Author Topic: OpenVPN testing - Hamachi replacement  (Read 7428 times)

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
OpenVPN testing - Hamachi replacement
« on: August 14, 2020, 06:40:55 PM »
I set up my router to allow VPN connections directly, not via that remote Hamachi service. This may or may not work. I do have a dual core router CPU but it isn't the fastest one on the planet. There are models that are allegedly much faster due to some custom chipsets that handle the encryption. Still, what we are doing isn't really high load, so I figure we should give it a shot. If Hamachi has a bandwith cap (highly likely as I never saw it above 10Mbps), we may actually do better with this solution.

Anyone who is interested in testing this with me, let me know in Teamspeak. I will need to email you instructions and a settings file, username and PW. We can actually do this in tandem with Hamachi, as the connections should be handled on my network as if you are a local client like my own gaming box, where I never run Hamachi. The server has been dishing out GRAW connections on Hamachi and locally simultaneously, so that should not be a problem.

I cannot test myself very easily unless I go to some coffee shop with my laptop and play from there. . I do not have GRAW in my office and that office isn't really my office any longer anyway.

I did test the connectivity from the office computer to my LAN with the settings I have configured and it works fine (e.g. I can try to open my router admin page from a computer that isn't in my house using the local network 192.168.0.1 IP for it, so that remote system clearly is "virtually" on my LAN. Just what we need to play GRAW. The connection will not allow you to use my Internet connection for web access (teamspeak), but that will use your normal connection. So far that also seems to work on my work box.

If possible, I want to ditch Hamachi before the end of August when they will bill me again for 12 months without warning or any prior info on how much the price is going up. Just because of the way they do this I want to dump the service. It is getting expensive, and it may also be the root problem of all our map loading crashes.

To make all this work on your end, you will need to install OpenVPN, which behaves a lot like hamachi, except you don't see other users connected. Downloads are here https://openvpn.net/community-downloads/ 

The program will be looking for a config file that I will provide, plus a username and password (can be saved) I will hand out via teamspeak. At this point I don't know if everyone can use the same user/pass combo, or if I have to create one for each user. There is a limit of 16 in the server config, but that should be enough for us. I am guessing more than one can connect using the same user and password.

So if you're a bit more on the tech savvy side and want to try this out (Mex, Mike? I recall you were interested in testing) let me know this weekend. I'll advertise this in TeamSpeak as well




Don't eat food off the sidewalk, no matter how good it looks.

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #1 on: August 14, 2020, 06:49:49 PM »
One more thought on this - I am not sure if others can host games using this setup, but again, technically, it isn't any different from being on the same LAN, so as long as users connect to my VPN and one of them fires up their own server, the traffic would go through my router to go back out to players. Testing when we have more than one player set up to use this will be needed to see if we are going to depend on my server being up or not. I have my money on "everything will be the same" short of seeing other users in a list. Meanwhile, the logs on my router do track every connection and IP numbers of users connecting to the LAN.
Don't eat food off the sidewalk, no matter how good it looks.

HSantal

  • Administrator
  • Full Member
  • *****
  • Posts: 132
  • Karma: 5
Re: OpenVPN testing - Hamachi replacement
« Reply #2 on: August 15, 2020, 12:17:35 AM »
I'm guessing that we will need the 64 bit MSI Installer?
I'll download and install this.
I do what I can.

If a man, standing in the forest says something, and his wife isn't there to correct him, is he still wrong??

razamataz1234

  • Cantina Regulars
  • Newbie
  • *
  • Posts: 30
  • Karma: 3
  • live life before you ---------
Re: OpenVPN testing - Hamachi replacement
« Reply #3 on: August 15, 2020, 05:00:38 PM »
Hoping , Thats what i installed .

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #4 on: August 15, 2020, 11:47:50 PM »
if you are on 32 bit XP you need 32 bit, Anything else, just use the 64 bit.

I installed this one

https://swupdate.openvpn.org/community/releases/OpenVPN-2.5-beta1-amd64.msi


The second one listed did not mention beta, so that may be the better choice for stability, but I really can't tell form the instructions. the last version there seems to be the one for most of us:

https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.9-I601-Win10.exe

Don't eat food off the sidewalk, no matter how good it looks.

razamataz1234

  • Cantina Regulars
  • Newbie
  • *
  • Posts: 30
  • Karma: 3
  • live life before you ---------
Re: OpenVPN testing - Hamachi replacement
« Reply #5 on: August 16, 2020, 02:22:59 PM »
was easier setting up over hamachi if i was in fact connected , with the server being up on hamachi unsure . Can you check activity on your router to see if i was active ?

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #6 on: August 16, 2020, 09:34:13 PM »
Today's server log - it was certainly up and running:

