How to create a VPN for secure web browsing using Hamachi.


Do you feel insecure when browsing the internet over an open unsecured wireless access point?  

83 members have voted

  1. 1. Do you feel insecure when browsing the internet over an open unsecured wireless access point?

    • Yes
      52
    • No
      31


Recommended Posts

How to create a VPN for secure web browsing using Hamachi.

Do you feel insecure when browsing the internet over an open unsecured wireless access point? Well some people do, myself included. In this guide I will explain how to create a VPN for web browsing using Hamachi in combination with privoxy.

For this to work its best to use a computer that is always turned on and never goes to sleep. I prefer setting it up on an old low end computer that you just put in a corner and forget about. (except for installing updates on of course)

Step 1: Installing Hamachi

Go to the following address http://files.hamachi.cc/HamachiSetup-1.0.3.0-en.exe to download and install hamachi. They have a paid version and a free version. For what we need it for, the free version will work just fine. During the install tell hamachi to start with windows.

Step 2: Creating a new Hamachi network.
This will be the account that your laptop will connect to.

1) Click the triangle icon in the bottom right of hamachi.
2) Click "Create a new network"
3) Type in a network name. For the password I'd recommend going to https://www.grc.com/passwords.htm. On the page are 3 different sets of 64 character passwords. Every time you refresh the page a new set will be generated. Copy and paste one into the password field of hamachi. I'd also recommend you paste the same password into notepad and save it so you can copy and paste it later to connect to this account.

Hamachi is now ready to go. Next we will setup the proxy server portion. For this guide we will be using privoxy http://www.privoxy.org/. I'm sure there are other ones that will work too, but this one is free and it gets the job done.

Step 3: Setting up and configuring privoxy.

1) Download and install privoxy from http://www.privoxy.org/. You'll also want to put a copy of the privoxy icon in your startup folder.
2) Launch the application
3) Click Options / Edit Main Configuration. This will open up a notepad document. Search the document for "listen-address 127.0.0.1:8118. You want the one that does not have an asterisk in front of it. Replace the 127.0.0.1 with the 5.x.x.x number that is displayed on the top of hamachi.
4) Exit and save the document. You may have to restart the application for the change to take in effect.

Step 4: Setting up the VPN on your laptop.

1) Install hamachi on your laptop and create another new account.
2) Click the triangle in the bottom right of hamachi. This time choose "join an existing network".
3) Type in the name and password of the server you created in step 1 #3. Copying and pasting the password usually works the best.

Step 4: Setting up your web browsers to feel the proxy love.

This step is pretty simple. Go into the proxy options of your web browser. When it asks for an IP address give it the hamachi IP address of the server. When it wants a port number give it 8118.

That's it. You're done! Now when you are in a public access point and connected to hamachi all your web browsing traffic should be encrypted. Now lets test it to see if everything is working. Open the web browser that you just configured to go through a proxy server. Go to a website that displays your internet IP. If everything is working you should get the IP of your internet connection at home. Of course if you are testing this at home, it really won't do much good. You could always mooch off someones wireless access point just long enough to see which IP the site is giving you.

Note: Just remember if you have multiple web browsers on your computer, only the ones with their proxy settings configured will be encrypted.

Edited by warwagon
  BudMan said:
^ yeah lots of people are not aware of how to circumvent browsing policies at work or school.. This is a great guide on how to do exactly that.

This _mostly_ won't work for circumvention if the network and policies are set up properly, and I don't think the guide is meant as such. It's a way to safe surf encrypted in a public environment.

  BudMan said:
^ yeah lots of people are not aware of how to circumvent browsing policies at work or school.. This is a great guide on how to do exactly that.

My intent in writing this guide was to give people (like shockz) a more secure way of browsing the internet on an unsecured wireless network. (Example: Starbucks or the local hospital) Nothing more. I hadn't even thought of the workplace and school ramifications. What workplace or school allows 3rd party installation of programs like Himachi? They have a lot larger problem if they are that unsecured.

Edited by warwagon

im pretty sure you need admin rights to install hamachi because it installs a driver. most schools wont let you do that type of thing, probably :p

nice guide tho, although i find hamachi a bit slow sometimes, i just use putty and stunnel (takes a bit more setting up though :p )

  Colin-uk said:
im pretty sure you need admin rights to install hamachi because it installs a driver. most schools wont let you do that type of thing, probably :p

nice guide tho, although i find hamachi a bit slow sometimes, i just use putty and stunnel (takes a bit more setting up though :p )

ya this one is pretty much, click click type type and done. Only reason I didn't port forward some ports in from the router instead of using hamachi is, I don't like to have to open ports on my server if I don't have to. because even if you couldn't install hamachi you could always port forward 8118 on your server. Then just use your IP address assuming it doesn't change. Though the school really should have all the ports locked down other than whats needed like port 80.

  • 2 weeks later...
  warwagon said:
My intent in writing this guide was to give people (like shockz) a more secure way of browsing the internet on an unsecured wireless network. (Example: Starbucks or the local hospital) Nothing more. I hadn't even thought of the workplace and school ramifications. What workplace or school allows 3rd party installation of programs like Himachi? They have a lot larger problem if they are that unsecured.

with Putty you can set up a tunnel and in firefox set it to use the tunnel (proxy settings). Both these programs can be used without having to install them

  • 1 month later...
  • 2 months later...
  • 4 weeks later...
  • 1 year later...
  On 01/09/2010 at 16:01, Sawyer12 said:

Do I need to forward port 8118 to get this to work outside?

Not if you connect via hamachi. Once connected with hamachi it's like both computers are on the same internal lan.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Free Download Manager 6.28.1.6321 by Razvan Serea Free Download Manager is a powerful, easy-to-use and absolutely free download accelerator and manager. FDM accelerates downloads by splitting files into sections and then downloading them simultaneously. As a result download speed increases up to 600%, or even more! FDM can also resume broken downloads so you needn`t start downloading from the beginning after casual interruption. FDM lets you download files and whole web sites from any remote server via HTTP, HTTPS and FTP. You can also download files using BitTorrent protocol. In addition, Free Download Manager allows you to: adjust traffic usage; to organize and schedule downloads; download video from video sites; download whole web sites with HTML Spider; operate the program remotely, via the internet, and more! Free Download Manager is compatible with the most popular browsers Google Chrome, Firefox, Microsoft Edge, Internet Explorer and Safari. Free Download Manager 6.28.1.6321 changelog: Improved add-ons support. Improved M3U support. Fixed: crash bug in BitTorrent module. Fixed: minor bugs. Windows: a bit improved installer. Windows: Firefox bug workaround. Android: Qt updated to 6.9.1. Download: Free Download Manager (64-bit) | 45.8 MB (Freeware) Links: Home Page | Linux, Mac, Android | MS Store | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Tariffs have nothing to do with this pricing. It was always intended to be slightly more expensive then the S25+
    • Hello, The static link still downloads 10.3.2040.0 from May 22, 2025. The 10.3.2412.0 version can be downloaded directly from emclient.com/dist/v10.3.2412/setup.msi. Regards, Aryeh Goretsky
    • Hello, Yes, and yes. More specifically, there are lots of features in Windows that I do not use--I cannot recall the last time I needed to run EUDCEDIT.EXE or ODBCAD32.EXE on a computer I own, but I'm sure that for some people they are useful, and for a smaller set of people they might even be indispensable. I don't begrudge Microsoft for including them as part of the standard Windows installation nor the people who need such tools; sometimes it is convenient to have some little utility or feature readily available. One thing I do begrudge is Microsoft's over-reliance on its own telemetry, and perhaps surpisingly on the flip side, customers who disable it. Collecting telemetry is generally a good thing, if it is done for good reasons and does not include any customer PII. However, how you interpret that telemetry is even more important, as that can lead to all sorts of disastrous decisions. On the customer side of things, telemetry is your "vote:" it's how you tell companies what features you use in the program, and lets them prioritize things appropriately. One glaring example is Windows 8, which shipped with the full-screen Start Screen because Microsoft's telemetry told them the average Windows user pressed the Windows key to bring up the Start Menu less than once a day. I have often wondered how many "power users" of previous versions of Windows (XP, Vista, and 7) that relied on the Start Menu disabled the telemetry that would have told Microsoft a difference story about its usage. More recently, I came across a young lady who had a problem with a third-party sync program on her computer running Windows 7. An update for the utility removed Windows 7 compatibility, and broke her backup process. Now, support for Windows 7 ended over 5 years ago in 2020, but there are ISVs who still support their software on it, but decisions about stuff like that are made, in part, by knowing what percentage of your customer base is on what operating system version. When I asked about that, she mentioned she had specifically disabled the telemetry from the sync program to its developers, which was optional to begin with. What made things even worse was that this was an open source utility, and its authors had a very clear, well-designed and scoped policy on the telemetry they collected, the pains they went through to avoid collecting any PII, and even other ancillary risks involving information disclosure (like just using of the software) because of the network connection made for the checks. Yet, she took herself out of telling the project maintainers "Hey, I use your software and I'm running Windows 7" by disabling the telemetry checks, which could have let them know they needed to continue supporting it. In a sense, sending telemetry is just like voting: Individually, you may not think it matters much, but it is often the basis for very important decisions. Regards, Aryeh Goretsky
    • Hello, My thoughts on this are mixed. Microsoft has hosted malicious code in the Microsoft Update Catalog where third party device drivers are stored; I wrote about one such incident about fifteen years ago, so if there are any other old malicious drivers floating around in the catalog, this will be a good step towards preventing any infestations from reoccurring. Another thing, which surprisingly is not mentioned in Microsoft's announcement, is that this helps protect against BYOVD (Bring Your Own Vulnerable Driver) attacks, where malware either comes with or downloads an older device drivers with vulnerabilities in it that can be exploited to gain access to kernel memory. Removing all those old device drivers from the Windows Update Catalog, potentially with all sorts of undisclosed vulnerabilities in them, means an attacker can no longer leisurely count on being able to download them from Microsoft's servers--something that may go unnoticed or ignored by security analysts. This makes the adversary attack a little more noisy, since they have to either include the device driver with the rest of their initial payload or download it from a third-party site at some point prior to beginning their BYOVD attack. On the other hand, it means that people who are looking for a specific version of an older device driver for whatever legitimate reasons, like compatibility, performance or stability, may end up going to dodgy third-party sites in search of older drivers, which increases the risk of exposure to everything from nuisance advertisements and unwanted software to actual malicious code. As for me, I have keeping copies of all the device drivers, firmware updates, etc. I have downloaded over the years, some dating back to DOS and Windows 3.x era, not just for hardware I won, but popular things like unified chipset and video card drivers, just in case I ever needed it. It might seem silly to collect such a thing, but the hardware drivers, firmware updates, and documentation are just about 2 TB in size. From my perspective, it is an inexpensive form of insurance, especially given that disk space is always getting cheaper over time. Regards, Aryeh Goretsky
  • Recent Achievements

    • Contributor
      GravityDead went up a rank
      Contributor
    • Week One Done
      BlakeBringer earned a badge
      Week One Done
    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      660
    2. 2
      ATLien_0
      266
    3. 3
      Michael Scrip
      235
    4. 4
      Steven P.
      164
    5. 5
      +FloatingFatMan
      149
  • Tell a friend

    Love Neowin? Tell a friend!