Page 1 of 11 123 ... LastLast
Results 1 to 10 of 108

Thread: HOW-TO Secure Remote Access - Hamachi+VNC

  1. #1
    Join Date
    Dec 2005
    Beans
    13
    Distro
    Dapper Drake Testing/

    Thumbs up HOW-TO Secure Remote Access - Hamachi+VNC

    Secure Remote Access with Hamachi and VNC
    ---------------------------------------------

    ----
    Update: 4/19/06 - Added 'Single User' configuration instructions for Hamachi and installation of gHamachi (Hamachi gtk GUI).
    ----

    By KingOfNowhere

    This is a How-To for setting up a secure VNC server by tunnelling it through a Hamachi virtual private network. By setting up VNC this way, it allows you to access your machine securely (using Hamachi's encryption) and makes your machine accessable from anywhere on the net. Before I jump right in, here is some background:

    Hamachi is a zero-config VPN client for Windows and Linux (currently Beta for Mac). It allows you to, very easily, create a virtual private network that can be logged into and accessed for all over the net. It does this by creating IP tunnels to each VPN client, making them directly accessable to all the other clients on the VPN. Hamachi also encrypts the connections it creates to allow for secure access.

    VNC is a widely used, cross-platform application that allows for remote desktop access.

    Together, these apps can allow for secure, remote access to you machine from anywhere.

    Lastly, before I begin the guide, I would like to give credit to those I referenced for this guide:

    HOWTO: Hamachi Linux Guide (2.4.x and 2.6.x) By Kamel

    and

    HOWTO: Set up VNC server with resumable sessions By Tichondrius

    thx guys. Anyway on to the guide.
    ---------------------------------------------

    Part 1: Hamachi

    1.A) The 'tun' Module

    The very first part of the Hamachi installation is to enable IP Tunnelling support in your kernel. This can be done like this:
    Code:
    sudo modprobe tun
    then open your /etc/modules file and add tun to the list of modules:
    Code:
     sudo gedit /etc/modules
    If you are using a standard Ubuntu kernel, this should be all you need to do. However, if you compiled your own kernel, you made need to recompile it with IP Tunnelling support (only if you recieve an erro with 'modprobe'). If anyone needs help installing the module, see HOWTO: Hamachi Linux Guide (2.4.x and 2.6.x) By Kamel

    1.B) Installing Hamachi

    Okay, now on to the actual Hamachi software. But first, we need to make sure that a valid tunnelling node has been created in /dev. This is done like this:
    Code:
    ls /dev/net/tun
    If you get a "No Such File or Directory" error, you need to create a new node like this:
    Code:
    sudo mkdir /dev/net
    sudo mknod /dev/net/tun c 10 200
    Okay, now that we have a valid IP Tunnel node, time to install Hamachi.

    Download the latest version of Hamachi from http://www.hamachi.cc/download.

    Enter the directory where you downloaded it and here is how to install it:
    Code:
    #Extract the archive
    tar -zxvf hamachi-0.9.9.9-x.tar.gz
    cd hamachi-0.9.9.9-x/
    
    #install Hamachi
    sudo make install
    sudo tuncfg
    
    #Hamachi is installed
    1.C) Setting User Permissions

    For security sake, we are going to set the permissions of Hamachi so that it can only be started by members of the 'hamachi' group. This is done like so:
    Code:
    #Create the 'hamachi' group
    sudo groupadd hamachi
    
    #Add your user to the group
    sudo gpasswd -a user hamachi
    
    #Add root to the group
    sudo gpasswd -a root hamachi
    
    #Set socket permissions
    sudo chmod 760 /var/run/tuncfg.sock
    
    #Finally, changing the group of the file
    sudo chgrp hamachi /var/run/tuncfg.sock
    Now that permissions are done, on to configuration.

    1.D) Hamachi Configuration - System Service

    Follow this section if you want Hamachi to run as a system service (in the background). I chose to list this method of configuration first because it seemed most relivant to the guide. If you want to have Hamachi run as a user application and install the gtk frontend, skip to section '1.E'.

