All peers are using Windows 10 pro, with Logmein Hamachi’s network unprotected in windows firewall. (deliberate)
I am using Comodo CIS 12.0.0.6818, with the firewall set to safe mode
CIS set a rule for Hamachi, but I manaually overrode that rule, and set it to be treated as an allowed application.
If I choose to ping a peer in my Hamachi with this setup, all ping replies are received.
If a peer chooses to ping me in Hamachi with this setup, all ping’s time out. All other incoming traffic from peers is blocked as well.
If I disable the firewall completely, Hamachi related traffic (including all peers) is allowed to flow freely, as expected, but normal traffic is no longer secure.
expected result: traffic should flow freely for all Hamachi related traffic, when firewall rule for it is “Allowed application”
Perhaps I’m missing a setting somewhere?
I’m not confident about this as it’s been over a decade since I’ve used Hamachi… but it should be a virtual network adapter with some /8 network.
Go into the Firewall → Global Rules.
At the bottom is probably a catch-all blocking rule which is causing you the issue.
I suppose the recommended method is to create a new Network Zone defined as (5.0.0.0/255.0.0.0 mask) or (5.0.0.0 to 5.255.255.255 range). I read that maybe it’s 25.0.0.0 now… or even IPv6? Once you have your Hamachi Network Zone configured, go back to Global Rules. Create a new global rule allowing your Hamachi network zone as the source. Reference the other global allow rules involving network zones if you’re unsure. Make sure your new allow rule is above the blocking rule.
If all else fails, you could delete the catch-all blocking rule. I imagine it’s not very necessary given most computers are behind routers that have to have port forwarding enabled to pass anything from the internet. After that, the receiving program still has to be “allowed”. I suppose leave this as a last resort.
Thanks. I think I have it set right now. I’ll test it later this evening, when peers reconnect for gaming. Since my Hamachi network is approval only, I have it set to allow all traffic in/out on all ports on the hamachi IPv4 network, and put the rule at the top, after creating the relevant network zone.
This didn’t actually work. CIS Firewall still blocked all incoming traffic from Hamachi peers, but Hamachi is proving to be problematic even without the firewall, so I’m not going to bother trying to resolve it. I’ll look for something other than Hamachi. Thanks anyway.
This pdf document states that Hamachi creates an IP address in the the 25.xxx.xxx.xxx range. Did you create a Network Zone for Hamachi in that range and create a rule in Global Rules for Hamachi?
Yes, and it had no effect on the problem.