Hamachi behind multiple NATs

J

jbh

Guru
Joined
Dec 16, 2008
Messages
180
Reaction score
0
I am finding that if I try to tunnel Hamachi over a total of three NATs (two NATs at the remote end, plus a third NAT which my main PBX sits behind) then it doesn't work.

It works beautifully with the remote PIAF/VPNinaflash machine behind just one NAT and the main server behind another (so two in total)

The reason I'd want to introduce another NAT is that I need to use the remote PBX in a location where it will be on an untrusted network. So what I thought I would do is sit the remote PIAF and extensions behind their own router to isolate them from the untrusted network - hoping the Hamachi tunnel would get through to the main PBX. The other advantage of this would have been being able to give the remote PIAF a fixed IP address - to make the whole setup of VPNinaflash and remote extensions plug-and-play.

But this doesn't seem to work. Maybe this is obvious (?).

Would anyone happen to know of a solution to this?

Many thanks
 
Sorry if this is too obvious and you've already checked it, but make sure that the addresses behind the two NATs are unique. You'll run into problems (with most routers I've used) if the outside and the inside addresses are the same subnet.

So if your first router assigns 192.168.1.x addresses, be sure that the second one uses something different.

I haven't used Hamachi, but I have done a lot with OpenVPN, and it works well through multiple NATs.
 
Yeah - the address ranges are all different.

Now this is odd - but I just tested my setup again this morning and found that I now can get two Hamachi clients running on two different windows machines with three NATs in between them to see each other. (Apologies - I know this is not a Windows/Hamachi forum). I will test again with the remote PIAF machine again tonight when I have time, and will report back.

This connectivity behind three NATs definitely didn't work for me yesterday - so perhaps there is some variation in the way Hamachi connects on any given occasion that could lie behind this. (Or variation in my level of wakefulness !?)

I guess I could try port forarding the vpn ports through the travelling remote router if this remains an issue.
 
Just a thought, but since you have your machine on a non-trusted network, why not just leave it there and tighten up the firewall on the phone server?
 
My concern is that the SIP signalling over the untrusted network between the remote extensions and the remote pbx could be intercepted/sniffed and the evil-doers could gain login credentials and make a bunch of calls before I realised what whas happening. Maybe I am being too paranoid?
 
Universal Plug and Play with Hamachi and VPNinaflash?

So I think understand the problem here ...

With a VPNinaflash machine #1 running Hamachi behind its own NATing router, in turn behind another network's NATing router - it cannot see a PIAF server #2 via Hamachi behind a remote third NATing router.

A windows machine running Hamachi on the same network as VPNinaflash machine #1 CAN see the remote machine #2 though.

The reason appears to be that I have Universal Plug and Play enabled in the Hamachi client on the windows machine.

If I tick the "Do not use Universal Plug and Play" box in the Hamachi interface on the windows machine - it also loses contact with the remote PIAF server.

Would anyone know if there a way to enable Universal Plug and Play in Hamachi in VPNinaflash to improve its NAT traversal?

thanks!
 
Eek - one more possible solution - If I tell the windows Hamachi client to tunnel over a single UDP port, and forward that port to the windows machine at the router, this does also enable the windows machine to see the remote server.

So if there was a way to configure the Hamachi client in PIAF to tunnel over a single known UDP port it seems this woudl solve the problem too.

Would anyone know if this is possible and if so how I would go about this?

thanks again
 
ok -at the risk of getting the record for the number of posts by someone partially answering their own question:

I think I have found the instructions on how to configure Hamachi to use a single UDP port. I just don't understand them.

What I found is this:

Hamachi configuration

Add the following line(s) into the file you need to create called ~/.hamachi/config
UdpPort ####
where #### is the port you are forwarding to the machine from your router.
Restart Hamachi (hamachi stop; hamachi start)


What I don't understand is where it says to create a file called "~/.hamachi/config"

I understand Hamachi lives in the folder /usr/bin

Could anyone please decode the instructions to telll me if I should be creating a file called hamachi.config (or .hamachi.config) in /usr/bin and then putting the UdpPort information there? I just don;t want to break things by mucking about too much...:cryin:

many thanks
 
One other suggestion: Hamachi has a paid version that has some extra tricks up its sleeve for getting through nats. I think there is a free trial period. I can't remember specifically what it did differently or what this version was called, but it instantly solved a problem for me a year or two ago.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 82 (members: 0, guests: 82)

Latest Posts

Forum statistics

Threads
26,687
Messages
174,410
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top