[FoRK] Hamachi "mediated" peer-to-peer sounds interesting (fwd from meltsner@gmail.com)

newer
Re: California Bans a...

older
TSA: Tests going well for Secure...

Eugen Leitl

7 Jan 2005 7 Jan '05

3:19 a.m.

----- Forwarded message from Ken Meltsner -----

Show replies by date

Adam Back

7 Jan 7 Jan

2:35 p.m.

New subject: Hamachi "mediated" peer-to-peer sounds interesting (fwd from meltsner@gmail.com)

Ken Meltsner wrote:

...

Basically, a way to get around NAT and other router issues for a peer-to-peer system, mostly seamlessly integrated as a special network driver. Systems connect to a back end server which relays traffic between peers on named private networks. Sort of P2P meets VPN -- if they added HTTPS tunneling, it would run through nearly any corporate firewall/proxy server.

Well if they really relayed traffic between peers on their back end server their pipe would be saturated. (Think kazaa or bit-torrent over hamachi). I hope they actually use the server just for mediation, and send the traffic direct between peers. Unfortunately the documentation is rather light so it's difficult to tell what it does in this regard. I've cc'd Alex Pankratov who is the author (I presume). However maybe this beta version is not complete in that regard. Some other things such as the server mediated key exchange are obviously not shipable grade (server knows all symmetric keys!) Adam

Alex Pankratov

8 Jan 8 Jan

12:47 a.m.

New subject: Hamachi "mediated" peer-to-peer sounds interesting (fwd from meltsner@gmail.com)

Hi guys, I look at the thread and I'd like to comment on this -

...

I wonder why they didn't use IPSec.

I know IPsec/IKE reasonably well, and I just don't like IKE. It's too generic, it's under-specified and it fairly big pain in the ass to implement (I wrote libike a couple of years ago). Except from being extensively peer-reviewed, the main benefit of using IKE is a (supposed) interoperability with various vendors. Since H doesn't need that I decided to go with a custom protocol, which is nevertheless closely modeled after JFK and ESP. Adam Back wrote:

...

Ken Meltsner wrote:

...
Basically, a way to get around NAT and other router issues for a peer-to-peer system, mostly seamlessly integrated as a special network driver. Systems connect to a back end server which relays traffic between peers on named private networks. Sort of P2P meets VPN -- if they added HTTPS tunneling, it would run through nearly any corporate firewall/proxy server.

Well if they really relayed traffic between peers on their back end server their pipe would be saturated. (Think kazaa or bit-torrent over hamachi).

Apparently there's a demand for this kind of service. I'm getting at least couple of questions a day regarding proxy/socks support. I very much doubt though that anyone in near future will be offering a _free_ service of this kind.

...

I hope they actually use the server just for mediation, and send the traffic direct between peers.

Yes, that's exactly what we do. Server provides three core services - * peer location * tunnel mediation * network management (ie peer grouping and group-level access control)

...

Unfortunately the documentation is rather light so it's difficult to tell what it does in this regard.

I'm severely lacking time for updating the website. I do try to answer all technical questions via email though.

...

I've cc'd Alex Pankratov who is the author (I presume).

The presumption is correct.

...

However maybe this beta version is not complete in that regard. Some other things such as the server mediated key exchange are obviously not shipable grade (server knows all symmetric keys!)

That's obvious to paranoids like you and me :), but not to an average consumer who just needs to play CS or AoE over a VPN.

7195

Age (days ago)

7196

Last active (days ago)

List overview

Download

2 comments

3 participants

participants (3)

Adam Back
Alex Pankratov
Eugen Leitl