Saturday, June 16, 2012

Ditching Hamachi for Neorouter: Samba, Privoxy, and NX NoMachine services

I have been a LogMeIn Hamachi user for some time. I mainly use the free version to access my home network from places outside the home. Today I found out that LogMeIn has recently reduced the number of computers allowed per network from 10 (or maybe more?) to only 5. While I can get just barely get by with only 5 computers on my Hamachi network, I decided it was time to part ways with Hamachi and try a different VPN solution.

I decided to go with the free version of NeoRouter (another alternative is Wippien). NeoRouter allows 256 computers on a network. So I should be OK. I actually had done some preliminary testing of NeoRouter (NR) last year, but had forgotten all about it. This time I was determined to get it working so I could leave Hamachi. I'll detail here some of the issues I had with the process:

Installation and NeoRouter configuration

First off, NeoRouter requires more configuration than Hamachi, but I don't think it's really too bad. The one missing feature from the free version is that NeoRouter doesn't provide a server for linking up the computers in your VPN. You have to provide your own server. I run a Linux box at home for file backup purposes, and also for proxying web traffic on occasion (using the free Privoxy software), so this isn't really a huge deal for me. They do do a little server stuff on their side by providing a domain name service that is useful for if you have a dynamic public IP address, so you don't have to remember or type in an IP address to connect. But you will need an always-on machine to run the free NR server software. And if you have a NAT router (which you should!), you will probably need to port forward the proper port for NeoRouter (default is port 32976; I changed it to something else for a little added security).

Installation was pretty straightforward, both on Debian Linux (Squeeze 6.0.5) and Windows 7. I got some guidance from http://aproductivelife.blogspot.com/2009/10/switching-from-hamachi-to-neorouter.html. One thing to note is that the NR Configuration Explorer is for Windows only, so NR says you must install the software on a Windows computer on the same local network to administer an NR server on Linux. However, you can administer it from a web interface available from their website.

Another thing I learned was that you can log into the server configuration using any administrator level user that is on the Linux box. When you log in, a new user is created in the NR Configuration Explorer with the credentials of the user you logged in with. These users cannot be changed in the NR Config. They are tied to the users on the server computer. Basically, you can't change the password in the NR Config for these users; you will have to change the password for the actual user on the Linux box if you want to do that.

I had to install the NR Client software as well on the server, since I wanted to connect to the computer as well as have it connect the various computers on the VPN.

Services

Below I'll detail what I had to do to get everything working like it did before with Hamachi:

NX NoMachine

I remotely connect to the Linux box using the NX NoMachine software (both as the server on the Linux machine and as clients on the Windows machines). This previously worked fine under Hamachi (I'm not sure if I had to do anything special back when I first got it all working a few years ago). After installing NeoRouter on all the machines, the NX software seems to work fine. All I did was change the destination IP address in the client software to the new NR VPN address for the Linux box.

Privoxy

The Privoxy service must be told to listen on the new IP address. It is fairly straightforward:
  1. At the terminal, enter gksudo gedit /etc/privoxy/config
  2. Scroll to section 4.1 listen address
  3. Change the listen-address to whatever the NR assigned IP address is. Use whatever port you'd like. 
    1. Example: listen-address 10.63.2.8:5555
  4. Save and exit
  5. Restart the Privoxy service by entering sudo /etc/init.d/privoxy restart at the terminal.
Of course, you'll have to update the devices that connect to the proxy to the new NR IP address.

Samba

The Samba configuration is also pretty straightforward. I set up my Samba server to use a guest account that doesn't require users to enter a username or password, following the instructions at http://www.debuntu.org/guest-file-sharing-with-samba. To include the NeoRouter network adapter as an interface Samba binds to, follow these steps:
  1. At the terminal, type sudo ifconfig  Note the interface name of the NeoRouter interface
    1. Mine was nrtap
  2. Type gksudo gedit /etc/samba/smb.conf
  3. Scroll to the "Networking" section. Next to interfaces, include the interface name noted in step 1.
    1. For example, mine was interfaces = lo eth0 ham0 after installing NR. I added nrtap so it now reads interfaces = lo eth0 ham0 nrtap
  4. Make sure bind interfaces only = yes
  5. Save and close
  6. Enter testparm at the terminal to make sure you don't have any syntax errors in the Samba config file
  7. Enter sudo /etc/init.d/samba reload
  8. Enter sudo /etc/init.d/samba restart

A problem common to both Privoxy and Samba

Although Privoxy and Samba both worked initially after restarting their services, both stopped working after rebooting the Linux computer, and had to be manually restarted to start working again on the NeoRouter interface (both still worked fine for the ethernet and Hamachi interfaces). I did some investigation, and I now believe that NeoRouter isn't starting early enough in the boot sequence to initialize before these services start, thus causing these services to fail to initialize on the NR network interface. It may have something to do with NR not including LSB headers in the script file located in /etc/init.d/nrservice.sh which may mess up the dependency based boot used in Debian. I tried to find a way to change the order that services startup on boot, but wasn't successful. Instead, I added a few lines into the /etc/rc.local shell script to restart those services after everything else boots and NeoRouter is ready. The steps follow:
  1. At the terminal, enter gksudo gedit /etc/rc.local  (gksudo is the graphical sudo command, and gedit is a GUI based text editor. I just feel more comfortable with gedit coming from a Windows background. You can use whatever editor you like to use)
  2. Insert the following lines before the exit 0 line
    /etc/init.d/samba restart
    /etc/init.d/privoxy restart
  3. Save and exit the text editor

That's about it! Assuming you had everything working under Hamachi, you should now be good to go with NeoRouter.

No comments: