Comodo blocks Hamachi's virtual network card from obtaining IP address with DHCP

Hello!

First, please forgive me for my bad english. I did a search for my problem here in the forums, but i didn’t found anything, so i hope it’s not wrong to start a new topic. :slight_smile: My friend just got a wireless internet connection, and we doed a try to play with each other through Hamachi on the weekend (directly we can’t, because we doesn’t have an “active” IP address). Both of the sides have Comodo Firewall Pro 2.4.18.184 and Hamachi version 1.0.2.2 installed (i did the install of both machines ;D). Hamachi installs fine, and the preinitialization also goes well (creating a user account), but after this, when the program says “setting up …” it halts for a while, then pops up with the message:

http://img404.imageshack.us/img404/6158/hamachidhcpww6.jpg

If i make Hamachi’s network card visible, then in the tray area i see it tryes to get the DHCP address. On Hamachi’s wiki i found this article: http://hamachiwiki.com/Comodo_Firewall_Pro but it looks like a bit outdated, because it doesn’t works for us (the same problem remains). Oh, i almost forgot. If we both disabling the firewall (“allow all”) Hamachis are connect together and everything goes fine (except the firewall :cry: ). I also can’t disable the firewall for the virtual NIC because i didn’t know how to do it correctly (i created a rule to allow the whole 5.x.x.x network within the network monitor, but it has no sense) I used Hamachi in the past, and it worked fine, but this DHCP thing is new for me. Please if someone have a solution for this, then help us out (Hungarian posts are also welcome for me).

Hi there.

I had exatly same problem and I dind´t find any other way to obtain ip than shutdown the Comodo. After I got the ip I restarted Comodo. Then it worked but this is not very secure way to fix the problem even with windows own firewall on. I hope that someone knows better way to use hamachi with Comodo. BTW sorry for very bad english.

Hello!

I have tryed this also, but the connection remains active only for 30 seconds, because DCHP renewal occurs every 30 seconds on the Hamachi network card. As i know the renewal time is not configurable by the user, it’s determined by the DHCP server.

This may sound stupid but did you try to restart your computer? It helped for me and I am useing hamachi with out any problem. ???

Can you please post a maximized screenshot of your network monitor rules. I really believe the problem lies there. A 30 second DHCP lease is unheard of.

Ewen :slight_smile:

Well, Hamachi is now working, but i’m not knowing how i exactly did it. :-
I have enabled the rules that the Hamachi wiki sayed. Also added a rule that allows all of the 5.x.x.x network addresses (mask: 255.0.0.0) with TCP and UDP protocolls for in- and outbound (Mod: OMG now i see that i’m not doed it this way. I just enabled the IP protocoll for outbound. As you can see at the screenshot. oops ;D). Then i disabled the Protocoll Analyzis in the Advanced Security section (somewhere i readed that in some cases Comodo blocks DHCP traffic when Protocol Analyzis is turned on) and removed all rules defined to svchost.exe then rebooted my computer. Next time when the firewall asked me about svchost, i have allowed all actions that have something to do with DHCP or with the 5.0.0.1 IP address (this is Hamachi’s emulated DHCP server). Now Hamachi is runs fine with the firewall turned on but i’m not knowing which of the upper settings made it working. (maybe some of them are unnecessary) A note: i did a reboot before all of these but that did not made my Hamachi work.

Here is a link to a screenshot from my Network Monitor: http://img155.imageshack.us/img155/4467/comodnetworkmonuw0.jpg The 4th rule is used by my local network.

About the DHCP renewal: looks like this is changing. Now it renew every 5 minutes, but yesterday it was 30 seconds. I’m not lying. :-[

Hallo,
Maybe is worth trying a quick and dirty workaround until a more specifyc Network monitor rule is created.

Please Look at Add/Modify/Remove a Zone for The Hamachi network adapter (5.0.0.0 to 5.255.255.255 range).
If none is found then create a new Zone (Add… button)

You can set a trusted zone for the Hamachi network adapter using the Define trusted network wizard to select the Hamachi Zone (dropdown combo) and create a trusted zone for it in network monitor.

You can also enable Protocoll Analysis in the Advanced Security section, if Protocoll Analysis blocks some traffic an entry is written to the log.

What flavour of Windows do you have?
Is do not show any alert for application certified by comodo checkbox checked In Miscellaneous settings?