    1.D.1) Base Configuration

    Creating an initial configuration can be done like so:
    Code:
    sudo hamachi-init -c /etc/hamachi
    the result should be something like this:
    Code:
    Initializing Hamachi configuration (/etc/hamachi). Please wait ..
    
      generating 2048-bit RSA keypair .. ok
      making /etc/hamachi directory .. ok
      saving /etc/hamachi/client.pub .. ok
      saving /etc/hamachi/client.pri .. ok
      saving /etc/hamachi/state .. ok
    
    Authentication information has been created. Hamachi can now be started with
    'hamachi start' command and then brought online with 'hamachi login'.
    Okay, next is to start Hamachi:
    Code:
    sudo hamachi -c /etc/hamachi start
    Now that we are up and running, you need to set your nickname:
    Code:
    sudo hamachi -c /etc/hamachi set-nick "YourNickHere"
    Next, we need to login to Hamachi and then either login to an existing network or create a new one. Like this:
    Code:
    #Login to Hamachi
    sudo hamachi -c /etc/hamachi login
    
    #To join an existing network
    sudo hamachi -c /etc/hamachi join network password
    
    #Or to create a new network
    sudo hamachi -c /etc/hamachi create network password
    
    #Lastly, to go online to the network you joined
    sudo hamachi -c /etc/hamachi go-online network
    *NOTE ABOUT NETWORK PASSWORDS*
    I would recommend visiting http://grc.com/passwords for a random string password. They are very strong passwords and adds to the security of your setup.

    Now your machine is up and running on it's own Hamachi VPN. The last part of the installation is a script written by Kamel that will allow Hamachi to run on startup.

    1.D.2) Hamachi Startup Script

    Open gedit and save the following as /etc/init.d/hamachi
    Code:
    #!/bin/sh
    
    hamachi_start() {
      echo "Starting hamachi..."
      /sbin/tuncfg
      /usr/bin/hamachi -c /etc/hamachi start
      /bin/chmod 760 /var/run/tuncfg.sock
      /bin/chgrp hamachi /var/run/tuncfg.sock
    }
    
    hamachi_stop() {
      echo "Stopping hamachi..."
      killall tuncfg
      /usr/bin/hamachi -c /etc/hamachi stop
    }
    
    hamachi_restart() {
      hamachi_stop
      sleep 1
      hamachi_start
    }
    
    case "$1" in
    'start')
      hamachi_start
      ;;
    'stop')
      hamachi_stop
      ;;
    'restart')
      hamachi_restart
      ;;
    *)
      hamachi_start
    esac
    Lastly, you need to make the script executable and add it to startup:
    Code:
    sudo chmod +x /etc/init.d/hamachi
    sudo update-rc.d hamachi defaults
    1.E) Hamachi Configuration - User Application

    Follow this section if you want Hamachi to run as a user application and to use the pretty gtk frontend. If you want to have Hamachi run as a system service in the background, go back to section '1.D'.

    1.E.1) Base Configuration

    Creating an initial configuration can be done like so:
    Code:
    hamachi-init
    the result should be something like this:
    Code:
    Initializing Hamachi configuration (/home/user/.hamachi). Please wait ..
    
      generating 2048-bit RSA keypair .. ok
      making (/home/user/.hamachi directory .. ok
      saving (/home/user/.hamachi/client.pub .. ok
      saving (/home/user/.hamachi/client.pri .. ok
      saving (/home/user/.hamachi/state .. ok
    
    Authentication information has been created. Hamachi can now be started with
    'hamachi start' command and then brought online with 'hamachi login'.
    Okay, next is to start Hamachi:
    Code:
    hamachi start
    Now that we are up and running, you need to set your nickname:
    Code:
    hamachi set-nick "YourNickHere"
    Next, we need to login to Hamachi and then either login to an existing network or create a new one. Like this:
    Code:
    #Login to Hamachi
    hamachi login
    
    #To join an existing network
    hamachi join network password
    
    #Or to create a new network
    hamachi create network password
    
    #Lastly, to go online to the network you joined
    hamachi go-online network
    *NOTE ABOUT NETWORK PASSWORDS*
    I would recommend visiting http://grc.com/passwords for a random string password. They are very strong passwords and adds to the security of your setup.

