Archives mensuelles : février 2012

Windows Server 8 Consumer Preview disponible

C’est pas souvent que je peux dire qu’une insomnie à du bon, mais ce matin (6h00 à Seattle), je peux le dire :

 

Dommage pour l’accès Internet de mon hôtel. RIP

 

Simple and Secure by Design but Business compliant

TCPv4 based applications with DirectAccess

Client-side Applications used on DirectAccess laptops must be bale to communicate with their server-side with IPv6. In most case, theses applications does explicitly require IPv4 based connectivity. But for some of them they only use TCPv4 based connections. In my special case, my client-side application check for IPv4 based connectivity to communicate with it’s server-side part.

 

Because of this, my application does not work with DirectAccess. This does not means it is impossible. In my case, my application need to contact a Windows 2003 SMTP service and it works in IPv6 thanks to DNS64/NAT64.

1

 

This was a real problem for my customer because it was one of his major business application. I was looking for a solution when I found the PORTPROXY feature provided by my favorite network took : NETSH.EXE.

2

 

Let’s have a look at the V4toV6 interface type. It is possible to redirect an IPv4 TCP based connection to a IPv6 destination :

3

 

Problem, with DirectAccess, we have an IPv4 based connectivity but this may charge each time I need to connect to my application. This is right, but we all have an IPv4 address that never change located on our computer, the loopback interface. So let create an V4toV6 interface that will listen on my loopback interface for my port and connect it to the same port on the server-side part of my application.

9

 

Let’s check this new interface is operational. We can list it.

4

 

But most important : Does it works?

5

 

yes it works!

6

 

This solution looks great but it is only a workaround. You should contact your application editor for a fix. But watch out, there are some limitations.

 

Limitations of this approach

First limitation of this solution is that it only apply to TCP based connections. Maybe one day, UDP will be supported.

7

 

Second problem, user must have Administrator level privilege to create the interface as illustrated bellow :

8

 

And Finally, the NAT64 limitation. NAT64 address structure is composed as illustrated bellow :

03EI37

 

Problem, the EUI64 Interface ID include a random part because it is a temporary address. This means that the IPv6 address that will be configured for the PORTPROXY Interface will change. This means, you must recreate the interface each time you want to use this type of address.

 

BenoîtS – Simple and Secure by design but business compliant

DirectAccess session retour d’expérience

Ca y est, on a le premier slide et le dernier. Non, c’est un peu plus avancé que cela. Donc Du DirectAccess, de la bonne humeur, des démonstrations (pas celles de l’année dernière). Bref, la synthèse de tout ce qu’il faut savoir sur DirectAccess en une heure de temps.

SEC2203

 

 

Et comme une heure de temps, c’est toujours trop court, je rappelle qu’il y aura des ouvrage DirectAccess à gagner (et non jetés dans la salle ).

BOOK

Donc “venez tous à la session!

 

BenoîtS – Simple and Secure by Design but Tablet compliant

Mais alors, il est mort chuck Norris?

Je n’ai pas pu résister, c’est la saison des techdays. Mais Facebook qui annonce la mort de Chuck Norris. Bien souvent, un titre racoleur cache bien autre chose. Dans le cas présent, l’objectif est tout simplement financier en attirant le maximum de monde sur des pages publicitaires.

 

Bref, voila un travail pour Check Norris. Car Chuck Norris n’a pas peur des malware. ce sont les malware qui ont peut de Chuck Norris.

 

Benoits – Simple and Secure by Design but Tablet compliant!