Aug 16 13:10:47 vpnserver1[990]: 206.125.203.193:56613 TLS: Initial packet from [AF_INET]206.125.203.193:56613 (via [AF_INET]134.215.114.4%vlan2), sid=1a8a661b 1c0bb379
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_VER=2.5_beta1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_PLAT=win
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_PROTO=6
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_NCP=2
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_LZ4=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_LZ4v2=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_LZO=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_COMP_STUB=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_COMP_STUBv2=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_TCPNL=1
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 TLS: Username/Password authentication succeeded for username %%%%
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug 16 13:10:48 vpnserver1[990]: 206.125.203.193:56613 [client] Peer Connection Initiated with [AF_INET]206.125.203.193:56613 (via [AF_INET]134.215.114.4%vlan2)
Aug 16 13:10:48 vpnserver1[990]: client/206.125.203.193:56613 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Aug 16 13:10:48 vpnserver1[990]: client/206.125.203.193:56613 MULTI: Learn: 10.8.0.6 -> client/206.125.203.193:56613
Aug 16 13:10:48 vpnserver1[990]: client/206.125.203.193:56613 MULTI: primary virtual IP for client/206.125.203.193:56613: 10.8.0.6
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 PUSH: Received control message: 'PUSH_REQUEST'
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 Data Channel: using negotiated cipher 'AES-256-GCM'
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 13:10:49 vpnserver1[990]: client/206.125.203.193:56613 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 13:25:11 vpnserver1[990]: client/206.125.203.193:56613 [client] Inactivity timeout (--ping-restart), restarting
Aug 16 13:25:11 vpnserver1[990]: client/206.125.203.193:56613 SIGUSR1[soft,ping-restart] received, client-instance restarting
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 TLS: Initial packet from [AF_INET]76.75.92.129:53138 (via [AF_INET]134.215.114.4%vlan2), sid=53cfcef4 b070718f
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_VER=2.5_beta1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_PLAT=win
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_PROTO=6
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_NCP=2
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_LZ4=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_LZ4v2=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_LZO=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_COMP_STUB=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_COMP_STUBv2=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_TCPNL=1
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 TLS: Username/Password authentication succeeded for username %%%%
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug 16 18:50:42 vpnserver1[990]: 76.75.92.129:53138 [client] Peer Connection Initiated with [AF_INET]76.75.92.129:53138 (via [AF_INET]134.215.114.4%vlan2)
Aug 16 18:50:42 vpnserver1[990]: client/76.75.92.129:53138 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Aug 16 18:50:42 vpnserver1[990]: client/76.75.92.129:53138 MULTI: Learn: 10.8.0.6 -> client/76.75.92.129:53138
Aug 16 18:50:42 vpnserver1[990]: client/76.75.92.129:53138 MULTI: primary virtual IP for client/76.75.92.129:53138: 10.8.0.6
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 PUSH: Received control message: 'PUSH_REQUEST'
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 Data Channel: using negotiated cipher 'AES-256-GCM'
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 18:50:44 vpnserver1[990]: client/76.75.92.129:53138 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 TLS: soft reset sec=0 bytes=67575/-1 pkts=948/0
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_VER=2.5_beta1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_PLAT=win
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_PROTO=6
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_NCP=2
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_LZ4=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_LZ4v2=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_LZO=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_COMP_STUB=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_COMP_STUBv2=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_TCPNL=1
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 peer info: IV_GUI_VER=OpenVPN_GUI_11
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 TLS: Username/Password authentication succeeded for username %%%%
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 16 19:50:42 vpnserver1[990]: client/76.75.92.129:53138 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA


Don't eat food off the sidewalk, no matter how good it looks.

razamataz1234

  • Cantina Regulars
  • Newbie
  • *
  • Posts: 30
  • Karma: 3
  • live life before you ---------
Re: OpenVPN testing - Hamachi replacement
« Reply #7 on: August 16, 2020, 09:34:34 PM »
ok forget last post got smart and shut off hamachi and could still connect so guess all good

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #8 on: August 16, 2020, 09:38:00 PM »
yes, hamachi is up on the server, so it'll likely default to that.  Long term, if we use OpenVPN, the server won't be running Hamachi anyway. So connected and could join the game?
Don't eat food off the sidewalk, no matter how good it looks.

razamataz1234

  • Cantina Regulars
  • Newbie
  • *
  • Posts: 30
  • Karma: 3
  • live life before you ---------
Re: OpenVPN testing - Hamachi replacement
« Reply #9 on: August 16, 2020, 09:39:47 PM »
yup shut off hamachi and could still join tgp in game menu

HSantal

  • Administrator
  • Full Member
  • *****
  • Posts: 132
  • Karma: 5
Re: OpenVPN testing - Hamachi replacement
« Reply #10 on: August 16, 2020, 11:05:04 PM »
No joy for me. Connect using VPN and don't see the server. Say's it is connected.

Start Hamachi and can see the server in the game menu.
I do what I can.

If a man, standing in the forest says something, and his wife isn't there to correct him, is he still wrong??

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #11 on: August 18, 2020, 10:10:11 PM »
was that back to back within minutes? Or about the time I usually launch the server? Server was not running all day yesterday or today
Don't eat food off the sidewalk, no matter how good it looks.

HSantal

  • Administrator
  • Full Member
  • *****
  • Posts: 132
  • Karma: 5
Re: OpenVPN testing - Hamachi replacement
« Reply #12 on: August 18, 2020, 10:35:14 PM »
Tried just now.
VPN connects but I don't see the server in the game menu.
Start Hamachi and see the server in the game menu.
I do what I can.

If a man, standing in the forest says something, and his wife isn't there to correct him, is he still wrong??

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #13 on: August 18, 2020, 11:20:53 PM »
oh man, there's always something.

your connection did this - not sure if related, but there is a config area in the client where you can set this cipher to match the settings on the server. I don't think that's it, but for now that's all I can tell from the log

Aug 18 21:28:39 vpnserver1[990]: 76.75.92.129:58695 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'

Also, server is on Hamachi. I should turn that off during the day for proper testing. Again, it should not matter (it worked for Raz) but it may be related.

Don't eat food off the sidewalk, no matter how good it looks.

Fishmonger

  • Cantina Regulars
  • Full Member
  • *
  • Posts: 244
  • Karma: 2
  • Mapmaker in training
Re: OpenVPN testing - Hamachi replacement
« Reply #14 on: August 24, 2020, 01:18:20 AM »
changed some VPN server settings based on some research. Not been able to test yet, but PM'd the new config to H and Raz. Anyone else who wants to try, let me know. Best test this just before joining with Hamachi around normal game time. The GRAW server is only up and running in the evening.
Don't eat food off the sidewalk, no matter how good it looks.