Hamachi

MikaelS

I have also encountered  this problem  :-\

I have done the advanced outbound nat rule as Sullrich did it (only changed IP to 192.168.0.2).

Hamachi have been configured with the magic option port 12975.

No extra portforwards or firewall rules an im on BETA 1

My states show med (192.168.0.2 is the computer with hamachi and 81.XX.134.139 is my public ip at the moment):

self tcp 64.34.106.33:12975 <- 192.168.0.2:3308                                             FIN_WAIT_2:FIN_WAIT_2
self tcp 64.34.106.33:12975 <- 192.168.0.2:3309                                             ESTABLISHED:ESTABLISHED
self tcp 192.168.0.2:3309 -> 81.XX.134.139:61521 -> 64.34.106.33:12975        ESTABLISHED:ESTABLISHED
self tcp 192.168.0.2:3308 -> 81.XX.134.139:60332 -> 64.34.106.33:12975        FIN_WAIT_2:FIN_WAIT_2
self udp 64.34.106.33:43961 <- 192.168.0.2:12975                                           NO_TRAFFIC:SINGLE
self udp 64.34.106.33:11711 <- 192.168.0.2:12975                                           NO_TRAFFIC:SINGLE
self udp 64.34.106.74:3713 <- 192.168.0.2:12975                                             NO_TRAFFIC:SINGLE
self udp 82.165.226.212:3892 <- 192.168.0.2:12975                                         NO_TRAFFIC:SINGLE
self udp 192.168.0.2:12975 -> 81.XX.134.139:57157 -> 64.34.106.33:43961      SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:50945 -> 64.34.106.33:11711      SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:64298 -> 64.34.106.74:3713        SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:60112 -> 82.165.226.212:3892    SINGLE:NO_TRAFFIC

billm

@MikaelS:

I have also encountered  this problem  :-\

I have done the advanced outbound nat rule as Sullrich did it (only changed IP to 192.168.0.2).

Hamachi have been configured with the magic option port 12975.

No extra portforwards or firewall rules an im on BETA 1

My states show med (192.168.0.2 is the computer with hamachi and 81.XX.134.139 is my public ip at the moment):

self tcp 64.34.106.33:12975 <- 192.168.0.2:3308                                            FIN_WAIT_2:FIN_WAIT_2
self tcp 64.34.106.33:12975 <- 192.168.0.2:3309                                            ESTABLISHED:ESTABLISHED
self tcp 192.168.0.2:3309 -> 81.XX.134.139:61521 -> 64.34.106.33:12975        ESTABLISHED:ESTABLISHED
self tcp 192.168.0.2:3308 -> 81.XX.134.139:60332 -> 64.34.106.33:12975        FIN_WAIT_2:FIN_WAIT_2
self udp 64.34.106.33:43961 <- 192.168.0.2:12975                                          NO_TRAFFIC:SINGLE
self udp 64.34.106.33:11711 <- 192.168.0.2:12975                                          NO_TRAFFIC:SINGLE
self udp 64.34.106.74:3713 <- 192.168.0.2:12975                                            NO_TRAFFIC:SINGLE
self udp 82.165.226.212:3892 <- 192.168.0.2:12975                                        NO_TRAFFIC:SINGLE
self udp 192.168.0.2:12975 -> 81.XX.134.139:57157 -> 64.34.106.33:43961      SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:50945 -> 64.34.106.33:11711      SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:64298 -> 64.34.106.74:3713        SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:60112 -> 82.165.226.212:3892    SINGLE:NO_TRAFFIC

Hmmm, that certainly looks like the NAT isn't working right.  I'll take a look.

–Bill

billm

Uhhh, NAT rules are like filter rules, first match.  I'm betting you have the default NAT from LAN to WAN rule first.  Please re-order them.

–Bill

MikaelS

Yes you where right about the order of the rules, this is now fixed but still no luck  :'(

I reseted my states and tested a couple of times but no luck.
The only thing i have done is magic option in hamachi (12975) and the advanced outbound nat.
This is correct?

