Windows 7 driver / application incompatibility work around

Windows - Windows 7

Monday, 24 May 2010 11:57

So you have Windows 7  but you either cant find the Windows driver for your Sound Card or your trusted old Windows XP program fails to work under your new OS. If so there is a way to allow you to run a program using the compatibility mode of your previous (working) Windows version.

Steps :

  1. Right click on the application (.exe) and select Properties.
  2. With Properties go to the Compatibility Tab and choose your Windows Version and select Run program as administrator
  3. Once done click OK and then double click to run the program as normal.

Not only can this be useful for running legacy programs but you can also use this for running driver . exe files.
In the case of my Sound Card drivers which I only could find XP drivers for I did the following :
  1. Downloaded the XP drivers (.exe file)
  2. Extracted the .exe file using WinRar.
  3. Located the .exe file within the extracted files and choose Windows XP SP3 as the compatibility mode option.
  4. Ran the .exe and installed the drivers as per normal.
 

How do I configure IPv6 in Windows XP ?

Windows - XP

Wednesday, 19 May 2010 21:49

In this article we will show you the steps involved in configuring you Windows XP device with IPv6. All commands should be run via the command prompt.

Enable IPv6

ipv6 install

Configure IP

If you are not using Stateful or Statless IPv6 address Autoconfiguration you can manually configure your settings using the following commands : 

netsh interface ipv6 add address "Local Area Connection 2" [ipv6 address]
netsh interface ipv6 add route ::/0 "Local Area Connection 2" [default gateway ipv6 address]
netsh interface ipv6 add dns "Local Area Connection 2"  [ipv6 address]
netsh interface ipv6 add dns "Local Area Connection 2" [ipv6 address] index=2

Additonal Commands

You can use the following commands to show all IPv6 routes and the Neighbor Discovery table. The Neighbor Discovery table is the equivialnt to the arp cache but with IPv6 addresses instead of IPv4. It is also worth noting that Neighbor Discovery is part of ICMP6. 

netsh interface ipv6 show neighbors
netsh interface ipv6 show routes

DNS

Instead of using A records for DNS like IPv4, IPv6 uses AAAA records for domain to IP name resolution. Below shows a brief example,

C:\Documents and Settings\admin>nslookup
Default  Server:  dns1.isp.net.uk
Address:  x.x.x.x
> set type=AAAA
>  ipv6.google.com
Server:  dns1.isp.net.uk
Address:  x.x.x.x

DNS  request timed out.
    timeout was 2 seconds.
Non-authoritative  answer:
ipv6.google.com canonical name = ipv6.l.google.com
ipv6.l.google.com        AAAA IPv6 address = 2a00:1450:8006::63
ipv6.l.google.com       AAAA  IPv6 address = 2a00:1450:8006::93
ipv6.l.google.com       AAAA IPv6  address = 2a00:1450:8006::68

Ping

You can use the standard ping command to ping a IPv6 IP. But you will need to use the "-6" ping switch to ping a IPv6 name.

C:\Documents and Settings\admin>ping -6 ipv6.google.com
 
 Pinging ipv6.l.google.com [2a00:1450:8006::93] with 32 bytes of data:
 
 Reply from 2a00:1450:8006::93: time=35ms
 Reply from 2a00:1450:8006::93: time=39ms
 Reply from 2a00:1450:8006::93: time=34ms
 Reply from 2a00:1450:8006::93: time=34ms
 
 Ping statistics for 2a00:1450:8006::93:
     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
 Approximate round trip times in milli-seconds:
     Minimum = 34ms, Maximum = 39ms, Average = 35ms
C:\Documents and Settings\admin>ping 2a00:1450:8006::93

Pinging 2a00:1450:8006::93 with 32 bytes of data:

Reply from 2a00:1450:8006::93: time=34ms
Reply from 2a00:1450:8006::93: time=33ms
Reply from 2a00:1450:8006::93: time=35ms
Reply from 2a00:1450:8006::93: time=34ms

Ping statistics for 2a00:1450:8006::93:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 35ms, Average = 34ms

 

Netscreen IPv6 Tunnel Guide

Firewalls - Juniper - Netscreen

Tuesday, 18 May 2010 15:48

Below shows you the steps on how to configure a tunnel that will encapsulate your IPv6 traffic within an IPv4 tunnel.

Please Note : Below uses the Zone Work which is the equivalent to Trust and contains eth1. Ethernet3 is the untrust interface.

Enable IPv6

Add the following command and then reboot your device,

set envar ipv6=yes

Build your Tunnel Interface 

This builds your tunnel interface and binds it to your Untrust Zone,

set interface "tunnel.6" zone "Untrust"
set interface tunnel.6 ip unnumbered interface eth3 
set interface "tunnel.6" ipv6 mode "host"
set interface "tunnel.6" ipv6 enable
set interface tunnel.6 tunnel encap ip6in4 manual
set interface tunnel.6 tunnel local-if ethernet3 dst-ip [Tunnel Broker IPv4 address]
set interface tunnel.6 mtu 1420
set interface tunnel.6 ipv6 nd nud
set interface tunnel.6 ipv6 nd dad-count 0

Configure your Inside Interface

This configures IPv6 on your inside (or Trust interface). Due to the fact im using a weird and wonderful port mode on this Netscreen. My Trust Zone is called Work.