    Now your machine is up and running on it's own Hamachi VPN. The last part of the installation is to install the GUI for Hamachi. Here is how that is done.

    1.E.2) Hamachi GUI (gHamachi) Installation

    First, visit the Hamachi forums and download the most recent version of the gHamachi frontend for either gtk 2.0 or gtk 1.2 (whichever you prefer).

    gHamachi can be found here.

    Second, simply unpack the gHamachi tarball, copy the binary to /usr/bin, and give it permission to run (chmod +x).

    Code:
    tar xfz gHamachi_gtk2.tar.gz
    sudo mv ghamachi /usr/bin/
    sudo chmod +x /usr/bin/ghamachi
    Once that is done, the Hamachi GUI is completely installed.

    Start the GUI like this:
    Code:
    ghamachi
    Hamachi is all set up now, now on to VNC.

    Part 2: VNC

    This section of my guide is largely based on Tichondrius' Guide, nice guide man. This part of the guide is currently intended only for those using the Gnome desktop. For those of you using KDE or something else, please refer to other threads on this forum or the VNC Homepage.

    2.A) Enabling XDMCP in Gnome

    There are a few settings that need to be set inside Gnome before we begin:

    System -> Administration -> Login Screen Setup
    Security Tab -> Enable XDMCP
    XDMCP Tab -> Disable "Honor Indirect Requests"

    Next we need to install the required packages.

    2.B) Installing VNC and xinetd

    First, make sure you have the Universe repository added to your apt.sources. If you dont know how to do that, look here.

    Next, install VNC and xinetd:
    Code:
    sudo apt-get install vnc4server xinetd
    Next, set a VNC password:
    Code:
    sudo vncpasswd /root/.vncpasswd
    Then, open gedit and save the following as /etc/xinetd.d/Xvnc:
    Code:
    service Xvnc
    {
            type = UNLISTED
            disable = no
            socket_type = stream
            protocol = tcp
            wait = yes
            user = root
            server = /usr/bin/Xvnc
            server_args = -inetd :1 -query localhost -geometry 1024x768 -depth 16 -once -fp /usr/share/X11/fonts/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd
            port = 5901
    }
    Lastly, restart xinetd and it is all setup:
    Code:
    sudo /etc/init.d/xinetd stop
    sudo killall Xvnc
    sudo /etc/init.d/xinetd start
    You can test the VNC server with this:
    Code:
    vncviewer localhost:1
    At this point, both Hamachi and VNC have been installed and configured on your machine. Next are some recommended firewall settings to keep you secure and keep everything runing smoothly.

    Part 3: Settings and Usage

    3.A) Firewalls

    To keep your machine secure with these newly installed services, I recommend these additional settings in your firewall:

    For XDMCP -> only allow incoming connections from 5.x.x.x (Hamachi subnet) to Ports 6000-6009

    For VNC -> only allow incoming connections from 5.x.x.x (Hamachi subnet) to Port 5901

    Filtering these ports this way, will only allow Hamachi connections to connect to these services.

    *NOTE FOR FIRESTARTER USERS*
    If you use the Firestarter firewall, then you must add these two lines to your '/etc/firestarter/user-pre' file to accept connections on the Hamachi interface:
    Code:
    $IPT -A INPUT -i ham+ -j ACCEPT
    $IPT -A OUTPUT -o ham+ -j ACCEPT
    Then restart Firestarter:
    Code:
    sudo /etc/init.d/firestarter restart
    I do not know if there are similar configuration changes required by iptables. If anyone can comment, please do.

    3.B) Usage

    Now that your machine is all setup and configured, accessing your machine remotely becomes as easy as a few simple steps.

    - On the Connecting Machine -

    You need to install Hamachi on the connecting machine and join the network your destination machine is on.

    Then, you need to install a VNC Viewer on the connecting machine.

    Once Hamachi is setup and VNC Viewer is installed on the connecting machine, all you need to do now is open a VNC connection to your destination machine's Hamachi IP address (ex. 5.x.x.x) on display 1 (ex. 5.x.x.x:1).

    For Example:

    Server = 5.18.36.109:1

    *Do not forget to specify the ':1' after the IP address, otherwise you won't connect.

