Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To


If you are having problems getting clients to communicate with Squid, the likely culprit is a overzealous firewall. Due to the myriad firewall/client combinations out there, it's impossible to create a workaround for them all, but basic troubleshooting can pinpoint the issue.

The first step would be to disable the firewall on both peers and retry the proxy. If the proxy works, turn the firewalls back on and begin modifying the rules to allow Squid to function.

The problems I've encountered to date are due either to 1) the firewall on the peer running Squid refusing incoming connections from any host, or 2) the host's firewall running Squid does not allow the application to access the Internet. The former can be resolved by adding a port exception for TCP 3128 (default Squid port) and the latter by adding an exception for the Squid proxy application.

The Hamachi application is very NAT-friendly. In the vast majority of cases, creating a network is accomplished without any snags. However, there is a possibility that, upon startup, Hamachi will choose to use the browser proxy (instead of the Internet) to establish the initial connection with the Hamachi authentication servers. Since a connection must already be established to use the proxy, this results in failure.

The solution is to configure Hamachi to not use the browser's proxy to connect to the Internet. Click on the System Menu (the "gear" button located at the bottom right of the Hamachi window. Choose Preferences, then in the Status Tab click on Detailed Configuration.

Once there, choose "Disable" in the Connecting via Proxy list, then click OK and close the Status and Configuration window (Figure 11). This will force Hamachi to access the Internet directly when communicating with the Hamachi servers.

Setting Hamachi to not use the proxy connection
Click to enlarge image

Figure 11: Setting Hamachi to not use the proxy connection

If NAT issues prevent peers from connecting, the Detailed Configuration/Connection Preferences window also allows you to specify static ports for incoming connections, which should then be used to configure the NAT device.

Even if Squid and Hamachi are configured properly, there are situations in which a proxy may not function properly, and even stop you from using the Internet. Some schools and hotels rely on a device called a transparent proxy. This type of proxy is used to intercept all HTTP traffic and redirect the user to a page of the owner's choosing. This is usually done to force the user to acknowledge and accept the owner's Acceptable Use Policy (AUP) before accessing the provided resources.

Since our solution relies on encrypted traffic, the transparent proxy is unable to function, which often results in a denial of all traffic. The workaround for this is to configure the browser to bypass the proxy, then allow the initial request to be redirected. Once access to the Internet has been granted, the proxy can be reactivated.

Improvements & Conclusion

If you followed the instructions to the letter, you should have a Hamachi network with at least two peers, one of which is running Squid. This is sufficient for temporary operations, but there is potential for disruption. If someone were to close the command prompt window running Squid, the proxy would be knocked offline, leaving remote users without safe HTTP access. If, on the Squid system, the user is logged off or the system rebooted, Hamachi will not be online until the user logs on again.

This may not be an issue for an afternoon trip. But if the user is overseas, it may be days until connectivity is restored. The easiest way to mitigate these issues is through the use of services. Services are programs that run without requiring user intervention, usually in the background. By eliminating the need for user intervention, the system needs merely be turned on and connected to the Internet to work.

Hamachi Premium (the pay version, clients of which are marked with a star) grants you the option of running Hamachi as a service, and provides a trial period for basic (free) clients to upgrade. If you are traveling and predict a system reboot during your absence (Microsoft's Patch Tuesday is an almost guaranteed reboot), it may be worthwhile to upgrade to Premium. If you choose to upgrade, the option to run as a service is found in the Preferences\Status and Configuration window, under the System tab.

Squid also has the ability to run as a service. The service is installed by running squid with the -i parameter, i.e. squid -i. After the service is installed, it can be configured for future usage by running services.msc, locating the Squid service, and choosing to start the process.

With these two measures combined, a proxy can be maintained with little intervention. Should further maintenance be necessary, I recommend allowing remote access on the peer running Squid. Remote Desktop Protocol (RDP) may come in handy should problems occur.

Hamachi is a flexible, easy-to-use VPN package. And combined with Squid, it presents a solution to a problem many users face. An operational Hamachi network can serve as a platform for the use of other services (like RDP), so if you have any ideas for a follow up article, just post them in the Comments below.

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

So I've installed Skynet all fine, I get to the stage where I can block an IP range but it keeps saying I have entered an invalid range. How do I need...
Is it possible to setup Optware-NG and Entware-NG on 2 separate drives/USB sticksto make use of both appliances?
This is FlexQoS, a fork of the original, groundbreaking FreshJR_QOS script written by @FreshJR.FlexQoS provides a fully customizable Adaptive QoS expe...
EDIT: Just realized I had "Dell" when I meant "HP." Dell T730 is a rack-mount server. Hey guys... a bit torn between two Courses of Action here. Looki...
HiI'm not sure if this allowed here but, if not, please delete it.Amazon US has just dropped the price of this Wifi 6 router by almost $30 to $149.99....

Don't Miss These

  • 1
  • 2
  • 3