set interface eth1 ipv6 mode "router"
set interface eth1 ipv6 ip 2001:xxx:xxx:xxx::1/64
set interface eth1 ipv6 enable
set interface eth1 ipv6 ra transmit
set interface eth1 ipv6 nd nud
unset interface eth1 ipv6 ra link-address

Add your Default Route

To add your default route : 

set route ::/0 interface tunnel.6 gateway :: preference 20

Add a Policy

set policy id 14 from "Work" to "Untrust"  "Any-IPv6" "Any-IPv6" "ANY" permit log
set policy id 15 from "Untrust" to "Work"  "Any-IPv6" "Any-IPv6" "ANY" deny log

To Remove the Tunnel Interface

Below removes the Tunnel interface : 

unset interface "tunnel.6" ipv6 enable
unset interface "tunnel.6" ipv6 mode
unset interface tunnel.6 tunnel 
unset interface tunnel.6 mtu 
unset interface tunnel.6 ip
unset interface "tunnel.6" zone 
unset interface "tunnel.6"

Test

Use the following command to test connectivity : 

ping [IPv6 address] from eth1

 

Upgrade Export on Solaris Fails with "Error: Failed to execute 'gtar -c -C"

Firewalls - Checkpoint

Monday, 17 May 2010 00:00

When running an upgrade_export on a Solaris Smart Centre you may receive the following error :

Compressing the files... gtar: Only wrote 2047 of 10240 bytes to export.tgz.tar gtar: Error is not recoverable: exiting now 
Error: Failed to execute 'gtar -c -C "/opt/CPsuite-R65/fw1/tmp/upgrade_temp_dir" -f "export.tgz.tar" .' command [ 26409 1]@#######[10 May 15:35:27] Compress: 
Error >> Failed to run gtar -c -C "/opt/CPsuite-R65/fw1/tmp/upgrade_temp_dir" -f "export.tgz.tar" . command 
Error: Failed to compress Check Point Software files

This is down to a 2Gb limitation of the gtar command. There are 2 ways to resolve this issue :

  • Reduce the size of the files that are being gtar`d. The best way to do this is by normally clearing out any unwanted DB Revisions.
  • Replace the standard gtar command (both the Solaris and Checkpoint provided binary) with the latest version of gtar. Then when you relaunch the upgrade_export gtar will be able to handle more then 2Gbs worth of files.
 

The Netscreen Proxy ID problem

Firewalls - Juniper - Netscreen

Tuesday, 18 May 2010 00:00

A proxy-ID is used during phase 2 of Internet Key Exchange (IKE) Virtual Private Network (VPN) negotiations. Both ends of a VPN tunnel either have a proxy-ID manually configured (route-based VPN), or simply use a combination of source IP, destination IP and service in a tunnel policy. When phase 2 of IKE is negotiated, each end compares the configured local and remote proxy-ID with what is actually received.

There are a number of problems that you may face when creating Site to Site VPNs on a Netscreen Firewall. Which is in the way it announces its Proxy ID`s.
Generally if you create a VPN and set the Proxy ID`s within the Phase 2 Policy (AutoKey IKE Tunnels) the correct Proxy IDs are used and everything will be fine. The problem is when you want to use multiple subnets (or even multiple hosts).
If you add address groups to your policy based VPNs then 0.0.0.0 ID`s start being used with can cause a number of issues with the Phase to negotiations.

Below shows you the different combination's and the resulting Proxy ID`s for a policy being used for a policy based VPN.

Source
Destination
Resulting Proxy ID (src / dst)
Address Group
Address Group0.0.0.0/0.0.0.0 > 0.0.0.0/0.0.0.0
Address GroupSubnet
0.0.0.0/0.0.0.0 > Subnet
SubnetSubnetSubnet > Subnet

-- How should it be configured ? --

Below shows you the ways for configuring both a Policy and Route based VPN when using multiple subnets.

Multiple Subnets for a Policy VPN

1) Within "VPNs | AutoKey IKE | [Your VPN Tunnel] | Advanced" ensure that Proxy ID option is not ticked.
2) Then create multiple polices for the various subnets ensuring you do not use address groups as the Proxy ID will result in using each Within Policy Then add multiple Policies, one for each subnet, assigning each policy the same (IKE) VPN Tunnel.

Multiple Subnets for a Route Based VPN

To use multiple subnets you will need to bind multiple Phase 2 Policies (AutoKey IKE Tunnels) to your Tunnel Interface.

1) Within "VPNs | AutoKey IKE | [Your VPN Tunnel] | New | Advanced" :
     -- Bind to : Tunnel Interface [Select your Tunnel Interface]
     -- Tick Proxy ID and add your source and destination subnets
 2) For additional subnets create a new AutoKey IKE Tunnel (Phase 2 Policy) and assign to the same tunnel interface. 

Please Note : When a proxy ID of 0.0.0.0/0.0.0.0 is used there is only one SA which is created for all the traffic.

 

Additional reference : New to ScreenOS 6.3 is Multiple Proxy ID support on Route-Based VPNs. Details on this can be found here.

 

Page 5 of 50

«StartPrev12345678910NextEnd»

Article updates via email..


We have 14 guests online