If you’ve ever set up a fake LAN for a pirated games you probably know all about Hamachi. The tool, now available through RAS-giant LogMeIn, allows you to flawlessly construct a VPN which in turn lets you and a set number of friends (5 using the free edition of Hamachi) join in and appear to be using the same network. For this reason Hamachi would seem like an ideal VPN solution for those looking to jury-rig their own homemade VPNs using additional proxy software.

This trend was started by Lifehacker, formerly a prominent DIY tech site that now focuses on providing articles on Instagram replacements and other pop consumer tech. One of the most notable Hamachi VPN articles from Lifehacker can be seen here by clicking here (“Build Your Own VPN to Pimp Out Your Gaming, Streaming, Remote Access, and Oh Yeah, Security” by Alan Henry). These articles all claim Hamachi in combination with Proxy software run off Windows machines are all viable security solutions. That song is now being sung on many tech blogs.

The most common configuration for such a VPN is Hamachi and Privoxy although Hamachi and Squid combinations are also making an appearance (Squid is actually much better in my opinion as it offers unparallelled customization).

The problem is that neither solution works to anonymize you and keep you safe and secure. At best, your Hamachi IP address would be visible in conjunction with your actual IP address. While the proxy will do its job, Hamachi will not properly route web traffic securely. Plus there are no ways to access your VPN via any mobile device despite outlandish claims to the contrary. Android ICS relies on PPTP and IPSec, neither native-supported function is accessible using a Hamachi solution.

What Hamachi is Good At and What It Isn’t

Hamachi is NOT a real VPN in the sense of routing web traffic even with proper proxy configuration. It’s more likely that those claiming success were confused and had limited exposure to actual VPNs and how proxies actually route traffic. Firefox’s web proxy settings – when configured with your Hamachi IP – may have the result of some websites receiving the VPN’s IP address, but in actuality, your actual IP is still very much visible.

If you don’t believe me, go ahead and check the numerous comments made by users in response to these DIY tips. Lifehacker has received a number of complaints about these articles but they haven’t modified their articles.

Real VPN+Proxy solutions conceal your true IP address entirely and route all proxied data through the VPN.

Hamachi is a VPN in that it facilitates secure networking with remote parties insofar as some types of traffic is concerned (most notably this service is great when it comes to gaming, chat servers, simple and secure VPN file sharing, etc). But it is not an anonymous VPN and can’t hide your IP address for web traffic. If that worked in the past, it doesn’t seem to apply any more.

Checking your IP address through services like whatismyip.com is also unreliable as many such sites have scripts that see through proxies. Sometimes the remote servers will say one IP address but log enough when connected (that occurred during my tests of a Hamachi+Proxy setup). Proxy detection is typically limited to basic header information and are typically wrong to begin with (as you’ll see below, with the proper squid.conf entries, you can mask that detection).

Poor Proxy Configuration

Supporters of a Hamachi+Proxy solution self-hosted on the individual’s own machine are bound to think there was something wrong with my proxy settings. But upon thorough testing with both Privoxy and Squid, I’ve determined that my conclusion is valid concerning Hamachi’s privacy.

First off, configuration in Privoxy is notably poor. Beginners pick Privoxy due to its ease of use and Windows-based interface. The better solution is Squid 2.7 Stable 8.

Some Known Issues

The results using WhatIsMyIP (and triple checked elsewhere) is as follows:

With squid.conf configured appropriately:

Your IP Address Is: [HAMACHI IP] Other IPs Detected: [ACTUAL IP] Possible Proxy Detected: 1.1 [HOSTNAME]:3128 (squid/2.7.STABLE8)

Huh. Must be registering server-side with my Hamachi IP but merely showing me my actual IP as well. But that’s not quite right. Looking at my normal website’s traffic logs, the Hamachi IP doesn’t actually show at all!

squid.conf with forwarded_for delete:

Your IP Address Is: [ACTUAL IP] Possible Proxy Detected: 1.1 [HOSTNAME]:3128 (squid/2.7.STABLE8)

forwarded_for delete and forwarded_for off yields the exact same results.

Trying to add http_access blocks, etc. will have a similar result. You can drop sites from noticing your proxy, only show your actual IP, or completely block various header identifiers (you can essentially cripple what you can see on websites or even get yourself banned), but nothing solves the problem of properly anonymizing yourself.

At one point this setup may have worked (hence all the positive feedback it receives across the internet), but to my knowledge, it doesn’t work any longer. Besides… if you want a VPN solution you owe it to yourself to either create your own OpenVPN Server and use Squid for proxying or purchase a VPN service. Cutting corners with your privacy is silly.

Better Solutions

OpenVPN running on a virtualized or stand-alone linux box with Squid is the absolute best way of creating your own Proxy server.

Keep in mind that beginners often download the OpenVPN Windows AS Client (Access Server) and run it in a virtual box thinking that such replaces the need for a an OpenVPN Server. It doesn’t. You need to configure an OpenVPN server yourself and get it working: there are no shortcuts here. Though you can check out the following guides to help you:

Official OpenVPN Documentation

Optionally, GZ on the TechIMO support forums also posted a great guide to configuring OpenVPN with Ubuntu, click here to access it.

Optionally you can create a Windows OpenVPN Server but it requires a little more work. To be honest, I’ve found that XP doesn’t work great with OpenVPN and Windows 7 works the best. But feel free to give it a try. This guide will help you install and appropriately configure your Windows OpenVPN Server: http://www.itsatechworld.com/2006/01/29/how-to-configure-openvpn/ — you must also configure any firewall software and/or hardware you may have. If you are new to configuring your router’s firewall (port forwarding and changing your router’s subnet is extremely important), for example, OpenVPN may not be for you.

Another (slower) solution is to use the free edition of Hotspot Shield in combination with anti-popup add-ons in Firefox (keeping in mind that you are violating Anchor’s Terms of Service by blocking the ads). You can set the appropriate software to block the appropriate ads/frames. Adblock Plus and NoScript work wonders in that regard. Keep in mind that your speeds will be slow with the free edition!

The last solution is a paid one which involves getting a really good VPN service. Price, data throughput and accessibility on devices are the top priority. Log keeping on the server-side is also incredibly important to ensuring your anonymity online. Three top solutions for paid VPNs are: StrongVPN, VyperVPN, and BTGuard (for anonymous torrent use).

Configuring Squid as a Proxy

While you’ll want to get yourself a VPN if you’re trying to protect yourself against MITM attacks (be sure to read my blog post entitled “Public Wi-fi? Be Mindful of Session Hijacking“), once you’re ready to setup a Proxy, nothing works as well as Squid. Similarly check here for comprehensive guide to using squid.conf to enforce your anonymity online.

Resources of Note

LogMeIn Hamachi Homepage
OpenVPN Homepage
Squid Proxy Homepage
Privoxy Homepage
Hotspot Shield VPN

Sources

Henry, Alan (Lifehacker.com) “Build Your Own VPN to Pimp Out Your Gaming, Streaming, Remote Access, and Oh Yeah, Security.” Posted on April 11, 2012.

Quora’s page in support of Hamachi used as an “effective VPN.”