Client-side Applications used on DirectAccess laptops must be bale to communicate with their server-side with IPv6. In most case, theses applications does explicitly require IPv4 based connectivity. But for some of them they only use TCPv4 based connections. In my special case, my client-side application check for IPv4 based connectivity to communicate with it’s server-side part.
Because of this, my application does not work with DirectAccess. This does not means it is impossible. In my case, my application need to contact a Windows 2003 SMTP service and it works in IPv6 thanks to DNS64/NAT64.
This was a real problem for my customer because it was one of his major business application. I was looking for a solution when I found the PORTPROXY feature provided by my favorite network took : NETSH.EXE.
Let’s have a look at the V4toV6 interface type. It is possible to redirect an IPv4 TCP based connection to a IPv6 destination :
Problem, with DirectAccess, we have an IPv4 based connectivity but this may charge each time I need to connect to my application. This is right, but we all have an IPv4 address that never change located on our computer, the loopback interface. So let create an V4toV6 interface that will listen on my loopback interface for my port and connect it to the same port on the server-side part of my application.
Let’s check this new interface is operational. We can list it.
But most important : Does it works?
yes it works!
This solution looks great but it is only a workaround. You should contact your application editor for a fix. But watch out, there are some limitations.
Limitations of this approach
First limitation of this solution is that it only apply to TCP based connections. Maybe one day, UDP will be supported.
Second problem, user must have Administrator level privilege to create the interface as illustrated bellow :
And Finally, the NAT64 limitation. NAT64 address structure is composed as illustrated bellow :
Problem, the EUI64 Interface ID include a random part because it is a temporary address. This means that the IPv6 address that will be configured for the PORTPROXY Interface will change. This means, you must recreate the interface each time you want to use this type of address.
BenoîtS – Simple and Secure by design but business compliant