Assistant Manager, Network Service Division, NTT software
Anticipating the arrival of ubiquitous society, some companies are beginning to consider IPv6 in their large-scale corporate networks. The reason for this is that IPv6 has characteristics such as “largely extended IP address space” and “easy host management through plug-and-play”, which are considered big advantages for these companies.
However, although the infrastructure for IPv6 network might be ready for use, not all applications support IPv6. If some applications do not work on IPv6, and if that causes inconvenience, we need to come up with a solution to the problem. For example, Windows Remote Desktop feature that comes standard with Windows XP is a type of application that needs IPv6 to realize its true potential, but unfortunately it does not support IPv6 at present.
In this article, I will tell you a way to use non-IPv6 software on IPv6 network, using port forwarding function of SSH, with Windows Remote Desktop as an example.
What is Windows Remote Desktop?
Windows Remote Desktop is a feature that comes standard with Windows XP, and allows clients to logon to a host using port 3389 and use resources on that machine (Figure 1). With this feature, you can operate your home computer from your company very easily via Internet.
Figure 1
But unfortunately, Windows Remote Desktop currently does not support IPv6. Furthermore, although you need both server function and client function in order to use Windows Remote Desktop, Windows XP Home Edition has client function only. It does not have server function. To build Windows Remote Desktop environment, server host must be running Windows XP Professional.
Making a tunnel using SSH
SSH (Secure SHell) uses encryption technology called SSL, developed by Netscape, for secure communication between computers on a network. When using SSH, you can virtually eliminate the danger of eavesdropping, since all traffic will be encrypted for the entire path between the two computers. Furthermore, it can prevent spoofing by authenticating the connecting computers using special keys.
As the name “Shell” implies, SSH can be used as an alternative to telnet. It also has another function called “port forwarding”. This allows you to run a different protocol inside the encrypted communication path built by SSH (Figure 2). In this way, you can establish communication path between the server and the client as if you were digging a tunnel. By securing this tunnel on IPv6, you can run non-IPv6 applications on IPv6 network.
Figure 2
Server host: installing OpenSSH and upgrading to IPv6
Let’s look at the actual procedure of running Windows Remote Desktop on IPv6 network by using OpenSSH’s port forwarding feature. In this article, we will use IPv6 version of OpenSSH and a related software called “PortForwarder” as SSH server and SSH client respectively. OpenSSH was developed by the OpenBSD project, and it is a freely distributed implementation of the SSH protocol suite. It is suitable for our project, since it already contains IPv6 support code for instant deployment.
1. Downloading and installing OpenSSH for Windows
We will first install OpenSSH for Windows, to run OpenSSH, on the server host. Installing OpenSSH for Windows is easy since it comes in a package that enables instant deployment of OpenSSH on Windows.
Binary code for OpenSSH for Windows can be found at the following address.
http://lexa.mckenna.edu/sshwindows/download/releases/
Go to the above Web page and click on OpenSSH for Windows v3.5p1-3 to download the file (file name is openssh35-20030324.zip). Installation procedure for OpenSSH for Windows is no different from normal Windows applications installation (Figure 3).
;)
Figure 3
After the installation, quickstart.txt will open automatically. In order to use OpenSSH for Windows, you need to set the Configuration written in this file so let’s do it right now. Open the command prompt and type the following commands.
| > cd c:\Program Files\OpenSSH\bin > mkgroup -l >> ..\etc\group > mkpasswd -l -u username >> ..\etc\passwd |
2. Downloading and installing Cygwin/w32api IPv6 extension
OpenSSH for Windows runs on an environment called “Cygwin”, which emulates UNIX API on Windows API. Unfortunately, Cygwin that comes with OpenSSH for Windows package does not support IPv6. Therefore, we must replace the Cygwin library that came with OpenSSH for Windows with the one with IPv6 support.
Binary code for Cygwin/w32api can be found at the following URL.
http://win6.jp/Cygwin/index-j.html
Go to the above web page and download cygwin-1.3.22-1-ipv6-0.2.zip. Unzip the file. From the resulting folder, copy the file
- bin\new-cygwin1.dll
- C:\Program Files\OpenSSH\bin
3. Downloading and installing IPv6 support files for OpenSSH
Finally, we must also replace OpenSSH that runs on Cygwin with those that can support IPv6. We prepared the IPv6 support files for OpenSSH especially for this article.
IPv6 support files for OpenSSH can be found at the following URL:
http://www.ipv6style.jp/jp/tryout/20030523/openssh_ipv6.zip
Download openssh_ipv6.zip from the above Web page. Unzip the file, and from the resulting folder, copy all the files in
- bin\*
- sbin\*
- C:\Program Files\OpenSSH\bin
- C:\Program Files\OpenSSH\sbin
Now the installation is complete. Now that you finished the installation process, you just need to run the program from the command line and you can run OpenSSH on IPv6. Configuration on the server host is now complete.
