Jmp Start

…where the Geek shall Inherit the Word

Posts Tagged ‘Routing’

SafeNet SoftRemoteLt on Windows 7

Posted by CKret on September 16, 2009

At our company we use SafeNets SoftRemoteLT VPN solution for secure communication with our DB servers.
In Windows XP and Vista this works fine.

Since the release of Windows 7 RC I’ve tried to get SoftRemoteLt working but have had no luck.
That is until now…

In this post I will show you how to configure Windows 7 and Virtual Windows XP Mode to route VPN traffic through XP.

First you need to make sure you’ve got the prerequisits:
(Instructions for prerequisits are not covered by this post.)

  • Windows 7 Professional or Ultimate
  • Intel® Virtualization Technology or AMD-V™ feature is enabled in BIOS
    Microsoft issued an update that eliminates this prerequisit. See KB977206.
  • Windows Virtual PC RC
  • Windows XP Mode RC
  • SafeNet SoftRemoteLt installed on Virtual Windows XP.
    These instructions should work for other clients as well.
  • Make sure Internet and VPN is working.

(Windows Virtual PC RC and Windows XP Mode RC can be downloaded from here.)

There are several things we need to configure on both Windows 7 (host) and Windows XP Mode (guest):

  1. Add a Loopback adapter to the host.
  2. Configure the Loopback adapter.
  3. Add a Virtual adapter to the guest.
  4. Configure the Virtual adapter.
  5. Disable Internet Connection Sharing and Firewall on the guest.
  6. Enable routing on the guest.
  7. Configure routing on the guest.
  8. Configure routing on the host.

Let’s get started then.

Add a Loopback adapter to the host

For the host to utilize the VPN located on the guest we need more than unidirectional communication.
VPN traffic goes from the host to the guest, thrugh the VPN and out on the Internet.
When receiving data the guest needs to be able to route it back to the host.
Therefor we need another communication channel.

  • Open up Device Manager and right click the root node.
  • Select “Add Legacy Hardware” then click “Next”.
  • Select “Install the hardware that I manually select from a list (Advanced)” and click “Next”.
  • Select “Network Adapters” then click “Next”.
  • In the left pane select “Microsoft”.
  • In the right pane select “Microsoft Loopback Adapter” then click “Next”.
  • On the confirmation screen click “Next”.
  • When the installation is finished, click “Finish”.

Now you should have a new network adapter in the Network Connections.

Configure the Loopback adapter

Now it’s time to choose a subnet and IP address for your network connection.
I chose a subnet that wouldn’t collide with my home or work networks.

192.168.199.199 with subnet mask 255.255.255.0

  • Open up the Network Connections.
  • Find the new network adapter.
    Mine is called “Local Area Connection 4”.
  • Right click the icon and select “Properties”.
  • Select “Internet Protocol Version 4 (TCP/IPv4)” then click “Properties”.
  • Select “Use the following IP address”.
  • Enter the IP address and subnet mask and click “OK”.
  • Click “OK”.

We’re almost done configuring the host. However, before we can finish we will configure the guest.

Add a Virtual adapter to the guest

Before we start you’ll need to shut down Windows XP Mode completely. Hibernation will not work.

  • Open up Virtual Machines.
  • Select “Windows XP Mode”.
  • Click “Settings”.
  • Select “Networking”.
  • Set the number of network adapters to 2.
  • For the second adapter, select “Microsoft Loopback Adapter” then click “OK”.

Moving on…

Configure the Virtual adapter

For the Virtual Adapter we should now choose an IP address in the same range as we chose before:

192.168.199.200 with subnet mask 255.255.255.0

  • Start Windows XP Mode.
  • Open up Network Connections.

You should now see two connections. Mine are called “Local Area Connection” and “Local Area Connection 2”.
The first one is your “Internet Connection” and the second one is the “Loopback Connection”.

  • Right click your “Loopback Connection” then select “Properties”.
  • Select “Internet Protocol (TCP/IP)” and click “Properties”.
  • Select “Use the following IP address”.
  • Enter the IP address and subnet mask and click “OK”.
  • Click “OK”.

Disable Internet Connection Sharing and Firewall on the guest

We need to create or own routing and we do not want windows to interfere with our setup.

  • Open “Services”.
  • Find “Windows Firewall/Internet Connection Sharing (ICS)”.
  • Right click the node and select “Properties”.
  • Set “Startup type” to “Disabled” then click “Stop”.
  • Click “OK”.

Don’t close “Services” just yet.

Enable routing on the guest

To enable routing we need to do two things:

  • Start RegEdit.
  • Find the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter”
  • The default value should be “0x00000000”, change it to “0x00000001”.
  • Close RegEdit.
  • Back in “Services” find “Routing and Remote Access”.
  • Right click the node and select “Properties”.
  • Set “Startup type” to “Automatic” then click “Start”.
  • Click “OK”.

You may now close “Services”.
At this point you might need to restart Windows XP Mode.

Configure routing on the guest

In this step we’ll set up the routing needed for the host to be able to communicate through the guests VPN.

  • Start a “Command Prompt”.
  • Enter “netsh routing ip nat install”.
    This will install NAT routing.
  • Enter “netsh routing ip nat add interface “Local Area Connection” full”.
    This will route traffic through your “Internet Connection”.
  • Enter “netsh routing ip nat add interface “Local Area Connection 2″ private”.
    This will route traffic through your “Loopback Connection”.

Guest is done! Only one more thing to do.

Configure routing on the host

You’ll need to know which subnet your VPN network is using.
We will configure the routing so that all traffic meant for your VPN network goes through the “Loopback adapter”.
Let’s say your VPN subnet is

172.16.16.0 with netmask 255.255.255.0

  • Start a “Command Prompt” as Administrator. (Run as Administrator).
  • Enter “route -p add 172.16.16.0 mask 255.255.255.0 192.168.199.200”
    Note that 192.168.199.200 is the IP address of the guests Virtual Adapter we set earlier.

All done.

From now on all you need to do is start SoftRemoteLt from the “Windows Virtual PC” folder in the Start Menu and you’re all set.

Advertisements

Posted in Security | Tagged: , , , , , , , | 26 Comments »