LogMeIn Hamachi: Difference between revisions
No edit summary |
Not all VPNs establish LAN connection Tags: Mobile edit Mobile web edit |
||
(760 intermediate revisions by more than 100 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|Virtual private network application}} |
|||
{{morereferences|date=May 2008}} |
|||
{{Primary sources|date=May 2013}} |
|||
{{Otheruses4|the [[computer networking]] [[software]]|the [[Japanese cuisine|Japanese]] fish and [[sushi]] ingredient|Japanese amberjack}} |
|||
{{Infobox |
{{Infobox software |
||
| name = LogMeIn Hamachi |
|||
| logo = |
|||
logo = [[Image:Hamachi logo.png|Hamachi logo]] | |
|||
| screenshot = Hamachi (software) interface screenshot.jpg |
|||
| screenshot size = 230px |
|||
caption = Screenshot of Hamachi | |
|||
| caption = Screenshot of the Hamachi Client, showing a joined network and other users who are participating |
|||
developer = [[logmein | LogMeIn Inc.]] | |
|||
| author = [[Alex Pankratov]] |
|||
latest_release_version = 1.0.2.5 | |
|||
| developer = [[LogMeIn|LogMeIn Inc.]] |
|||
latest_release_date = [[Nov 26]], [[2007]] | |
|||
| released = 2004<ref name="patent">{{Cite patent|number=US20070157303A1|title=Server-mediated setup and maintenance of peer-to-peer client computer communications|gdate=2007-07-05|invent1=Pankratov|inventor1-first=Alexandre|url=https://patents.google.com/patent/US20070157303A1/en}}</ref><ref name="Personal website of Alex Pankratov">{{cite web |url=https://swapped.cc/#!/hamachi|title=Hamachi: The virtual private networking system|work=Personal website of Alex Pankratov|access-date=2019-01-16}}</ref> |
|||
operating_system = [[Microsoft Windows]], [[Linux]], [[Mac OS X]] | |
|||
| latest_release_version = 2.3.0.111 (Windows)<ref>[https://support.logmeininc.com/hamachi/help/whats-new-in-hamachi "What's new in Hamachi"]</ref> |
|||
genre = [[Peer-to-peer|P2P]], [[Virtual private network|VPN]] | |
|||
| latest_release_date = {{start date and age|2024|04|18}} |
|||
license = [[Freeware ]]| |
|||
| operating_system = [[Microsoft Windows]] (XP or later), [[macOS]], [[Linux]], Linux on ARM (beta) |
|||
website = [http://www.logmeinhamachi.com/ www.logmeinhamachi.com]<br/>[http://www.hamachi.cc www.hamachi.cc] | |
|||
| genre = [[Peer-to-peer|P2P]], [[Virtual private network|VPN]] |
|||
Network List = [http://www.NetworksHamachi.com www.NetworksHamachi.com] | |
|||
| license = [[Proprietary software|Proprietary]] (Free of charge for up to 5 devices) |
|||
| website = [https://www.vpn.net www.vpn.net] |
|||
}} |
}} |
||
'''Hamachi''' is a |
'''LogMeIn Hamachi''' is a [[virtual private network]] (VPN) application developed and released in 2004 by Alex Pankratov.<ref name="patent">{{Cite patent|number=US20070157303A1|title=Server-mediated setup and maintenance of peer-to-peer client computer communications|gdate=2007-07-05|invent1=Pankratov|inventor1-first=Alexandre|url=https://patents.google.com/patent/US20070157303A1/en}}</ref><ref name="Personal website of Alex Pankratov">{{cite web |url=https://swapped.cc/#!/hamachi|title=Hamachi: The virtual private networking system|work=Personal website of Alex Pankratov|access-date=2019-01-16}}</ref> It is capable of establishing direct links between computers that are behind [[network address translation]] (NAT) firewalls without requiring reconfiguration (when the user's PC can be accessed directly without relays from the Internet/WAN side). Like other layer 2 VPNs, it establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a [[local area network]] (LAN). |
||
| title = Press Release: LogMeIn Acquires Instant VPN Creator |
|||
| publisher = LogMeIn.com |
|||
| date = [[2006-08-08]] |
|||
| url = https://secure.logmein.com/go.asp?page=pressrelease&id=49 |
|||
| accessdate = 2006-08-08 }}</ref> |
|||