4. Configuration of OpenSSH Server
Open SSH for Windows is configured to use SSH protocol version 2.0 by default, while PortForwarder on client side supports SSH 1.5 only. Open SSH for Windows configuration needs to be changed to be able to connect with SSH 1.5,as follows:
C:\Program Files\OpenSSH\etc\sshd_config
needs to be edited so that protocol setting reads
Protocol 1,2
5. Starting OpenSSH Server service
After completing the configuration, we must start the server. The command for starting the server process is simple. You just type the following command on the command prompt (Figure 4).
| > net start opensshd |
After this command, OpenSSH demon will start running. To check the status or to stop the service, go to [Start]-[Settings]-[Control Panel]-[Services] (Figure 5).
;)
Figure 4
;)
Figure 5
Client host: Installing PortForwarder (IPv6)
Next, we will set up the client host. Since client must be started frequently, we will use PortForwarder, which is handy and easy to use.
1. Downloading PortForwarder
PortForwarder also has IPv6-enabled binary code, so we just need to replace original executable files of PortForwarder with those with IPv6 support. PortForwarder does not require installation. You just need to unzip the file.
PortForwarder (original version) can be found at the following URL:
http://www.fuji-climb.org/pf/JP/download_jp.html
Download a file called “PortForwarder-1-1-1.zip” from the above Web page. Unzip the file and PortForwarder will be ready to use. This version does not support IPv6, so we must replace the binary files with those that support IPv6.
Binary files for PortForwarder (IPv6 version) can be found at the following address.
http://win6.jp/PortForwarder/index-j.html
Download PortForwarder-1-1-1-ipv6-0-996.zip from the above web page. Unzip the downloaded file, and replace the old PortForwarder.exe and zlib.dll with the newly unzipped files.
2. Network Configuration
Next, before we can run PortForwarder, we need to set a configuration file called “configuration.ini”. This file will hold information regarding the host to connect, and other related settings. Following is the content of this configuration file.
| # Sample of config file Host server1 HostName 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx # server1's IP address User username LocalForward 3389 127.0.0.1:3389 Host * User username |
3.Starting PortForwarder
Now that the configuration is complete, we can start PortForwarder. Starting PortForwarder is simple. Just double click on PortForwarder.exe to start it, and specify Config file to use (Figure 6). After finishing the setup, type server1 in the Host field, choose IPv6 as a Protocol, and click on the Connect button to establish the connection.
;)
Figure 6
When you connect for the first time, you see a dialog box containing a message saying, “The host has not been authenticated. Do you like to continue?”. Click on Yes, and continue. From the next time on the host will already have been authenticated, so this procedure will not be necessary (Figure 7).
;){kind=small}
Figure 7
Type in the password for the server (Figure 8), and PortForwarder will establish the connection.
;)
Figure 8
Configuring Windows Remote Desktop
After starting PortForwarder, we will start Windows Remote Desktop. To use Windows Remote Desktop, you must enable Remote Desktop Connection on the server host. You must also allow specific users to connect to the server remotely.
In order to enable Windows Remote Desktop on the server host, open System folder located in Control Panel and display System Properties. In the System Properties, go to Remote tab and enable Remote Desktop (Figure 9). After enabling Remote Desktop, click on Select Remote Users and add users that you want to allow connection to Windows Remote Desktop (Figure 10).
;)
Figure 9
;)
Figure 10
Now we will set up the client host. When you pass Windows Remote Desktop protocols to the PortForwarder of OpenSSH, you must first connect from Windows Remote Desktop to the client itself. To do this, we need to change the property of Windows Remote Desktop and run the program in “compatible mode” that allows connection to the local host.
This can be done easily. In the system directory of the client host, find Windows Remote Desktop program called
- C:\WINDOWS\system32\mstsc.exe
;)
Figure 11
Now, we can go to Start menu, point to [All Programs]-[Accessories]-[Communications], and start Windows Remote Desktop connection (or start mstsc.exe you copied). If you click on Options, you can type in your username and password and save them, so that you won’t have to type them next time you connect. Type localhost in the Computer field, and click on Connect to establish the connection (Figure 12). Desktop on the server host should be displayed (Figure 13).
;)
Figure 12
;)
Figure 13
Technologies for bridging between IPv6 and IPv4
Currently, IP network is migrating towards IPv6 at a considerable speed. However, no matter how fast the infrastructure migrates to IPv6, it is difficult to switch all the peripheral equipments and software from IPv4 to IPv6, all of a sudden. Therefore, for the time being, it is necessary to allow coexistence of both protocols. During this period, techniques we showed you in this article for using IPv4 on IPv6 network, and techniques that allow the use of IPv6 on IPv4 network, will be useful during this period, as not all network devices support both protocols. Many technologies for bridging between IPv6 and IPv4 already exist, and most of them are easy to use and designed in a way that makes the bridge transparent to the users.
In this article we looked at a situation that is opposite of the frequently discussed topic of using IPv6 on IPv4 network. We hope that this article could make you feel more comfortable with IPv6, and relieved you of some of the worries you had regarding the migration to IPv6. Technologies such as PortForwarding and Windows Remote Desktop are useful in variety of situations. We recommend you to try using them.
この記事のトラックバックURL
http://www.ipv6style.jp/trackback/553
