Overview

CAPRI32 offers an alternative to RAS for Internet access via ISDN for Windows 9x/ME or Windows NT 4.0/2000/XP. It supports various framing protocols for transporting TCP/IP over ISDN (e.g HDLC, X.75, PPP, Frame-Relay,...). for communication with other vendors ISDN routers or servers.

CAPRI32 provides a software solution for connecting multiple computers in any small office/home local area network environment or educational network to the Internet using a single official IP address. CAPRI32 makes use of the Internet routing capabilities of the Microsoft TCP/IP stack, there is no need to replace the Microsoft TCP/IP stack by a third party TCP/IP stack. Developed for computing environments with one IP address, CAPRI32 forwards packets between the WAN and the IP kernel with address/port translation. In work groups with several real IP addresses CAPRI32 can forward all packets unchanged to the IP kernel.

The number of users supported is only limited by the bandwidth of the connection. CAPRI32 can provide standalone or work group users with full access to Internet applications and resources, e.g. WWW, e-mail, telnet, ftp. Hosts in the LAN can accommodate almost any client node, including PC's Mac's, and Unix machines, as long as they are running a TCP/IP stack.

CAPRI32 is installed as a standard LAN interface NDIS driver. CAPRI32 communicates with the ISDN card using the Common ISDN API 2.0-DLL specification (a standard defined by German ISDN card manufacturers and the German Telekom). Because of this, CAPRI32 is completely hardware independent and has successfully been tested with many active or passive ISDN cards. CAPRI32 can be installed and used in parallel to RAS.

CAPRI32 supports one or two B-channels. A connection can use both B-channels for load sharing or PPP multilink operation. Load sharing/Multilink can be configured as static or dynamic (bandwidth on demand) or with manual setup. Multilink, as specified in RFC 1990, is used in case of PPP, Load sharing is implemented for all other protocols.

CAPRI32 supports IP-Masquerading (Network IP Address Translation + Port Mapping ), a technique which allows multiple hosts on a private LAN to share a single IP address.
Private LAN addresses must be mapped to registered IP addresses supplied by your Internet Service Provider. This is known as Network Address Translation. CAPRI32 supports NAT (Network IP Address Translation) as specified in RFC 1631.
Port Mapping works by keeping track of source port numbers used by TCP and UDP applications, and mapping each port number to a new number prior to transmission of the packet onto the Internet. A packet received from the Internet will have a destination port number equal to the mapped source port number, and so the original port number and IP addressee can be restored after a table lookup.

CAPRI32 supports DNS Interception for local name lookups. DNS address queries from all LAN clients can be intercepted and answered from a local name table. Optionally DNS queries to pre configured DNS server addresses can be redirected on the fly to dynamic assigned name server addresses.

CAPRI32 comes with a built-in packet filtering Firewall. Extended packet filtering helps you to protect your LAN from attacks from the Internet. Packets can be filtered on host, protocol and port basis. To simplify configuration a learning mode is provided.

CAPRI32 has a built-in DHCP Server for automatic client configuration.
A RIP Server can announce CAPRI32 as standard gateway of your LAN

With the Remote CAPRI32 Client you can control your connection from clients on your LAN.

CAPRI32 counts online time and transfered data volume. New connections can be disabled, if a limit is exceeded.

CAPRI32 is Shareware
CAPRI32, as it is provided, is a demo version. You may test the software for 30 days without any obligation. The demo version of CAPRI32 will stop forwarding data 15 min after startup.
Registration details you will find in order.txt.

---

Installation

Installation of CAPRI32

1. The Installer unpacks the CAPRI32 software into the selected directory, e.g.: C:\Programs\CAPRI32
2. The installation of the network components requires Administrator privilege on Windows NT/2000/XP.

3. Installation of the virtual Network Adapter:

   Windows 2000/XP:

   Use the Hardware wizard to install the Network adapter ISDN CAPI 2.0 Adapter. The driver is supplied in your CAPRI32 directory. The installation will automatically install and bind the haneWIN Packet Service to the Adapter and create a new LAN connection.

   Windows NT:

   Use the Network Control Panel to install the Network adapter ISDN CAPI 2.0 Adapter. The driver is supplied in subdirectory WINNT.

   Windows ME:

   Use the Hardware wizard to install the Network adapter ISDN CAPI 2.0 Adapter. The driver is supplied in subdirectory WIN95.

   Windows 95/98:

   Use the Network Control Panel to install the Network adapter ISDN CAPI 2.0 Adapter. The driver is supplied in subdirectory WIN95.

4. The TCP/IP parameters for the new adapter are configured by CAPRI32 automatically. Only if your provider assigned a fixed IP address to your connection configure this IP address for the adapter.

   Details about configuring TCP/IP parameters for LAN access you will find below.

5. Reboot Windows.

Configuration of CAPRI32

1. Run CAPRI32.EXE. Be sure the CAPI 2.0 software of your ISDN card is loaded and the virtual network adapter ISDN CAPI Adapter is installed.
2. Open the Connection Setup menu of CAPRI32.



3. Specify the phone number of your ISP, select the protocol and desired mode of operation. In case of PPP with dynamic IP address assignment select NAT with dynamic address, in all other cases select NAT with static address and enter the ISP assigned IP address.
4. Restart CAPRI32.EXE
5. Open a connection to your ISP to check your set up.
6. Check the configuration with ping to an external IP address.

Configuring TCP/IP parameters for LAN-WAN IP routing :

IP routing connects different IP networks. Your PC with CAPRI32 acts as the IP router between two IP networks.

1. To give the clients on your LAN access to the Internet you must enable IP routing under Windows:

   Windows 2000/XP:

   With the provided rout2000.bat script you can enable or disable IP Routing on Windows 2000. Activate IP Routing with rout2000 on.

   Windows NT:

   Activate the IP Forwarding Option.

   Windows 9x/ME:

   With the provided routing.bat script you can enable or disable IP Routing on Windows 9x. Activate IP Routing with routing on.

   
   
2. An IP-router has at least two interfaces, a LAN interface and a WAN interface, and therefore requires two IP addresses in different networks. There are two modes of operation:

   You use an official assigned network or sub network of IP addresses for your LAN. You don't need any special software, like CAPRI32 in this case, but CAPRI32 can be used in this case to optimize your setup and connection time.

3. WAN-LAN IP Routing with one official IP address
   If you have only one static or dynamically assigned IP address, you must use IP-Masquerading. Use IP addresses from a private network number range (e.g. 10.0.0.0, 192.168.0.0,..) for the hosts on your LAN. CAPRI32 was developed for this type of internet access.

   1. The virtual Interface of CAPRI32 can be configured by CAPRI32 automatically. In this case the following addresses are assigned:
      IP address: 192.168.2.1
      Net mask: 255.255.255.0
      Gateway: 192.168.2.2
      Nameserver: 192.168.2.3, 192.168.2.4

      If your connection uses fixed IP addresses confugire the provider assigned addresses instead.

   2. You can configure the clients on your LAN by the built-in DHCP server. In this case you have only to configure the ethernet interface connected to your LAN.

      Ethernet interface of Router PC with CAPRI32:
      IP address: 192.168.1.1
      Net mask: 255.255.255.0
      Computers on your LAN receive an IP address from the configured sub network.

   3. If you prefer to configure your clients manually, choose IP addresses from the same private IP network for all hosts on your LAN. On all hosts, set the default gateway to point to the LAN interface IP address of the router PC.

      Host 1, Ethernet interface:
      IP address: 192.168.1.2
      Net mask: 255.255.255.0
      Gateway: 192.168.1.1
      Nameserver: as specified by your provider or 192.168.2.3, 192.168.2.4 with DNS redirection in CAPRI32 enabled

      Host 2, Ethernet interface:
      IP address: 192.168.1.3
      Net mask: 255.255.255.0
      Gateway: 192.168.1.1
      Nameserver: as specified by your provider or 192.168.2.3, 192.168.2.4 with DNS redirection in CAPRI32 enabled

      .....

4. You have to Reboot Windows 9x or Windows NT. On Windows 2000 a reboot is required only if you modified the routing setting.
5. Use ipconfig /all or winipcfg to check your network setup and IP parameters.