Hamachi became a LogMeIn product after the acquisition of Applied Networking Inc. in 2006.<ref name="patent"/><ref>{{Cite web |date=January 11, 2008 |title=REGISTRATION STATEMENT UNDER THE SECURITIES ACT OF 1933 LOGMEIN, INC. |url=https://www.sec.gov/Archives/edgar/data/1420302/000095013508000171/b67378lmsv1.htm |access-date=2023-04-09 |website=www.sec.gov |quote=On July 26, 2006, the Company purchased substantially all of the assets of Applied Networking, a Canadian corporation, in order to expand the Company’s product and service offerings and customer base. In connection with the acquisition, the Company acquired the patented Hamachi technology, a virtual private networking service.}}</ref><ref>{{Cite web |title=Hamachi : Stay Connected |url=https://web.archive.org/web/20060828184025if_/http://hamachi.cc/ |access-date=2023-04-09}}</ref><ref>{{Cite web |date=October 31, 2006 |title=LogMeIn Launches Instant, Zero Configuration VPN |url=http://corp.logmein.com/pdf/LMIPR_LMI_Hamachi.pdf |access-date=2023-04-09 |archive-url=https://web.archive.org/web/20061101194256/http://corp.logmein.com/pdf/LMIPR_LMI_Hamachi.pdf |archive-date=2006-11-01}}</ref> It is currently available as a production version for [[Microsoft Windows]] and [[macOS]], as a beta version for [[Linux]], and as a system-VPN-based client compatible with [[Android (operating system)|Android]] and [[iOS]].<ref name="support">{{Cite web |title=Hamachi System Requirements - Hamachi Support |url=https://support.logmeininc.com/hamachi/help/hamachi-system-requirements-hamachi-c-hamachi-systemrequirements |access-date=2023-04-09 |website=support.logmeininc.com |language=en}}</ref> |
|||
== How it works == |
|||
Hamachi is a centrally-managed [[VPN]] system, consisting of the server cluster managed by the vendor of the system and the client software, which is installed on end-user computers. |
|||
==Operational summary== |
|||
Client software adds a virtual network interface to a computer, and it is used for intercepting outbound as well as injecting inbound [[VPN]] traffic. Outbound traffic sent by the [[operating system]] to this interface is delivered to the client software, which encrypts and authenticates it and then sends it to the destination VPN peer over a specially initiated [[User Datagram Protocol|UDP]] connection. Hamachi currently handles [[tunneling protocol|tunneling]] of [[Internet Protocol|IP]] traffic including [[Broadcasting (computing)|broadcasts]] and [[multicast]]. The Windows version also recognizes and tunnels [[IPX]] traffic. |
|||
Hamachi is a [[proprietary software|proprietary]] centrally-managed [[VPN]] system, consisting of the server cluster managed by the vendor of the system and the client software, which is installed on end-user devices. |
|||
Client software adds a [[Virtual Interface|virtual network interface]] to a computer, and it is used for intercepting outbound as well as injecting inbound [[VPN]] traffic. Outbound traffic sent by the [[operating system]] to this interface is delivered to the client software, which encrypts and authenticates it and then sends it to the destination VPN peer over a specially initiated [[User Datagram Protocol|UDP]] connection. Hamachi currently handles [[tunneling protocol|tunneling]] of [[Internet Protocol|IP]] traffic including [[Broadcasting (networking)|broadcasts]] and [[multicast]]. The Windows version also recognizes and tunnels [[IPX]] traffic. |
|||
Each client establishes and maintains a control |
|||
Each client establishes and maintains a control connection to the server cluster. When the connection is established, the client goes through a login sequence, followed by the discovery process and state synchronization. The login step authenticates the client to the server and vice versa. The discovery is used to determine the topology of client's Internet connection, specifically to detect the presence of NAT and firewall devices on its route to the Internet. The synchronization step brings a client's view of its private networks in sync with other members of these networks. |
|||
connection to the server cluster. When the connection is established, the client goes through a login sequence, followed by the discovery process and state synchronization. The login step authenticates the client to the server and vice versa. The discovery is used to determine the topology of the client's Internet connection, specifically to detect the presence of NAT and firewall devices on its route to the Internet. The synchronization step brings a client's view of its private networks in sync with other members of these networks. |
|||
When a member of a network goes online or offline, the server instructs other network peers to either establish or tear down tunnels to the former. When establishing |
When a member of a network goes online or offline, the server instructs other network peers to either establish or tear down tunnels to the former. When establishing tunnels between the peers, Hamachi uses a server-assisted [[NAT traversal]] technique, similar to [[UDP hole punching]]. |
||
Hamachi is frequently used for gaming and remote administration.{{Citation needed|date=February 2024}} |
|||
In the event of unexpectedly losing a connection to the server, the client retains all its tunnels and starts actively checking their status. When the ''server'' unexpectedly loses client's connection, it informs client's peers about the fact and expects them to also start liveliness checks. This enables Hamachi tunnels to withstand transient network problems on the route between the client and the server as well as short periods of complete server unavailability. |
|||
==Addressing== |
|||
Each Hamachi client is assigned an IP address from the 5.0.0.0/8 address block. This address is assigned when the client logs into the system for the first time, and is henceforth associated with the client's [[Public_key|public crypto key]]. As long as the client retains its key, it can log into the system and use this 5.x.x.x [[IP address]]. |
|||
Each Hamachi client is normally assigned an [[IP address]] when it logs into the system for the first time. To avoid conflicting with existing private networks on the client side the normal [[Private network|private IP address blocks]] 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are not used. |
|||
The IP address assigned to the Hamachi client is henceforth associated with the client's [[Public key|public crypto key]]. As long as the client retains its key, it can log into the system and use this IP address. Hamachi creates a single broadcast domain between all clients. This makes it possible to use LAN protocols that rely on IP broadcasts for discovery and announcement services over Hamachi networks. |
|||
The 5.0.0.0/8 network is used to avoid collisions with private IP networks that might already be in use on the client side. Specifically - 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. The 5.0.0.0/8 address block is reserved by [[Internet Assigned Numbers Authority|IANA]] and is not currently in use in the Internet routing domain, but this is not guaranteed to continue. The IANA free pool is expected to be exhausted by April 2010.<ref>[http://www.potaroo.net/tools/ipv4/ Geoff Huston's analysis] Retrieved [[2007-06-28]].</ref> If this range is allocated, Hamachi users will not be able to connect to any Internet IP addresses within the range as long as the Hamachi client is running. |
|||
==See also== |
|||
Additionally, using a /8 network prefix creates a single broadcast domain between all clients. This makes it possible to use [[Local area network|LAN]] protocols that rely on IP broadcasts for discovery and announcement services over Hamachi networks. |
|||
* [[Network address translation]] (NAT), as defined in {{IETF RFC|3022}} |
|||
Hamachi is frequently used for gaming and remote administration. The vendor provides free basic service and extra features for a fee. |
|||
* [[Pertino]] |
|||
* [[Private network]], as defined in {{IETF RFC|1918}} |
|||
* [[STUN|Session Traversal Utilities for NAT]] (STUN), as defined in {{IETF RFC|8489}} |
|||
* [[UDP hole punching]], another [[NAT traversal]] technique |