[attachment deleted by admin]

This works only if the Hamachi adapter first obtained an IP address. While it waits for the DHCP (and does not have a valid IP) it doesn’t show up in the Define trusted network wizard.

I have Windows XP SP2 installed. Nothing special. And yes, the checkbox is checked what you talked about. Is this matters by Hamachi? :o

Oh, and i do some test tomorrow to make the rules much more specific. I just have to learn now for my exam ;D

Okay, now i removed any self specified rules and created rules for the Hamachi card with the Trusted Network wizard, turned Protocol Analyzis back, disabled the checkbox you sayed and removed all the rules specified to svchost again. After a reboot, Hamachi not working again. In the Firewalls log i see:
Application access denied (svchost.exe:255.255.255.255 :bootp(67))
What does this mean? It show up even if i completly enable svchost, so i don’t understand what’s this. Btw, hamachi.exe is completly allowed.

As long as an Hamachi zone exists in Add/Modify/Remove a Zone you’ll be able to select it in Define trusted network wizard.

That option had to enable svchost traffic without user interaction.

If an alert is generated for Hamachi app and it has a svchost parent there is no problem.
If an alert is generated for svchost app and it has whatever parent then you should send your svchost to Comodo.

If CPF cannot recognize your svchost then you should consider running Sigverif

It’s a matter of time and V3 beta will be out so if that svchost is legit then it will surely added to the Comodo certified app list…

In this case the application monitor is blocking svchost.exe
The trusted zone create rules only in network monitor.

How many svchost.exe rules do you have in application monitor?
What parameters are set for svchost.exe?

If you scanned your system with sigverif and svchost.exe is not listed as unsigned then you can add svchost.exe to the trusted applications (define a new trusted application) This should prevent the application monitor to block svchost.exe

Then you can delete all those svchost.exe rules in application monitor.

Okay, now i’m realized that svchost.exe is the reason of my problem ;D How can i say to the firewall that i wish to completly block svchost except that few connections that required for Hamachi? If i once block a connection for svchost which never more wan’t to be allowed, and i check the don’t ask me again box then svchost is completly blocked and previous grants for it are removed. If i don’t check the box, then i asked about the connection every time. Is there any way to make this kind of rules? (i’m searching for a priority settings or something similar) I really need to block any other traffic from svchost, because by my brother if svchost is allowed, something starts to downloading in the backround, and we not knowing what is it, but it’s displayed as svchost in the activity page (automatic updates are disabled in windows).

Your alert frequency level miscellaneous setting affect how much details are filled in when you check the don’t ask me again box but also if you don’t check that box the onthefly rule affect your system until that process (eg: svchost) is killed (for svchost this mean reboot).

The very high alert frequency level could be a pain if you are not used to it because it alerts you on every connection (ip port proto) of that parent-child app pair.

Also application monitor rules are non hierarchical (you canno control how they are arranged) so if you create AM rules these have to be non overlapping (ie: they have to work in every order they could be called).

If you disable alerts every connection that is not explicitely allowed by means of AM rules will be blocked. This way you will have to create all rules manually. :o

Svchost need ip 0.0.0.0,255.255.255.255, hamachi ip zone (range), your lan ip zone (range), maybe localhost ip (at least 127.0.0.1) and multicast ip range ( 224.0.0.0 through 239.255.255.255) to work.

You can safely block other IPs. (0.0.0.1 to 4.255.255.255, and so on…)
You should create AM rules spanning from 0.0.0.0 to 255.255.255.255 range…

V3 will have a new way to set AM rules BTW…

Well i’m happy that we not needed to follow this harder way. With XP-antispy i have found some hidden XP services that doing automatic update on my brothers machine, i have disabled it, and voila, the background downloading not bothers us more :slight_smile: Now svchost is completly allowed and stands nothing in front of Hamachi.

Anyway thanks for the help gibran, you are really helpful. I’m felling me a little small now wherefore i opened a thread for this. 88) There was nothing wrong with the firewall, it was just a misconfiguration. Hopefully i’m not bothered anyone with this here. :slight_smile: At least, i have learned some things.

You’re wellcome.
As long as you post in the right section and you are willing to cooperate with members answering to your posts, no one will comment on what lead you to post, so don’t worry about it :slight_smile: