Douglas Crawford

Douglas Crawford

September 30, 2014

Here at BestVPN we are primarily concerned with reviewing commercial third party VPN Providers. In this situation, you (the user) connect to a VPN provider’s servers through an encrypted tunnel (which means that no-one, not your ISP or the NSA) can see what passes through that tunnel.

Your internet traffic enters and exits the VPN tunnel through the provider’s server, so the server acts as a proxy masking your ‘real ’IP address. If using a ‘no logs’ and ‘shared IPs’ provider, it is very difficult to trace your internet activity back to you as a person:

User [-> ISP ->] VPN server -> internet (traffic in brackets [] is encrypted).

VPN was however originally developed mainly to allow business employees to securely login to their company’s servers when away from the office:

User [-> ISP ->] company server

It is possible to setup a home computer so that it runs much like a business VPN server, allowing you to securely remote login to your home computer, and access the internet through its IP address.

User [-> ISP ->] home computer -> ISP -> internet

Advantages of using private home VPN

  • Free – there is no need to pay for a third party VPN service
  • Secures your internet connection when using public WiFi hotspots
  • Can remotely and securely access content on your computer, and stream movies, music etc. to a remote device
  • Home computer acts as a proxy – this is great for accessing geo-restricted web services when away from home, and can be a very effective anti-censorship tool if the user is in a restrictive country and can set up a home server / has friend willing to set up a home server in a less restrictive country. Countries such as China, and for geo-restricted services for example if you wanted to watch Hulu outside US you would need a VPN. A private home VPN is also great for circumventing school, collage or work restrictions. For information about a China VPN see our best VPN for China guide.

Disadvantages

  • Home computer acts as a proxy – you access the internet through your home computer’s IP address, so any internet activity can be easily traced to that address. This also means that you cannot just change your apparent location (e.g. to a different country), as you normally can with a commercial VPN provider
  • Although the connection between your remote computer and home VPN server is encrypted, your outgoing home internet connection is not. This means that your ISP (and anyone else who is watching) can easily monitor your internet activity
  • You will need to keep your home computer on all the time, which is wasteful and will increase your electricity bills.

In short then, setting up a private home VPN server offers many of the advantages of using a commercial VPN service (and is free), but does not provide privacy / anonymity when using the internet.

Setting up a private VPN using Hamachi and Privoxy

By far the easiest way to setup a private VPN is to use LogMeIn Hamachi combined with Privoxy.

Hamachi is software which allows you create virtual networks that operate like regular LANs. It builds a ‘zero-configuration virtual private network’, which means that you do not have to worry about port forwarding or other complex configuration issues (which is definitely a very strong point in its favor). Transferred data is protected using 256-bit AES encryption.

The biggest drawback with Hamachi is that it is proprietary software (i.e. it is not open source), but as we discussed above, private VPN does not provide much privacy anyway, so this is probably not worth worrying too much about (if privacy is a major concern, Tor or a no-logs third party VPN provider are much better options).

The basic version of LogMeIn Hamachi is free and is fully functional, except that it is limited to five members per network, and the free version will not run in the background on idle computers (as the paid version can).

LogMeIn Hamachi is available for Windows, OSX, and Linux (beta).

On order to remotely access the internet through our home PC running Hamachi we will need Privoxy, a free open source web proxy. You could run Privoxy on its own, but all connections would be over unencrypted HTTP, which is why we are using Hamachi.

Privoxy is available for Windows, OSX, Linux, and iOS, and can be used by almost any web browser on any platform.

1. Setup your home PC as a Hamachi VPN server

a) Download Hamachi on your home PC (choosing ‘Unmanaged’ mode) and install. LogMeIn will nag you at various points to sign-up for a free account, but this can be ignored for now.

Hamachi downloadb) Click the power button to get started, and enter a name for your client.

Hamachi server 2c) Hit ‘Create a new network’, and give it a name and password. Hit ‘Create’.

Hamachi server 3d) Setup Hamachi on any other computers you to connect to the home VPN, except this time choose to ‘Join an existing network’ (that you have just created), rather than create a new one.

Hamachi client 1You can now Browse your Home PC, just as if it was on a local (LAN) network

2. Setup up Privoxy on your home PC to allow secure remote connection to the internet

a) Download, install and launch Privoxy. In Windows, Privoxy launches as blank window, but don’t worry as this is fine, and you can even close the window and Privoxy will continue to run in your system tray. Right-click Privoxy in the system tray, and select Edit -> Main Configuration.

Privoxy 1b) Notepad will open Privoxy’s configuration file, called config.txt. Go to Edit -> Find, and search for ‘listen-address 127.0.0.1:8118’. Put a # in front of the line to mark it as a comment, then below it add the line:

listen-address [the IP address shown at the top of your Hamachi window]:8118

Privoxy Hamachi configSave and close config.txt.