|||
* [[Virtual Private LAN Service]], as defined in {{IETF RFC|leadout=and|4761|4762}} |
|||
* [[XLink Kai]] |
|||
==References== |
|||
In February 2007, an IP-level block was imposed by Hamachi servers on parts of Vietnamese Internet space due to "the scale of the system abuse originating from blocked addresses".<ref>[http://forums.hamachi.cc/viewtopic.php?p=46474#46474 IP-level block] Hamachi.cc. Hamachi Team. February 14, 2007. Retrieved [[2007-04-24]].</ref> The company is working on a less intrusive solution to the problem.<ref>[http://forums.hamachi.cc/viewtopic.php?p=48189#48189 Re: Can i connect... ]Hamachi.cc. Hamachi Team. Mar 11, 2007. Retrieved [[2007-04-24]].</ref> |
|||
{{reflist}} |
|||
== Security == |
|||
As with all closed-source or non-thoroughly reviewed applications, several security considerations apply: |
|||
* the absence of source code for review |
|||
* its beta status (if any) and possible impact of remaining [[Software bug | bugs]] on security |
|||
Additionally due to Hamachi's use as a VPN application the following considerations apply: |
|||
* additional risk of disclosure of sensitive data which is stored or may be logged by the mediation server- minimal where data is not forwarded |
|||
* the security risks due to vulnerable services on remote machines otherwise not accessible behind a NAT, common to all [[Virtual Private Network | VPN]]s |
|||
Hamachi claims to use strong, industry-standard algorithms to secure and authenticate the data and its security architecture is open <ref>[https://secure.logmein.com/products/hamachi/securityarchitecture.asp LogMeIn Hamachi - Security Architecture]</ref>. The Hamachi implementation however is [[closed source]] and as such it is not available for the review to the general public. |
|||
For the product to work, a "mediation server", operated by the vendor, is required. |
|||
This server stores the nickname, maintenance password, statically allocated 5.0.0.0/8 IP address and the associated authentication token of the user. For every established tunnel, it could log the real IP address of the user, time of establishment and duration as well as the other interconnected users. |
|||
As all peers sharing a tunnel have full "LAN-like" access to each others computers, security problems may arise if firewalls are not used, as with any insecure situation. The security features of the NAT router/firewall are bypassed. This is not specific to Hamachi and needs to be addressed with other VPNs as well. |
|||
In the [[Security Now!]] podcast [[Steve Gibson (computer programmer)|Steve Gibson]] described Hamachi as a "...brand new, ready to emerge from its long development beta phase, ultra-secure, lightweight, high-performance, highly polished, multi-platform, peer-to-peer and FREE! personal virtual private networking system ..." and that he had "... fully vetted the system's security architecture ...".<ref>[http://www.grc.com/sn/SN-018.htm "Hamachi" Rocks! transcript.] ''GRC.com'', "Security Now!" ep. #18. Gibson and Laporte, December 15, 2005. Retrieved [[2007-04-24]].</ref> |
|||
In the following episode, to a question raised by [[Randal Schwartz]]: "Hamachi's not open source. How can we trust it?", Gibson replied, "... it's one of the things that made me anxious and continues to make me anxious. I'm going to end up probably over on [[OpenVPN]] ...". Later he continued, "But Hamachi is - I'm convinced that Alex has really designed this system exactly as he's told me he has. He's got years of experience with security, implementing IPSec tunnels, you know, classic VPN solutions. I couldn't feel any better about this than I do, short of doing a complete source audit ... which is just not practical. So it's certainly the case though that, well, I mean, you know, we're trusting [[Bill Gates|Bill]] when we use [[Microsoft Windows|Windows]].", and, "... I'm sure Alex has told me the truth, but I have no proof of it."<ref> [http://www.grc.com/sn/SN-019.htm VPNs Three..., transcript] ''GRC.com'', "Security Now!" ep. #19. Gibson and Laporte, December 22, 2005. Retrieved [[2007-04-24]].</ref> |
