Hamachi is my new best friend. My company recently expanded into a 3rd data center to have even more redundancy and fault tolerance. One issue that we had as we approached the rollout was how to best create a secure communication channel over the web for this purpose. Generally speaking, this is a solved problem, but even so, when working with a semi-crippled OS such as Windows, the ability to choose VPN solutions becomes a problem. Specifically, a few of our boxes run the Web Edition which doesn’t have any VPN capabilities. After looking at a number of solutions including OpenVPN, Wippien, and a few commercial ones like WinGate and Hamachi, we finally decided to go with Hamachi. Arguably, OpenVPN is the strongest solution, but we didn’t need the level of complexity, administration, or capability offered by OpenVPN.
LogMeIn purchased the Hamachi source code a few years back and commercialized it. They have a premium as well as a free version. For our particular needs, we only need a “mesh” network which is part of the free version that allows the various nodes to talk to each other in a P2P fashion. The installation was a piece of cake. We didn’t even need to register and account. We simply created a named network after installing the client on the first node and then joined the network after installing the client software on each additional node by supplying the network name/password.
The P2P networking client runs as a Windows service which means that it can be run without logging into the console—a must for servers. One caveat that we ran into was that on one of our machines where we installed as the first node, because we didn’t want to do any kind of reboot, we had to restart MSMQ and SQL Server to get them to even recognize and listen on the Hamachi-based IP address (5.x.x.x).
All in all, I am very pleased with the solution. It was simple and created a secure tunnel through the Internet without any fuss. The best part is all of the traffic is direct/P2P which means there’s no proxying through LogMeIn servers which means that we don’t have to worry about bandwidth/latency issues.
At some point, if we decide to go with the paid solution, it’s only $20/server/year—a very reasonable price for such a capable solution.