3. Configure your browser’s proxy settings

The last step is simply to configure your browser’s proxy settings to point to the Hamachi network IP address (25.46.156.2, Port 8118 in our example).

Firefox proxy settingsIn Firefox these settings can be found by going to Options -> Network tab -> Connection Settings

You can check everything is working by typing ‘http://config.privoxy.org/’ into your remote computer’s browser search bar, and you should see:

test 1(If it says ‘Privoxy is not being used’ then something has gone wrong)

You are now using your home computer as a VPN server! All your remote browser’s traffic will be routed through your home computer, and will appear to originate from the IP address of your home computer.

Setup up a Private Home VPN using Hamachi & Privoxy Conclusion

This setup is especially handy for regular travelers. It protects you when using public WiFi hotspots (which are great when mobile roaming charges cost a fortune), and allows you to access your regular internet services (such as Hulu, Netflix, or BBC iPlayer) using your own IP address. This should bypass the increasingly common practice of blocking VPN users from such services.

If leaving your own PC turned on all the time concerns you, another similar option is to to roll your own VPN server on a VPS (Virtual Private Server). This is a bit trickier than using the Hamachi & Privoxy method above, but once setup does mean that you have permanent VPN instance running.

Douglas Crawford
May 30th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

87 responses to “How to setup up a private home VPN using Hamachi & Privoxy

  1. Hi Douglas,
    I have been looking all over but cannot find the proper solution.
    On my Raspberry I installed both Privoxy and OpenVPN, pivpn to be exact.
    @home I redirect all traffic through the Privoxy proxy.
    Abroad, when connected on a guest WiFi, I tunnel to my Raspberry and it establishes a secure and encrypted connection
    So far so good.

    What I’d like to achieve is that traffic from WiFi abroad is not only going through my Raspberry VPN but will be filtered as well through Privoxy.

    Things I tried:
    – iptables like this: https://superuser.com/questions/850710/how-to-forward-http-request-to-a-proxy-server (there is a reaction: The Privoxy log file displayes nothing when connecting to websites, but when I do a service privoxy stop, then internet traffic is blocked)
    – Privoxy config like listen-address :8118 (no noticable change)
    – Privoxy config: forward / localhost:1194 (failed)
    – pivpn config: push “dhcp-option PROXY_HTTP 192.168.2.1 8118” (no noticable change)

    Well, my question is if you can give advise on how to lead openvpn traffic through privoxy.

    Tia, Hein

    1. Hi Hein,

      Not off the top of my head, I’m afraid. If I had time to play around I might be able to help, but time is is very precious commodity for me these days! I wish you luck finding a solution, and maybe one of our readers might be able to help?

  2. I am in spain and i have an internet service at my uk home and my spanish one. Both are switched on. To watch UK TV I use a VPN on my Amazon Firestick but the BBC keep blocking it. Reading your article it seems that I could use my uk service in Spain using a computers connected in spain and the uk. But could I setup my Spanish router, so the Amazon Firestick would work – without using a computer here in Spain.
    In other words set up my own VPN with my uk ip address.
    Mike

    1. Hi Mike,

      You can setup your UK PC or router (on routers that support the feature) to act as a private VPN server that will almost certainly not be blocked by BBC iPlayer. You can then setup your router in Spain to point to your PC/router in the UK. The exact details of how to do this depend very much on what VPN protocols are supported by your router(s). It doesn’t really matter for streaming which VPN protocol you use, as long as the server and client use the same protocol.

      You would connect the Fire Stick in Spain directly to the client router without the need for a PC, although you will need a computer to perform the initial setup (this is a one-off process, so you can just borrow a laptop if need be).

  3. For this to work I had to open the port (in your example 8118) trough firewall. Maybe this is common knowledge but I think it should be in the guide.

    Also, do you know how could one setup a wake over network so that I could wake a work computer from home or vice versa.

    Ty

    1. Hi danijel,

      Hmm. I didn’t have to open any ports, but thanks for the tip as it may help others who are have having problems. As for wake over network, this is what the official Hamachi documentation says.

  4. Logmein Hamachi is a VPN and is much secure then Open VPN. But if you want to try out a better secured remote support solution, you may have a look at R-HUB remote support servers. It is an on premise solution which works from behind your corporate firewall, hence better security.

    1. Hi Prasanta,

      Logmein Hamachi is designed primarily to setup personal direct VPN connections (and meshnet connections). OpenVPN can also be used for this, but it can also be used by commercial VPN services. Logmein Hamchi uses an AES-256-CBC cipher to secure data, a Diffie-Hellman-2048 key exchange, and HMAC-SHA-1-96 data authentication. This is secure, but VPN services offer stronger OpenVPN implementations. Please see VPN Encryption: The Complete Guide for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *