Topic: Using Hamachi to access SME server services

[hollymcr]

I would like to use Hamachi (www.hamachi.cc) to access services on SME, eg SSH/email/www. I'd like it to be as secure as possible, of-course, but I accept that using it at all is always going to be less secure than not using it (better than opening external ports, though, I am sure).

The install is painless in sme 7.1 following the instructions here:
    http://forums.hamachi.cc/viewtopic.php?t=3523
... since the tun device is already present. The only change was that the file to download with wget has changed to (at time of writing)
    http://files.hamachi.cc/linux/hamachi-0.9.9.9-20-lnx.tar.gz

Where it gets me is that the SME server hs an IP on my Hamachi network and I can ping it, with hamachi itself running as root.

What I next:

* Thus far I cannot access email/www/ssh, presumably as SME doesn't think they're local. I've added 5.0.0.0/255.0.0.0 to my local networks but that hasn't helped.
* What user should I actually run it as, if I want access to SSH/www/email?Or, if I create a hamachi group, what users would I need to add to it?
* How should I make it run automatically?

[raem]

hollymcr

> I would like to use Hamachi (www.hamachi.cc)

What are you trying to do with hamachi that you can't already do with sme.
ssh is available, secure email is available, not sure what www access you want, but a VPN connection will route http through the remote host if you configure your VPN connection that way, and you can always add your remote site as part of the local network to have direct access to services (as if you were local).

[duncan]

Just out of curiosity - why use Hamanchi to access email and ssh. They are both secure in their own right.

[hollymcr]

What are you trying to do with hamachi that you can't already do with sme.
ssh is available, secure email is available, not sure what www access you want, but a VPN connection will route http through the remote host if you configure your VPN connection that way, and you can always add your remote site as part of the local network to have direct access to services (as if you were local).

There's a couple of situations here.

With www/ssh the main reason is to allow me to support customers from wherever I am.

With email its to make it easy for a laptop with minimal configuration to collect email. Secure email is fine, but it still needs external access which means its less easy for me to control and less secure (I think) than a VPN solution. There's nothing to stop me using secure email over the VPN, after all.

Hamachi is easy, it "just works" most of the time, and it doesn't require changes to router settings which in some cases I don't even have access to.

NB: This is a common question, and the best answer is to suggest trying hamachi then you'd see how seamless and easy it is. Almost everything I want can be done without Hamachi, it's just so much easier with it than without it, and I've seen no security reasons to avoid it either.