2

I've been using LogMeIn Hamachi for a while for personal use and recently I started to wonder how to (and if at all) implement it as full blown VPN solution for my multiple clients.

Those are usually small companies ranging from 5 to 60 people having Active Directory / Exchange / SharePoint and alike. Some of them have static IP's but crappy router or multiple locations where only main location has AD server and rest is kind cut off from the main location. This brings a lot of problems with Active Directory, passwords etc which I think LogMein Hamachi could solve as it would be connected to company at all times, with it's ability to create special types of network that limit users to be able to access only particular servers (depending on group). No need for user to do anything out of ordinary, do anything special. Just plug & play. Sounds Great!

What do you think about it? Is it secure, reliable solution ? What are possible drawbacks? Would you do it for small companies like the ones I support? As additional note I wanted to run multiple companies on same account to split the costs (200$/year isn't the cheapest for small 5-10 people company) but considering I can create special/separate networks I don't consider this to be security risk for any of those companies (or should I worry?).

I've been trying to set it up with my domain controller and my machine but I'm hitting some problems as I set DNS on my Hamachi IP and my Domain Controller (currently having 2 IP Addresses) seems to respond properly just it's returning internal IP address names instead of Hamachi IP addresses which causes some problems to access resources. Any advice on that would be additonally appreciated.

As a side note I've been using LogMeIn Free for years and it's been a blessing.

MadBoy
  • 3,703
  • 13
  • 61
  • 93

1 Answers1

1

I'd say it's worth a shot, though as https://serverfault.com/users/984/zoredache is mentioning, you may want to look at alternatives.

That said, Hamachi is probably significantly easier to get going with and maintain since you already have experience using it.

You'd definitely want several networks and to plan out which computers should be able to access which in advance.

The easiest approach may be to use the Gateway model, though. I use that personally, and that way I only need to connect to the gateway. I can then talk to other computers on the network as well, even if I'm not connected to them via Hamachi.

I don't recommend using a Hamachi IP as your DNS server, though. I've never done it, but it just sets off warning bells (which may or may not be valid) in me.

Finally, just make sure Hamachi's licensing doesn't say anything about using one account for several clients...since it'd cause trouble for your clients if they suspended your account for a violation! Not saying this is one - just saying to check and not rely on us for an authoritative answer.

You probably also want to talk to Hamachi's sales team or something since I'm sure they get these questions all the time. Take their answers with a grain of salt, obviously :)

Community
  • 1
wizonesolutions
  • 181
  • 3
  • There seems to be only problem with Gateway `Note: The Hamachi client will not act as a gateway on Workstation operating systems if they are domain members.` – MadBoy Nov 03 '11 at 22:45
  • Ah. You could go with Mesh then, though I'm not sure how you would expose other network resources like that. Does the failure apply to domain controllers as well? – wizonesolutions Nov 04 '11 at 03:40
  • It made bigger mess when I applied Gateway mode to my Domain Controller (SBS). It cut off Internet access and only LAN was working. So I RDP from another local machine and tried to fix it since it created some additional networks. When I did that all networks went down completely and I had to drive to work in the morning :-) – MadBoy Nov 04 '11 at 07:00
  • It seems Gateway works correctly only on Domain Joined servers. The statement on their site tells it won't work for workstations only. So as long as Gateway is server system it works fine. It doesn't support SBS 2003 (and it's what I used) so it broke my connections. When I used gateway on Windows 2008 R2 it works fine. There's no need for DNS server being applied to Hamachi connection as new IP/Network is created by Hamachi and VPN computers get normal ip addresses from INTERNAL network along with DNS settings. – MadBoy Nov 13 '11 at 16:49
  • @MadBoy, could you please elaborate more how you made it work ? I have domain-connected Windows 2008 R2 and Hamachi doesn't want to make it gateway :( – expert Oct 24 '12 at 07:39
  • Try install/uninstall/install. It works for me on Windows 2008 R2 STD without Active Directory. I tried to install it again on other machine for different company and it failed cutting out Inet on it.. but the only thing that differs for me is that where it works is a hardware machine and where it failed was a VM. Maybe something that got to do with that. You may want to check that. I didn't had time to test it on hardware machine after it failed on the VM as i was running out of time and also I'm 3000km away from that machine so if it fails i'm out ;) – MadBoy Oct 26 '12 at 14:18
  • I got this working great. We put the gateway on a non-domain joined XP work station (presumably could use Win7) on the main LAN. Had *major* problems when trying to run it from our SBS 2003 server (also lost network connectivity and had to go in to the office to fix it!) If you get the gateway setup right, the rest just works (in my experience). – Austin ''Danger'' Powers Jul 22 '13 at 19:12