BSD Install and Configure Hamachi on FreeBSD

7 Comments

(10.20.10 – This post has been amended to address changes when installing Hamachi on FreeBSD 8.2-RELEASE — iceflatline)

(1.16.12 – This post has been amended to correct several of the path statements, and to reflect changes in the 9.0-RELEASE of FreeBSD — iceflatline)

(10.21.12 – PLEASE TAKE NOTE: due to protocol changes instituted by LogMeIn on or around July 30 2012, the linux-hamachi client version referenced in the post can no longer be used to login to Hamachi servers. For more detailed information please see the following article: http://community.logmein.com/t5/Hamachi/Upcoming-Protocol-Changes/td-p/78963. As soon as a solution to this problem can be found I will update this post — iceflatline)

In this post I’ll discuss how to install and configure Hamachi and SSH on a machine running FreeBSD. If you’re not familiar with LogMeIn Hamachi (formerly known as just “Hamachi”), it is a hosted VPN service that is capable of establishing secure LAN-like links between computers, even if they’re behind Network Address Translation (NAT) devices. You can use it to create secure virtual networks on demand, across public or private networks.

In order for Hamachi to work, a “mediation server,” operated by the LogMeIn, is required. The mediation server stores machine nicknames, statically allocated 5.0.0.0/8 IP addresses and the associated authentication token of the user. Hamachi is free for non-commercial use. However, the Hamachi security implementation is closed source and as such is not available for review by the general public.

The versions for the software used in this post were as follows:

  • FreeBSD 9.0-RELEASE
  • linux-hamachi-0.9.9.9.20
  • Install Hamachi

    Hamachi requires Linux binary compatibility which is not turned on by default in FreeBSD 8.2-RELEASE. The easiest way to enable this functionality is to load the linux KLD object (“Kernel Loadable Object”) by typing the following as root:

    kldload linux
    

    Then add the following line to /etc/rc.conf:

    linux_enable="YES"
    

    Now we’re ready to install Hamachi. If you’ve installed the FreeBSD ports collection then run the following as root to install the Hamachi port:

    cd /usr/ports/security/hamachi/
    make install clean
    

    Otherwise you can grab the binary package and install it:

    pkg_add -r linux-hamachi 
    

    Now, let’s configure Hamachi and create our VPN. Hamachi requires the tap kernel driver to create and manage its virtual Ethernet network interface. No worries though, Hamachi adds the script /usr/local/etc/rc.d/hamachi that will automatically load the tap driver if_tap.ko. This driver must be loaded and running before starting Hamachi itself. You can have it load automatically when FreeBSD starts by adding the following line as root to /etc/rc.conf:

    hamachi_enable="YES"
    

    If you want only to run Hamachi periodically and not start the tap driver automatically at boot time, you can use forcestart/forcestop as root, which will ignore the setting in /etc/rc.conf:

    /usr/local/etc/rc.d/hamachi forcestart 
    

    Our next step generates the cryptographic key pair and creates a directory at ~/.hamachi where Hamachi will store these keys, as well as its configuration and state. This step only needs to be performed once per Hamachi install; however, it must be done for each user account that you plan to use Hamachi from, including root. Consequently, we’ll run the following commands from our user account:

    hamachi-init
    

    Okay, now let’s start Hamachi. First, make sure the tap driver is loaded by rebooting the machine (assuming the hamachi_enable=”YES” line is in /etc/rc.conf as described above) or by using the forcestart command, then:

    hamachi start
    

    When Hamachi is run for the first time, the Hamachi daemon stays offline. Let’s bring it online:

    hamachi login
    

    Next, create a nickname for the FreeBSD machine so that we can identify it easily from another machine on your Hamachi VPN:

    hamachi set-nick <nickname>
    

    Now, let’s create our Hamachi VPN. In this step you’ll need to enter a unique name for your network as well as a password for it. If your network name is already in use somewhere you’ll need to keep trying until you land upon one that’s unique. If you’ve setup a Hamachi VPN previously and simply want to add your FreeBSD machine to it, then substitute join for create in the following command:

    hamachi create <network> <password>
    

    Now let’s put the FreeBSD machine online on the VPN:

    hamachi go-online <network>
    

    That’s it. Your Hamachi VPN should now be up and running with your FreeBSD machine added as one of the hosts. What if we reboot, do all these commands need to be entered again? The answer is no. Once the Hamachi VPN is created/joined, the nickname established, and the machine added with the go-online command, should you need to reboot your box, you can simply restart the tap driver (assuming you elected not have it start automatically) and then start Hamachi, you’ll then be back online. However, you can also have Hamachi start automatically at boot time by adding a shell script in your system startup sequence. You will of course want to have the tap driver start automatically as well for this to be of any benefit. Here’s a generic version of the script I use:

    #!/bin/sh
    ### START OF SCRIPT
    USER=<your user name>
    case "$1" in
    start)
    su - $USER -c "hamachi start"
    ;;
    stop)
    su - $USER -c "hamachi stop"
    ;;
    reload)
    /bin/su - $USER -c "hamachi stop"
    /bin/su - $USER -c "hamachi start"
    ;;
    *)
    exit 1
    ;;
    esac
    exit 0
    ### END OF SCRIPT 
    

    To use this script simply add your account user name, save it as hamachi_start.sh in /usr/local/etc/rc.d/ and make it executable. You’re free to choose a different name, however, note that scripts within /usr/local/etc/rc.d/ are executed in lexicographical order. Since it is desirable that the existing script hamachi start first in order to load the tap driver, you should name the hamachi start script something that will ensure it starts after hamachi. Numbers may be used as a prefix to the filename.

