How To Securely Browse from Anywhere using Hamachi and Squid

Install & Configure Squid

Hamachi can provide a secure path to a trusted network, but as shown in Figure 2, it is only part of the safe browsing solution. Squid is a free, widely-used web cache/proxy server. Although very configurable (almost to the point of intimidation), Squid can be up and running with only a few minutes of tweaking. Follow these steps:

1) Download Squid (the Windows binaries can be found here). There is no installer, only a zip file, so Squid requires manual extraction. I recommend (and will make the assumption) that Squid be copied to C:\squid.

2) Rename the three configuration files, located in C:\squid\etc\, removing the .default extension.

3) The squid.conf file will have to be customized for your needs. This can be done inserting the following lines (line placement specified in the squid.conf comments):

acl Hamachi src 5.0.0.0/255.0.0.0 (adds a Hamachi group, defined by the 5.x.x.x network)
http_access allow Hamachi (gives the Hamachi group permission to use the proxy)
visible_hostname any_hostname_you_specify (gives the proxy a name to report errors with)

Alternately, you can use the squid.conf I've tailored for Hamachi usage, available for download here.

4) To verify that everything works, open command prompt as an Administrator and type the following:

cd\squid\sbin
squid -z

If everything works, it should say Creating Swap Directories, pause for a moment, then terminate. Now run squid again, this time without the -z parameter (Figure 7). Leave the command prompt window open and begin the next step, client configuration.

Figure 7: Starting squid

NOTE: Since Squid doesn't use the command prompt to notify you of successful operation, at first glance it appears the Squid process has stalled. Don't worry, it's still running.

Client Configuration

After the previous installs, this section should seem like a cakewalk. Now that we have a connection established between two peers in Hamachi, and a proxy server operational, the non-proxy system (the one we'll use to actually browse the web) must be configured to forward HTTP requests to the proxy.

All web browsers can be configured to use a proxy. I'll show you how to configure Internet Explorer 7 as an example.

First, navigate to Tools, Internet Options, select the Connections Tab, and click the Lan Settings button.

Figure 8: Windows Internet Options Connections properties

The window shown in Figure 9 should be displayed:

Figure 9: Setting the proxy

Make sure the bottom two boxes are checked. The Hamachi IP of the system running Squid goes in the Address box, and the port should be 3128 (Squid's port by default, provided it hasn't been modified in squid.conf) Hit OK and close the Internet Options window.

Now test your configuration by visiting www.google.com. More than likely, there will be a long delay as Squid fetches the page. Wait times will decrease for repeated viewings (as early as the second visit) as Squid builds up its cache.

To verify that the proxy isn't being bypassed, go to www.dnsstuff.com. If your proxy is operational, the "Your IP field" (top left of page, Figure 10) should list the IP of the proxy server (or your WAN IP if you rely on NAT) followed by the Hamachi IP of the client in brackets.

Figure 10: Finding your WAN IP

If everything works, that's all you need to do to use the proxy. There are measures that can additionally be taken to improve the resiliency of the network, which are covered in the "Improvements & Conclusion" section.