LogMeIn Hamachi is a VPN service that easily sets up in 10 minutes, and enables secure remote access to your business network, anywhere there's an Internet connection.

It works with your existing firewall, and requires no additional configuration. Hamachi is the first networking application to deliver an unprecedented level of direct peer-to-peer connectivity. It is simple, secure, and cost-effective.

THIS IS AN ADVANCED SOLUTION. DO NOT ATTEMPT THIS UNLESS YOU FULLY UNDERSTAND HOW ROUTING, IP ADDRESSING, AND MASKING WORK AT A FUNDAMENTAL LEVEL. THIS SOLUTION WILL NOT BE SUPPORTED ON NON-SERVER OPERATING SYSTEM VERSIONS OF WINDOWS DUE TO THE FACT THAT THEY DO NOT SUPPORT FUNCTIONING AS A ROUTER CONSIDTENTLY.

The intent of the article is to show you how to bridge two networks of Windows computers together using a single Windows (2000, XP, or 2003) machine on each network running Hamachi.

Initial Setup
First, you need to have Hamachi set up and running on a computer on each network. Ensure the status of each computer is “green”. Next, you’ll need to turn on Routed Tunneling on both computers.

To do this, create a file called Hamachi-override.ini in the c:\Documents and Settings\<username>\Application Data\Hamachi folder.

Inside Hamachi-override.ini add the line RoutedTunneling 1 and save the file

Restart Hamachi on both computers to have this setting take effect.

Configuring Windows for IP Routing
This is necessary for Windows to be able to send packets destined for the other location’s network through the Hamachi virtual adapter. This will need to be done on both of the computers that will act as the VPN end points.

To do this, create:
HKEY\Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter as a string value equal to 1 in the registry. This will require a system reboot to take effect.

Configuring Static Routes across the VPN
In order for the Hamachi computers to be able to route packets destined for the network on the other side of the connection, you’ll need to set a static route to say so.

In this scenario, we’ll use two networks, 192.168.1.x and 172.16.x.x to illustrate

On the Hamachi computer that is on the 192.168.1.x computer, you’ll use
Command Prompt>route –p add 172.16.0.0 mask 255.255.0.0 5.x.x.x (Hamachi IP of PC on 172.16.x.x network)

On the Hamachi computer that is on the 172.16.x.x network, you’ll use
Command Prompt> route –p add 192.168.1.0 mask 255.255.255.0 5.x.x.x (Hamachi IP of PC on the 192.168.1.x network)
You should now be able to ping the 172.16.x.x computer from the 192.168.1.x computer using its real IP address and vice versa. If not, check your firewall settings.

Tying It All Together
Now for the fun part; you need to tell your other machines how to cross the VPN to access computers on the opposite network.

There are two alternative here. You can either add a static route on each computer needing to cross the VPN, or you can add a static route pointing the Hamachi machine on the router acting as the default gateway for the network.

Option 1:
This requires more work, but limits configuration changes to be at the computer level.

On each computer on the 192.168.1.x network:
Command Prompt>route –p add 172.16.0.0 mask 255.255.0.0 192.168.1.x (IP of Hamachi computer on the 192.168.1.x network)

Optioinal: On each computer on the 192.168.1.x network:
Command Prompt>route –p add 5.0.0.0 mask 255.0.0.0 192.168.1.x (IP of Hamachi computer on the 192.168.1.x network)

On each computer of the 172.16.x.x network:
Command Prompt>route –p add 192.168.1.0 mask 255.255.255.0 172.16.x.x (IP of Hamachi computer on the 172.16.x.x network)

Optional: On each computer of the 172.16.x.x network:
Command Prompt>route –p add 5.0.0.0 mask 255.0.0.0 172.16.x.x (IP of Hamachi computer on the 172.16.x.x network)

Option 2: (not all routers support this, but it is the minimal configuration method)
On the router acting as the default gateway for 192.168.1.x network, add a static route that says any traffic destined for 172.16.0.0 network go through 192.168.1.x (IP address of Hamachi PC on 192.168.1.x network)

On the router acting as the default gateway for 172.16.x.x network, add a static route that says any traffic destined for 192.168.1.0 network go through 172.16.x.x (IP address of Hamachi PC on 172.16.x.x network)

You should also add a rule in each router the points all traffic destined for the 5.0.0.0 network to point through the local network's Hamachi machine (local network IP, not Hamachi IP). This isn't "absolutely" necessary, but will take care of any uncertainty in the routing scheme.

A couple notes
I found that the Windows firewall seems to block ping requests even if the rules are added to allow them. This made troubleshooting this setup quite interesting. I recommend turning off the firewall during initial setup to save you some headaches.

If you intend to implement this solution, invest in a high quality network card for your Hamachi computers. Although the biggest bottleneck in this whole setup is your Internet bandwidth, having quality components will help prevent issues down the road.

Dedicate the Hamachi computers to this task only. Since you’re essentially adding these computers as dedicated VPN routers, treat them like that. Since all of this routing requires system resources, these computers will get flaky if you multipurpose them to other tasks, unless you're using servers. I say that for example, that if you say, play games on these machines (running Hamachi), it will impact VPN users going through these machines.

Windows IP Routing can be finicky to get working. I had to reboot one of my machines twice for it to take. This seems to be the trickiest part in making this work, but once it does work, you should be good to go.

RUN HAMACHI AS A SERVICE. If you don’t know why I’m saying this, this solution may be more technical of a solution than you really need. Basically, running as a service means that the computer runs the Hamachi program as an integrated component at startup, rather than as a Startup program when you log on.