    You can display the status of the Hamachi daemon at any time by running the command hamachi without any arguments:

    hamachi
    version  : hamachi-lnx-0.9.9.9-20
    pid      : 846
    status   : logged in
    nickname : bsd
    

    The following commands will retrieve the nicknames and print a list of the hosts that are currently members of your Hamachi VPN, as well as their Hamachi IP addresses (you will not see the machine you issued the command from listed):

    hamachi get-nicks && hamachi list
    

    And if needed, you can stop Hamachi with the command hamachi stop:

    hamachi stop
    Shutting down .. ok
    

    Now then, to initiate a terminal session with another host on your Hamachi VPN:

    ssh <hamachi-IP address-for-remote-host>
    

    If this is the first time connecting, you’ll likely receive a warning concerning the authenticity of the host you’re trying to reach along with a fingerprint of its public RSA key, and asked if you’re sure you want to continue connecting. Accept by typing yes and you’ll be presented with the login and password prompt (this warning prompt will only occur once per machine). The public key from the remote host will be stored in ~/.ssh/known_hosts. If you don’t want to have to remember the Hamachi IP address each time you want to run a session with another host, simply add this IP address along with a name (e.g. home-server-ssh) to your hosts file (/etc/hosts). Next time you use Hamachi/SSH to connect to this host, use the name instead of the IP address and the host file will resolve the IP address for you.

    SSH Server

    Now that we’ve installed Hamachi, created or joined a VPN, and perhaps tested it by connecting to another host on the VPN. Let’s make sure there’s a running SSH server on our FreeBSD machine so that incoming SSH requests can be answered:

    /etc/rc.d/sshd status
    sshd is running as pid 811.
    

    Should you need to install sshd, type sysinstall. Select Configure ->Networking and select sshd from among the options. Make sure sshd enabled by checking the /etc/rc.conf file for the line sshd_enable=”YES”. This will load sshd the next time your system starts. You can also start sshd manually as root through the /etc/rc.d/sshd script:

    /etc/rc.d/sshd start
    

    Conclusion

    This post described how to install and configure Hamachi on a machine running FreeBSD. The reason I like using LogMeIn Hamachi is that it allows me to connect via SSH, SCP or SFTP to my FreeBSD machine at home from essentially anywhere I have an internet connection without the need to make any changes to my router/gateway. To learn how to install and configure Hamachi on Linux or Windows machines, as well as how to improve the security of the connections over the Hamachi VPN using public key authentication, please see my previous post.

    References

    http://www.openssh.com/
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

    Tags: ,

    7 Responses to “Install and Configure Hamachi on FreeBSD”

    1. algomoo Says:

      iceflatline many thanks for your kindness in helping others. I first did your install today with the config below and then installed the new Hamachi and connected it to a network using the web logmein hamachi config. The script is below:

      objective -> access a samba file server from remote when my ISP blocks ports
      server -> Ubuntu 10.10 server
      clients -> windows 7

      See the following to get it running with the new Hamachi version
      wget https://secure.logmein.com/labs/logmein-hamachi-2.0.0.12-x64.tgz
      tar -xvf logmein-hamachi-2.0.0.12-x64.tgz
      cd logmein-hamachi-2.0.0.12-x64
      sudo ./install.sh
      sudo tuncfg
      sudo /etc/init.d/logmein-hamachi start
      sudo hamachi login
      sudo hamachi set-nick
      sudo hamachi attach # then go online to accept the request and set up the network as hub and spokes
      sudo hamachi # to see IP and other info

    2. iceflatline Says:

      algomoo, brilliant! Thanks for sharing this.

    3. Sendoh Takeshi Says:

      Hi iceflatline.

      This is a great post.
      I follow the steps of your post but my hamachi (in freebsd 9, and tested in 8.2 too) no login.

      All ok until:

      # hamachi start

      When I wrote:

      # hamachi login

      I received this message:

      Logging in…failed

      And can’t continue.

      According to my search, I believe that problem is in file tuncfg.c, line 310:

      ifconfig %s %u.%u.%u.%u “, ctx[i].dev,

      Missing /sbin/ before ifconfig.

      Would look like:

      “/sbin/ifconfig %s %u.%u.%u.%u “, ctx[i].dev,

      I could not change the patch in /usr/ports/security/hamachi/files/patch-tuncfg_tuncfg.c for include this.
      And my hamachi no works.

      Do you can help me, please?

      Thanks.

      Sendoh

    4. iceflatline Says:

      Sendoh, it appears LogMeIn is using a new protocol that is not compatible with their client referenced in this article. See http://community.logmein.com/t5/Hamachi/Upcoming-Protocol-Changes/td-p/78963

      Time permitting I will search for alternatives.

    5. Sendoh Takeshi Says:

      iceflatline, I managed to change the patch n ports but did not work. As you said, the version that is in ports does not really work anymore because it was changed to protocol version that uses hamachi.
      For my tests, I’m using the new version on ubuntu, unfortunately, not wanting to use another operating system, only the freebsd.

      I follow this:

      http://www.informatiksupport.eu/?p=214

      Work fine.

      But I want to use FreeBSD. If you can make it work on freebsd, please post here in the post.
      I appreciate your help. Thanks for all!

      Sendoh

    6. iceflatline Says:

      Sendoh, okay, thank you. This is helpful. I’ll see what I can do about getting it to work in FreeBSD.

    7. DHCP Server unter FreeNAS starten Says:

      […] Ich moechte unteranderem auch Hamachi drauf machen jedoch klappt das nach dieser Anleitung nicht: Install and Configure Hamachi on FreeBSD | iceflatline […]

    Leave a Reply