Hamachi:Routed Tunneling / Bridging Networks Together
The intent of the article is to show you how to bridge two networks of Windows computers together using a single Windows (2000, XP, or 2003) machine on each network running Hamachi with the Routed Tunneling feature.
First, you need to have Hamachi set up and running on a computer on each network. Ensure the status of each computer is “green”. Next, you’ll need to turn on Routed Tunneling on both computers.
To do this, create a file called Hamachi-override.ini in
(Windows XP, Server 2003)
c:\Documents and Settings\<username>\Application Data\Hamachi
Inside hamachi-override.ini add the line
RoutedTunneling 1 and save the file
Restart Hamachi on both computers to have this setting take effect.
Configuring Windows for IP Routing
This is necessary for Windows to be able to send packets destined for the other location’s network through the Hamachi virtual adapter. This will need to be done on both of the computers that will act as the VPN end points.
To do this, create:
HKEY_Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter as a string value equal to 1 in the registry. This will require a system reboot to take effect. To confirm it is enabled, do
ipconfig /all from the command line.
IP Routing Enabled should say yes. If not, confirm your registry setting and reboot again. This setting is flaky in non-server versions of Windows.
Configuring Static Routes across the VPN
In order for the Hamachi computers to be able to route packets destined for the network on the other side of the connection, you’ll need to set a static route to say so.
In this scenario, we’ll use two networks, 192.168.1.x and 172.16.x.x to illustrate
On the Hamachi computer that is on the 192.168.1.x network, you’ll use
Command Prompt>route –p add 172.16.0.0 mask 255.255.0.0 5.x.x.x (Hamachi IP of PC on 172.16.x.x network)
On the Hamachi computer that is on the 172.16.x.x network, you’ll use
Command Prompt> route –p add 192.168.1.0 mask 255.255.255.0 5.x.x.x (Hamachi IP of PC on the 192.168.1.x network)
You should now be able to ping the 172.16.x.x computer from the 192.168.1.x computer using its real IP address and vice versa. If not, check your firewall settings.
Tying It All Together
Now for the fun part; you need to tell your other machines how to cross the VPN to access computers on the opposite network.
There are two alternative here. You can either add a static route on each computer needing to cross the VPN, or you can add a static route pointing the Hamachi machine on the router acting as the default gateway for the network.
This requires more work, but limits configuration changes to be at the computer level.
On each computer on the 192.168.1.x network:
Command Prompt>route –p add 172.16.0.0 mask 255.255.0.0 192.168.1.x (IP of Hamachi computer on the 192.168.1.x network)
On each computer of the 172.16.x.x network:
Command Prompt>route –p add 192.168.1.0 mask 255.255.255.0 172.16.x.x (IP of Hamachi computer on the 172.16.x.x network)
Option 2: (not all routers support this, but it is the minimal configuration method)
On the router acting as the default gateway for 192.168.1.x network, add a static route that says any traffic destined for 172.16.0.0 network go through 192.168.1.x (IP address of Hamachi PC on 192.168.1.x network)
On the router acting as the default gateway for 172.16.x.x network, add a static route that says any traffic destined for 192.168.1.0 network go through 172.16.x.x (IP address of Hamachi PC on 172.16.x.x network)