|||
== Compatibility == |
|||
The current builds of Hamachi are available for the following operating systems: |
|||
*[[Microsoft Windows]] (Windows 2000, XP, Server 2003 and Vista only. Due to the way that Hamachi creates the virtual network adapter, Windows 95/98/ME/NT cannot be supported) |
|||
*[[Linux]] 2.4 or newer (console-only) (x86 and nokia770/arm binary only) (unofficial GUI front-end: [http://hamachi-gui.sourceforge.net/ hamachi-gui]) |
|||
*[[Mac OS X]] (console-only) (ppc binary - runs on Intel Macs via Rosetta) (unofficial GUI front-end: [http://hamachix.spaceants.net/ HamachiX]) |
|||
Prior to versions 1.0.2.0 and 1.0.2.1 for the ''Windows'' release <ref>[http://www.hamachi.cc/changes/ Hamachi for Windows, change log]</ref>, many [[Windows Vista]] users had experienced compatibility and connection issues while using Hamachi. As of March 30, 2007, the software now includes ''Vista tweaks'', which answer these [[Operating system|OS-related]] problems, among other specific solutions. <ref>[http://forums.hamachi.cc/viewtopic.php?t=13746 Hamachi Community Forums - 1.0.2.1 is released]</ref> |
|||
== Server Load == |
|||
Since Hamachi relies on a central server to process log in requests, at high traffic times users may not be able to access their Hamachi accounts (even on Premium accounts). |
|||
<!-- Commented out because image was deleted: [[Image:Hamachi_error.jpg]] --> |
|||
== References == |
|||
{{Reflist|2}} |
|||
== See also == |
|||
'''Virtual Private Networks''' |
|||
* [[Virtual private network]] overview article |
|||
* [[OpenVPN]], an [[open source]] [[VPN]] program |
|||
'''Network address translation''' |
|||
* [[Network address translation]] (NAT) Overview, related RFCs: RFC 4008, RFC 3022, RFC 1631 (obsolete) |
|||
* [[STUN|Simple Traversal of UDP over NATs]] (STUN), a NAT traversal protocol defined in RFC 3489 |
|||
* [[UDP hole punching]] another NAT traversal technique |
|||
* [[Traversal Using Relay NAT]] (TURN) |
|||
== External links == |
|||
* [http://www.logmeinhamachi.com/ LogMeIn/Hamachi Main Website] |
|||
* [http://www.NetworksHamachi.com HAMACHI NETWORK LIST] |
|||
* [http://www.hamachicity.com/ This is Turkish support link] |
|||
==External links== |
|||
* {{official website|https://www.vpn.net}} |
|||
{{VPN}} |
{{VPN}} |
||
[[Category:Freeware]] |
|||
[[Category:Network-related_software]] |
|||
{{DEFAULTSORT:Hamachi (Software)}} |
|||
[[Category:Internet Protocol based network software]] |
|||
[[cs:Hamachi]] |
|||
[[Category:Internet software for Linux]] |
|||
[[de:Hamachi]] |
|||
[[Category:MacOS Internet software]] |
|||
[[es:Hamachi]] |
|||
[[Category:Tunneling software]] |
|||
[[fr:Hamachi]] |
|||
[[Category:Virtual private networks]] |
|||
[[it:Hamachi]] |
|||
[[Category:Windows Internet software]] |
|||
[[hu:Hamachi]] |
|||
[[nl:Hamachi]] |
|||
[[ja:Hamachi]] |
|||
[[pl:Hamachi]] |
|||
[[pt:Hamachi]] |
|||
[[sk:Hamachi]] |
|||
[[fi:Hamachi]] |
|||
[[sv:Hamachi]] |
|||
[[vi:Hamachi]] |
|||
[[tr:Hamachi]] |
Latest revision as of 16:21, 27 November 2024
Original author(s) | Alex Pankratov |
---|---|
Developer(s) | LogMeIn Inc. |
Initial release | 2004[1][2] |
Stable release | 2.3.0.111 (Windows)[3]
/ April 18, 2024 |
Operating system | Microsoft Windows (XP or later), macOS, Linux, Linux on ARM (beta) |
Type | P2P, VPN |
License | Proprietary (Free of charge for up to 5 devices) |
Website | www.vpn.net |
LogMeIn Hamachi is a virtual private network (VPN) application developed and released in 2004 by Alex Pankratov.[1][2] It is capable of establishing direct links between computers that are behind network address translation (NAT) firewalls without requiring reconfiguration (when the user's PC can be accessed directly without relays from the Internet/WAN side). Like other layer 2 VPNs, it establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network (LAN).
