachi on linux.
• do a "hamachi-init -c /etc/hamachi " to make a public hamachi profile under dir "/etc/hamachi"
• issue and run "tuncfg" to enable root priviledge on tunnelling network for hamachi process
• issue "hamachi -c /etc/hamachi start" to start hamachi client
• issue "hamachi -c /etc/hamachi set-nick server-nick-name" to set server nickname
• issue "hamachi -c /etc/hamachi login" to login to hamachi server
• if no exist network, create self-own one by issuing "hamachi -c /etc/hamachi create network-name"
• if joining existing network, issuing "hamachi -c /etc/hamachi join network-name"
• issue "hamachi -c /etc/hamachi go-online network-name" to make this client online on the network to be seen by peers
• issue "hamachi -c /etc/hamachi list" to list peer machines and IP addresses
• issue "hamachi -c /etc/hamachi go-offline" to get current machine offline from the network
• issue "hamachi -c /etc/hamachi stop" to stop hamachi
• issue "hamachi --help" for all the parameters valid.
• making a hamachi startup script named "/etc/hamachi-start" :

#!/bin/sh

hamachi_start() {
  echo "Starting hamachi..."
  /sbin/tuncfg
  /usr/bin/hamachi -c /etc/hamachi start
}

hamachi_stop() {
  echo "Stopping hamachi..."
  killall tuncfg
  /usr/bin/hamachi -c /etc/hamachi stop
}

hamachi_restart() {
  hamachi_stop
  sleep 1
  hamachi_start
}

case "$1" in
'start')
  hamachi_start
  ;;
'stop')
  hamachi_stop
  ;;
'restart')
  hamachi_restart
  ;;
*)
  hamachi_start
esac

• issue "chmod 711 /etc/hamachi-start" to change script file to runable mode
• under different distribution find out the boot up files and locate "rc.local" file (usually at /etc/rc.d/rc.local) to add the scripts by adding the following code in the last:

if [ -x /usr/bin/hamachi-start ]; then
 . /usr/bin/hamachi-start
fi

• OR just create symbolic link of "hamachi-start" into runlevel 3 startup dir "/etc/rc.d/rc3.d/" by issuing "ln -s /etc/hamachi-start /etc/rc.d/rc3.d/S50hamachi-start"
• test if can start and stop hamachi service by using the symbolic link. start by "/etc/rc.d/rc3.d/S50hamachi-start" , stop by "/etc/rc.d/rc3.d/S50hamachi-start stop".
• if everything went well, running hamachi as a startup loading program is done.

but actually there should be the iptables firewall that needs to be set to allow the connection, or else the peers would only see the linux box but may not be able to login. by default the SSH port 22 should be opened thus it should be no problem to connect to the linux hamachi ip with SSH, but if there are other services you want to use, just like what I've setup xdmcp and vnc, it should be convenient to just add those peers hamachi ip-address to iptables to allow full access of the network.

• by default linux hamachi client would also create a network interface called "ham0", when setting up iptable rules, it needs to be target to this interface instead of eth0.
• setup pass-through rule for peer hamachi IPs by editing iptables conf file at "/etc/sysconfig/iptables" and adding like "-A RH-Firewall-1-INPUT -i ham0 -s 5.1.2.3 -j ACCEPT" to allow each peer.
• save "/etc/sysconfig/iptables" file and restart iptables service by issuing "service iptables restart".
• test each connection way to make sure you can really connect via hamachi ip address.

one can have max 16 machines inside a self-created network if using hamachi free service. pretty enough for testing env.

that's it. now I have some Windows Server boxes, some Linux server boxes, and a secure network to connect them over internet.

Technorati Tags: linux , hamachi, fedora, CentOS, VPN, P2P, windows , service