Administrator’s Guide
`
`8%
`
`Operating System
`
`Winsock Support
`
`Connect Version
`
`Windows 98.
`Windows NT 4.0
`
`Windows 95
`
`Windows 3.1.
`Windows for Workgroups 3.11.
`Windows NT 3.51
`
`WinSock 2.0
`
`Aventail Connect 301
`
`With Microsoft
`patch: WinSock 20
`
`Aventail Connect 3.01
`
`Without Microsoft
`
`Aventail Connect 2.51
`
`patch: WinSock 1.1
`
`Winsock 1.1
`
`Aventail Connect 2.51
`
`You can create custom packages that include one or both versions of Aventail
`Connect (3.01 and 251) Setup will determine which version to install on each
`workstation. {For more information, see “Customizer.“)
`
`Wnvoows 95 AND WINSOCK
`
`The Microsoft Windows 95 Winsock 2.0 Update upgrades Winsock 1.1 to Win~
`Sock 2.0 in Windows 95. This patch (filename w95ws2 setup. exe) is available
`from the Microsoft Web site, at http:llwww.microsoft.com{windowsldown-
`loadslcontents/UpdatesIW95Sockets2/defaultasp. Unless you need specific
`Aventail Connect 3.01 features. Aventail recommends that you do not upgrade
`from Winsock 1.1 to Winsock 2.0. If you do not upgrade to Winsock 2.0, Aven-
`tail Connect 2.51 will be installed.
`
`It you do need to install the Microsoft Windows 95 Winsock 2.0 Update, follow
`the instructions provided by Microsoft. Reboot your computer after upgrading.
`prior to installing Aventail Connect.
`
`HOW DOES AVENTAIL CONNECT WORK?
`
`The following three steps are identical to standard WinSock communications
`steps described above; however, nested inside them are additional actions and
`
`1. The application does a DNS lookup to convert the hostname to an IP address.
`If the application already knows the IP address, this entire step is skipped.
`
`lfthe hostname matches a local domain string or does not match a redi-
`rection rule, Aventaii Connect passes the name resolution query
`through to the TCP.-'lP stack on the local workstation. The TCPIIP stack
`performs the lookup as if Aventail Connect were not running.
`fthe destination hostname matches a redirection rule domain name
`
`(i.e., the host is part ofa domain we are proxying traffic to) then Aventail
`Connect creates a false DNS entry (HOSTENT) that it can recognize
`
`
`
`VirnetxTrial|PR2015-00810,-00811,-00812
`
`VIRNETXEXHIBIApplev.
`
`
`
`
`
`
`
`Aventaif Connect 3.01/2.51‘ Administrators Guide -
`
`1 1
`
`Petitioner Apple Inc. - Ex. 1009, p. 11
`
`VIRNETX EXHIBIT 2013
`Apple v. VirnetX
`Trial IPR2015-00810
`
`Page 1 of 2
`
`

`
`Administrator’s Guide
`
`I L 1' duringtheconnectionrequest.AventailConnectwillforwardthehost-
`
`name to the extranet (SOCKS) server in step 2 and the SOCKS server
`performs the hostname resolution.
`
`‘ C
`
`-
`
`If the DNS proxy option is enabled and the domain cannot be looked up
`directly, Aventail Connect creates a fake DNS entry that it can recog-
`nize later, and returns this to the calling application. The false entry tells
`
`Aventail Connect that the DNS lookup must be proxied, and that it must
`
`send the fully qualified hostname to the SOCKS server with the SOCKS
`connection request.
`
`2. The application requests a connection to the remote host. This causes the
`underlying stack to begin the TCP handshake. When the handshake is com-
`plete. the application is notified that the connection is established and that
`data may now be transmitted and received. Aventail Connect does the follow-
`Ing:
`
`a. Aventail Connect checks the connection request.
`
`‘
`
`-
`
`2 -
`
`3 -
`
`If the request contains a false DNS entry (from step 1), it will be
`proxied.
`
`If the request contains a routable IP address, and the rules in the
`configuration file say it must be proxied, Aventail Connect will call
`WinSock to begin the TCP handshake with the server designated
`in the configuration file.
`If the request contains a real IP address and the configuration file
`rule says that it does not need to be proxied, the request will be
`passed to WinSock and processing jumps to step 3 as if Aventail
`Connect were not running.
`
`b. When the connection is completed, Aventail Connect begins the
`SOCKS negotiation.
`
`-
`
`It sends the list of authentication methods enabled in the configu-
`ration file.
`
`- Once the server selects an authentication method, Aventail Con-
`nect executes the specified authentication processing.
`
`3 -
`
`It then sends the proxy request to the extranet (SOCKS) server.
`
`This includes either the IP address provided by the application or
`the DNS entry (hostname) provided in step 1.
`
`c. When the SOCKS negotiation is completed, Aventail Connect notifies
`the application. From the application's point of view, the entire SOCKS
`negotiation, including the authentication negotiation, is merely the TCP
`handshaking.
`
`3 The application transmits and receives data.
`
`If an encryption module is enabled and selected by the SOCKS server, Aven-
`tail Connect encrypts the data on its way to the server on behalf of the appli-
`cation. If data is being returned, Aventail Connect decrypts it so that the
`application sees cleartext data.
`
`Page 2 0f2
`
`Petitioner Apple Inc. - Ex. I009, p. 12
`
`Aventaii Connect 3.01/2.51 Administrator’s Guide - 12
`
`Page 2 of 2