`
`Operating System
`
`WinSock Support
`
`Aventail Connect Version
`installed
`
`Windows 98,
`Windows NT 4.0
`
`Windows 95
`
`Windows 3.1,
`Windows for Workgroups 3.11,
`Windows NT 3.51
`
`'7
`
`WinSock 2.0
`
`Aventail Connect 3.01
`
`With Microsoft
`patch: WinSock 2.0
`
`Without Microsoft
`patch: WinSock 1.1
`
`l.
`
`Aventail Connect 3.01
`
`Aventail Connect 2.51
`
`WinSock 1.1
`
`Aventail Connect 2.51
`
`You can create custom packages that include one or both versions of Aventail
`Connect (3.01 and 2.51) Setup will determine which version to install on each
`workstation. (For more information, see “Customizer.”)
`
`WINDOWS 95 AND WINSOCK
`
`The Microsoft Windows 95 WinSock 2.0 Update upgrades WinSock 1.1 to Win-
`Sock 2.0 in Windows 95. This patch (filename w95ws2setup.exe) is available
`from the Microsoft Web site, at http://www.microsoft.com/windows/down-
`Ioads/contents/Updates/W95Sockets2/default.asp. Unless you need specific
`Aventail Connect
`.01 features, Aventail recommends that you do not upgrade
`from WinSock1.1 to WinSock 2.0. If you do not upgrade to WinSock 2.0, Aven-
`tail Connect 2.51 will be installed.
`
`If you do need to install the Microsoft Windows 95 WinSock 2.0 Update, follow
`the instructions provided by Microsoft. Reboot your computer after upgrading,
`prior to installing Aventail Connect.
`
`HOW DOES AVENTAIL CONNECT WORK?
`
`The following three steps are identical to standard WinSock communications
`steps described above; however, nested inside them are additional actions and
`options introduced by Aventail Connect.
`
`1. The application does a DNS lookup to convert the hostname to an IP address.
`If the application already knows the IP address, this entire step is skipped.
`Otherwise, Aventail Connect does the following:
`
`-
`
`If the hostname matches a local domain string or does not match a redi-
`rection rule, Aventail Connect passes the name resolution query
`through to the TCP/lP stack on the local workstation. The TCP/IP stack
`performs the lookup as if Aventail Connect were not running.
`if the destination hostname matches a redirection rule domain name
`
`(ie, the host is part of a domain we are proxying traffic to) then Aventail
`Connect creates a false DNS entry (HOSTENT) that it can recognize
`
`VIRNETX EXHIBIT 2012
`APp'e V- Vimetx
`Trial IPRZO15-00810, -00811, -00812
`
`Aventail Connect 3.01/2.51 Administrators Guide - 11
`
`Petitioner Apple Inc. — Ex. 1009, p. ll
`
`VIRNETX EXHIBIT 2012
`Apple v. VirnetX
`Trial IPR2015-00810
`
`Page 1 of 2
`
`
`
`Administrator’s Guide
`
`lb
`
`_..
`
`during the connection request. Aventail Connect will forward the host~
`name to the extranet (SOCKS) server in step 2 and the SOCKS server
`performs the hostname resolution.
`
`'1 C —-
`
`; —-
`
`-
`
`lfthe DNS proxy option is enabled and the domain cannot be looked up
`directly, Aventail Connect creates a fake DNS entry that it can recog-
`nize later, and returns this to the calling application. The false entry tells
`Aventail Connect that the DNS lookup must be proxied, and that it must
`send the fully qualified hostname to the SOCKS server with the SOCKS
`connection request.
`
`2. The application requests a connection to the remote host. This causes the
`underlying stack to begin the TCP handshake. When the handshake is com-
`plete, the application is notified that the connection is established and that
`data may now be transmitted and received. Aventail Connect does the follow-
`ing:
`
`2
`
`a. Aventail Connect checks the connection request.
`a -4
`-
`if the request contains a false DNS entry (from step 1),
`"'[:—'
`proxied.
`
`2 Q
`
`it will be
`
`2 QC;
`
`“LO, Q; in
`
`-T
`
`lfthe request contains a routable IP address, and the rules in the
`configuration file say it must be proxied, Aventail Connect will call
`WinSock to begin the TCP handshake with the server designated
`in the configuration file.
`
`-
`
`If the request contains a real IP address and the configuration file
`rule says that it does not need to be proxied, the request will be
`passed to WinSock and processing jumps to step 3 as if Aventail
`l._._...... Connect were not running.
`
`2 \O
`
`b. When the connection is completed, Aventail Connect begins the
`SOCKS negotiation.
`
`.
`Zbca
`
`l
`
`Xg
`
`Z \O CA
`‘
`
`3 C
`
`-
`
`f’-
`lt dthl'tftht't'
`thd
`bld'th
`econ igu
`ra::rr1)fis!e_e is o au en ica ion me o sena e in
`- Once the server selects an authentication method, Aventail Con-
`nect executes the specified authentication processing.
`it then sends the proxy request to the extranet (SOCKS) server.
`This includes either the IP address provided by the application or
`the DNS entry (hostname) provided in step 1.
`
`-
`
`c. When the SOCKS negotiation is completed, Aventail Connect notifies
`the application. From the application’s point of view, the entire SOCKS
`negotiation, including the authentication negotiation, is merely the TCP
`handshaking.
`
`3 The application transmits and receives data.
`
`3 -——
`
`If an encryption module is enabled and selected by the SOCKS server, Aven-
`tail Connect encrypts the data on its way to the server on behalf of the appli-
`cation. If data is being returned, Aventail Connect decrypts it so that the
`application sees cleartext data.
`
`Page 2 on T
`
`Petitioner Apple Inc. — Ex. 1009, p. 12
`
`
`
`Aventail Connect 3.01/2.51 Administrator’s Guide - 12
`
`Page 2 of 2