    Then, all you have to do is enter your VNC password, then login as your user.

    Now that you are logged into your machine remotely, my guide is done here.

    ----------------------------------------------
    I hope everyone finds this informative. Any corrections are welcome. And thanks again to Kamel and Tichondrius for their guides, they really helped me out.

    - KingOfNowhere
    Last edited by KingOfNowhere; April 19th, 2006 at 11:20 PM.

  2. #2
    Join Date
    Dec 2005
    Beans
    13
    Distro
    Dapper Drake Testing/

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    Hamachi Update:

    The developers of hamachi are currently working on Hamachi for Mac OS X, with the completion of this, hamachi will work across all platforms (Win, Lin, Mac).

    -KingOfNowhere

  3. #3
    Join Date
    Mar 2005
    Location
    Hungary, Győr
    Beans
    68
    Distro
    Ubuntu 6.06

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    Hi!

    Nice work! You should add the following command at the end:

    Code:
    sudo update-rc.d hamachi defaults

  4. #4
    Join Date
    Mar 2006
    Location
    Slovenija
    Beans
    260
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    cool howto

    what is the passwd for network
    #To join an existing network
    sudo hamachi -c /etc/hamachi join network password

    it said
    Code:
    Creating network .. failed, network name is already taken
    if i want to delete it said that i am not an owner
    Juventus the champion

  5. #5
    Join Date
    Nov 2005
    Location
    Sweden
    Beans
    257
    Distro
    Kubuntu 9.10 Karmic Koala

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    The hamachi start script will not work unless you run it as root. And if you run hamachi as root there's no need to change tuncfg.sock to writable for hamachi group.

  6. #6
    Join Date
    Nov 2005
    Location
    Sweden
    Beans
    257
    Distro
    Kubuntu 9.10 Karmic Koala

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    Quote Originally Posted by mitjab
    cool howto

    what is the passwd for network
    #To join an existing network
    sudo hamachi -c /etc/hamachi join network password

    it said
    Code:
    Creating network .. failed, network name is already taken
    if i want to delete it said that i am not an owner
    You have to replace network with the name of the network you want to join, if you didn't know.

    So you have to create your own network or join an existing one.
    To create do "sudo hamachi -c /etc/hamachi create network password" and replace network with the name you want and password with the password you want.
    Last edited by Rizado; March 29th, 2006 at 04:17 PM.

  7. #7
    Join Date
    Mar 2006
    Location
    Slovenija
    Beans
    260
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    so i can skip this ans continuoe with howto
    Juventus the champion

  8. #8
    Join Date
    Nov 2005
    Location
    Sweden
    Beans
    257
    Distro
    Kubuntu 9.10 Karmic Koala

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    To use hamachi you have to either create a network or join an existing one. You don't need hamachi at all to use vnc. Quote from http://www.hamachi.cc/
    What it is
    With Hamachi you can organize two or more computers with an Internet connection into their own virtual network for direct secure communication.

    Hamachi is fast, secure and simple. It is also free.

    What's in it for me
    Think - LAN over the Internet.

    Think - Zero-configuration VPN.

    Think - Secure peer-to-peer.

    Access computers remotely. Use Windows File Sharing. Play LAN games. Run private Web or FTP servers. Communicate directly. Stay connected.
    Hamachi is a way of creating a "lan" over internet. Everyone that joins a network get a ip that the others can use to connect to. ex you can start a lan game and others in your network can join your game with that ip just like they where directly connected to you.

  9. #9
    Join Date
    Aug 2005
    Beans
    22

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    Namesa and KingOfNowhere...

    Is it necessary to issue the command:

    sudo update-rc.d hamachi defaults

    And at what point should I enter it?

    Thanks
    Sidd....

  10. #10
    Join Date
    Apr 2006
    Location
    Portland, Oregon, USA
    Beans
    2
    Distro
    Ubuntu Breezy 5.10

    Re: HOW-TO Secure Remote Access - Hamachi+VNC

    Thanks for the great tutorial! I'd tried to get hamachi working on ubuntu before but it wouldn't play nice with firestarter. Now it works like a charm and my entire network can get on it. Thanks much!

Page 1 of 11 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •