Sunday, February 04, 2007

A Combination of Great Things

Sometimes you find things which work together so well that you can't keep them to yourself.

Today I want to talk about one such combination: Any hardware firewall, Hamachi 1.0.15, VNC Free Edition 4.1.2, FileZilla 2.2.30a and FileZilla Server 0.9.22.

Linksys sells a great, cheap firewall, the WRT54G. Just buy one and use it. Without a hardware firewall, the rest of my advice here changes a lot, or is potentially moot. VNC and FileZilla (described below) are servers, and running servers without being behind a hardware firewall can be a scary thing. I don't recommend it unless you've mastered completely the configuration of your software firewall. The point is, you want your servers to be useful to your friends, but not visible to the general public. While this might be possible with only a software firewall, it's certainly tricky. Doing it with a hardware firewall, however, is easy.

Hamachi is a VPN (virtual private network) solution, available at

VNC (Virtual Network Computing) is a remote desktop solution, available from

And FileZilla is a file transfer solution, available at

All of these (except the hardware firewall) are free, or have free versions.

Hamachi lets you create a secure peer-to-peer connection to anyone else on the internet who is also running Hamachi. Data that you send to them and get from them is strongly encrypted, so no-one else in the world can understand it. And to you it seems that they are on a local area network (LAN) with you. It's terribly easy to configure, and beautifully designed to be easy to use.

Even if you are each behind a firewall, Hamachi gets you talking by using something called NAT traversal. To do this, it uses a mediation server (a computer that knows about both client computers), but once you've made a connection, the data you send goes directly peer-to-peer. It's private. Once you have a hamachi connection, the computers behave as if they are on a LAN with each other. They each get a new, unique IP address (in addition to whatever other IP addresses they might have) which doesn't change, even if the computer is physically moved to another actual LAN (as laptops often are).

So, if your friend's Hamachi IP address is, it will always be, no matter where his computer is.

Hamachi also provides the ability to securely chat with (send instant messages to) any other Hamachi user whom you've connected up with. The chat messages are encrypted and sent directly to your friend -- not through a central server as they are with AIM or Yahoo messenger.

Finally, Hamachi makes sure you are connected only to people you know well. Even though millions of computers may be running Hamachi, only your friends will be able to communicate with you over Hamachi.

Now, let's look at VNC.

VNC lets you control another computer from your computer (given the owner's permission). If both computers have VNC installed, one can control another simply by entering its IP address. This is very handy for helping friends with their computer problems. You can see their computer's desktop, move their mouse around and click it, and type.

VNC alone works great over a LAN where IP addresses don't change. But over the internet, VNC has some problems:

  • IP addresses are a bit of a pain to discover, and, due to DHCP, they tend to change.
  • The free version of VNC doesn't encrypt traffic, so clever people can see everything you can, and they can even impersonate you (take control of the machine you are controlling).
  • VNC doesn't do NAT traversal, so if you are behind a firewall (and you should be), you have to open a port (poke a hole in your firewall) to make VNC work.

Hamachi solves all of the above problems. It turns the free version of VNC into a secure, safe, internet application.

If you use a software firewall (in addition to your hardware firewall), be sure to tell it that you want the VNC server to accept incoming connections.

With Hamachi and VNC alone, however, there is one last thing you can't yet do: transfer files. I've transferred files to and from my friends using Yahoo messenger, but doing so is really quirky. It seems the files are sent up to Yahoo, and then down to my friend. And the traffic isn't encrypted, so anyone on the net can potentially intercept and read the files.

If you want, after installing Hamachi, you could try to set up Windows File Sharing. But that requires that both computers be in the same Windows Workgroup. Changing workgroups so that you and your friend are in the same one is inconvenient (What if your friend already has a workgroup at his home, and he doesn't want to leave it? Or worse, what if he is a member of a network domain?).

The solution is to use an old internet workhorse: FTP (File Transfer Protocol). No, FTP isn't as tightly integrated into Windows Explorer as Windows File Sharing, but it gets around any Microsoft quirks. With FTP you set up a server on each machine, so that a client on another machine can access the files on the machine which is running the server.

The best FTP server and client I've found is FileZilla.

Normally I wouldn't recommend average users run an FTP server on their home machine, as normal setup of an FTP server requires opening a bunch of ports in your firewall, which is a security no-no. But just as Hamachi makes VNC a safe, secure tool, it does so too for FTP.

At first, FileZilla FTP might seem too complex or geeky for you. But give it a chance. You certainly won't find a server that is more easy to set up, and you'll have a hard time finding a client that is so powerful, yet easy to use.

The main task in server setup is creating accounts. Each account needs a username and a password, as well as a list of local directories to be shared by the server to that account. Be sure, too, that any software firewall will allow incoming connections to the server (set up a firewall exception for the server). You don't need to touch your hardware firewall -- Hamachi securely deals with it for you.

Once the FTP server is set up, then from another machine, you want to use FileZilla to connect to the server. You need to tell FileZilla the IP address of the server. Use the Hamachi IP address of the server (which is shown right in the Hamachi window). Also provide the account and password, and voila! You are looking at files on the host machine. You can easily transfer them to the local machine, and you can easily send files up to the host.

All traffic sent to a Hamachi address is totally encrypted. Nobody on the net can understand it. And nobody on the net except those who you explicitly permit can use VNC to control your machine. And nobody but those you permit can use FTP to get at your files.

Once you get all of this set up, you won't be tempted any more to send big files through e-mail. You can just create an FTP account on your own computer, and allow your Hamachi-able friends to download the files at will from your machine.

Finally -- powerful, safe networking over the internet. Tell your friends.