My states:

self tcp 64.34.106.33:12975 <- 192.168.0.2:1328                                            ESTABLISHED:ESTABLISHED
self tcp 192.168.0.2:1328 -> 81.XX.134.139:57915 -> 64.34.106.33:12975       ESTABLISHED:ESTABLISHED
self udp 64.34.106.33:43961 <- 192.168.0.2:12975                                          NO_TRAFFIC:SINGLE
self udp 64.34.106.33:11711 <- 192.168.0.2:12975                                          NO_TRAFFIC:SINGLE
self udp 64.34.106.74:3713 <- 192.168.0.2:12975                                            NO_TRAFFIC:SINGLE
self udp 82.165.226.212:3892 <- 192.168.0.2:12975                                         NO_TRAFFIC:SINGLE
self udp 192.168.0.2:12975 -> 81.XX.134.139:57234 -> 64.34.106.33:43961      SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:59478 -> 64.34.106.33:11711      SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:61194 -> 64.34.106.74:3713        SINGLE:NO_TRAFFIC
self udp 192.168.0.2:12975 -> 81.XX.134.139:51526 -> 82.165.226.212:3892    SINGLE:NO_TRAFFIC

CrashX

I too only have the Advanced Outbound NAT set up and the Magic Option in Hamachi set. I have the Hamachi outbound rule above the the default rule and still have the same results.

self  tcp  192.168.10.50:1400  ->  66.93.XXX.XXX:59271  ->  64.34.106.33:12975    ESTABLISHED:ESTABLISHED
self  tcp  64.34.106.33:12975  <-  192.168.10.50:1400        ESTABLISHED:ESTABLISHED

sullrich

Isn't hamachi using UDP?  Perhaps my screenshot was wrong in this regard.  Please remove nat+firewall rules and start over but use UDP.

Scott

CrashX

I don't see that Outbound Nat let's you choose between UDP and TCP.

sullrich

Well then verify the outbound rule is the first in the list before all other rules.

MikaelS

@sullrich:

Well then verify the outbound rule is the first in the list before all other rules.

Thats what i have done (hamachi NAT rule is at top).
But it isent working.
No Firewall rules needed?? or anything else?

Happy new year to all!

sullrich

Okay, time to install this beast.

Can you tell me how we can get a tunnel connected for testing?

CrashX

I created one for testing.

Network name: pfsense
Password: pfsense

CrashX

It should turn green if the connection is good. Yellow if there is a problem.

sullrich

Edit the outgoing rule and remove the source port.

Then make sure the magic option is enabled in Hamachi.

sullrich

Well as a follow up, I tried to set it up at my work and home (both running pfSense).

No matter what I tried, I could not get it working.

Sorry!

CrashX

I have been trying everything suggested, without any luck.

sullrich

@CrashX:

I have been trying everything suggested, without any luck.

I tired manually entering every combo of rule found in the Hamachi forum and nothing seems to work.

Not really sure whats going on, the Hamachi developers are going to have to give us better examples of how to make this work and they will also need to clarify why they feel that PF "over locks nat" down.

billm

I'll poke at this over the weekend and see if I can figure out what's wrong with the NAT.  We aren't using static-port as they suggest, but we should have been forcing the source port to be what was specified.

–Bill

sullrich

I got it working with a 1:1.

• Remove all prior outbound nat rules and nat port forwards pertaining to Hamachi previously setup

• Add a Firewall -> NAT -> 1:1 to your computer

• enable magic option in Hamachi

• add a firewall rule to the magic port with your internal ip.  the default is 12975

billm

Erg, I hate to reply w/in an hour of the last reply, but I think I see the problem.  We are going to need static-port, the implementation of that will need to be somewhat carefully thought out as it's very easy to hose stuff up (windows doesn't use terribly random source ports, conflicts are guaranteed).  1:1 nat (for those with more than one IP) might be an option - or for those with only one machine behind pfsense.

–Bill

MikaelS

I must thank you all for testing this, i know that you all have limited time for supporting something that isent pfsense specific.
This is much appreciated!