Hamachi became a LogMeIn product after the acquisition of Applied Networking Inc. in 2006.[1][4][5][6] It is currently available as a production version for Microsoft Windows and macOS, as a beta version for Linux, and as a system-VPN-based client compatible with Android and iOS.[7]
Operational summary
[edit]Hamachi is a proprietary centrally-managed VPN system, consisting of the server cluster managed by the vendor of the system and the client software, which is installed on end-user devices. Client software adds a virtual network interface to a computer, and it is used for intercepting outbound as well as injecting inbound VPN traffic. Outbound traffic sent by the operating system to this interface is delivered to the client software, which encrypts and authenticates it and then sends it to the destination VPN peer over a specially initiated UDP connection. Hamachi currently handles tunneling of IP traffic including broadcasts and multicast. The Windows version also recognizes and tunnels IPX traffic.
Each client establishes and maintains a control connection to the server cluster. When the connection is established, the client goes through a login sequence, followed by the discovery process and state synchronization. The login step authenticates the client to the server and vice versa. The discovery is used to determine the topology of the client's Internet connection, specifically to detect the presence of NAT and firewall devices on its route to the Internet. The synchronization step brings a client's view of its private networks in sync with other members of these networks.
When a member of a network goes online or offline, the server instructs other network peers to either establish or tear down tunnels to the former. When establishing tunnels between the peers, Hamachi uses a server-assisted NAT traversal technique, similar to UDP hole punching.
Hamachi is frequently used for gaming and remote administration.[citation needed]
Addressing
[edit]Each Hamachi client is normally assigned an IP address when it logs into the system for the first time. To avoid conflicting with existing private networks on the client side the normal private IP address blocks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are not used.
The IP address assigned to the Hamachi client is henceforth associated with the client's public crypto key. As long as the client retains its key, it can log into the system and use this IP address. Hamachi creates a single broadcast domain between all clients. This makes it possible to use LAN protocols that rely on IP broadcasts for discovery and announcement services over Hamachi networks.
See also
[edit]- Network address translation (NAT), as defined in RFC 3022
- Pertino
- Private network, as defined in RFC 1918
- Session Traversal Utilities for NAT (STUN), as defined in RFC 8489
- UDP hole punching, another NAT traversal technique
- Virtual Private LAN Service, as defined in RFC 4761 and 4762
- XLink Kai
References
[edit]- ^ a b c US20070157303A1, Pankratov, Alexandre, "Server-mediated setup and maintenance of peer-to-peer client computer communications", issued 2007-07-05
- ^ a b "Hamachi: The virtual private networking system". Personal website of Alex Pankratov. Retrieved 2019-01-16.
- ^ "What's new in Hamachi"
- ^ "REGISTRATION STATEMENT UNDER THE SECURITIES ACT OF 1933 LOGMEIN, INC". www.sec.gov. January 11, 2008. Retrieved 2023-04-09.
On July 26, 2006, the Company purchased substantially all of the assets of Applied Networking, a Canadian corporation, in order to expand the Company's product and service offerings and customer base. In connection with the acquisition, the Company acquired the patented Hamachi technology, a virtual private networking service.
- ^ "Hamachi : Stay Connected". Retrieved 2023-04-09.
- ^ "LogMeIn Launches Instant, Zero Configuration VPN" (PDF). October 31, 2006. Archived from the original (PDF) on 2006-11-01. Retrieved 2023-04-09.
- ^ "Hamachi System Requirements - Hamachi Support". support.logmeininc.com. Retrieved 2023-04-09.