---

Users Guide

IP-Masquerading (NAT + Port Mapping) and DNS Interception

CAPRI32 supports IP address translation (translation of a private IP address to the official IP address), and Port-mapping (translation of a private IP address:portnumber to a free port number of the official IP address).

1. Port Mapping gives more than one host outgoing internet access at a time through one official IP address. Enable Port Mapping by checking the option. CAPRI32 maps client port numbers to port numbers in the range 61440-65535 of the official IP address. Port Mapping works fine with all "well behaved" TCP/IP applications. Some programs require an additional port for downloading data (VDOlive, RealAudioPlayer,...). For these applications you can define static mapping entries for port number ranges to the assigned local IP address.e.g.

10000-10010,192.168.1.2
will forward incoming TCP/UDP packets with port numbers in the range 10000 to 10010 to host 192.168.1.2. On the client set the UDP port number for the application to a port in this range.  Note that in most cases you have to configure the requesting TCP/IP application to use a fixed port number.
Port Mapping entries can be added or modified on the fly without closing and opening a new connection.
Port Mapping only works with protocols which use ports i.e. TCP and UDP. For all other protocols (except ICMP) and incoming connections without an mapping entry an address translation is performed. You can set up up to eight IP addresses in a destination IP address list. The default host is selected by checking the IP address in the Control menu. By simply choosing another host, you can switch between hosts on the fly without closing and opening a new connection. In general  an IP address of a local host in the destination IP address list is only required if you want to be able to make this host the default host for incoming connections, e.g. if the host runs a WWW or ftp server.
Port Mapping can not be used for ping and traceroute, because ICMP Echo Requests don't use port numbers. Due to the importance of ICMP a special mapping technique is implemented.
A main problem with the concept of NAT is that some applications (FTP is the most notable example) put IP addresses into application layer messages which are transferred between Client and Server. This is a protocol layering violation, that in the case of FTP can be overcome  by using PASV commands rather than PORT commands. (Use of PASV can be selected as an option in almost all FTP Clients including WS_FTP, WAR_FTP and Fetch on the Mac). Anyway CAPRI32 supports PORT sequence number patching in case of FTP, but I recommend using PASV mode. Other applications with protocol layering violation, mainly video conferencing programs, may break.

Menus

Preferences

• General:
  In Small view a reduced status windows is displayed.
  The log can be saved on program exit.
  The program can be installed as service on Win9x/ME.
  The program can change the Standard Gateway to the CAPRI32 interface.
  The program can change the Standard Gateway to the CAPRI32 interface.

• ISDN
  You can define a local MSN for outgoing calls.
  You can specifiy a local MSN for incoming calls. A * accepts calls to any local number. An empty field disables incoming calls.
  CIP-mask: defines the services for incoming ISDN calls.
  As preset CAPRI32 accepts only data calls.
  Enable both channels: enables CAPRI32 to use both B-channels.
  dyn. Multilink Loadlevel: defines the load level for dynamic Multilink operation. A second connection will be established if the load exceeds this level for the defined amount of time.
  Callback: Delay before executing a call back.
• Connection:
  Always online automatically reconnects if the connection is dropped.
  With automatic dialing enabled, a new connection is opened as necessary.
  Ask before dialing will popup a Window before opening a connection.
  The program can repeat dialing until a connection is established. A repeated dialing operation can be aborted by clicking on Disconnect.
  If the sound option is checked, the program will play the .WAV files assigned to "ISDNUp" on connect and "ISDNDown" on disconnect.
  Call-Setup: maximum Call Setup time.
  Pause: pause between call setups and successful connections.
  dynamic Disconnect threshold: In Shorthold mode a connection is released a few seconds before a unit ends. This value defines how many seconds before the end of a unit a disconnect will be triggered.
  PPP LCP Echo-Interval: To control a connection the program can send PPP echo requests every few seconds. The value defines the interval in seconds.

• Services:
  Enable the DHCP Server for automatic client configuration.
  Enable Routing Information Protocol to announce the router as Standard Gateway of your LAN.
  Enter the IP address of a SYSLOG host to send all log entries to a remote logging server.

• Execute
  Programs can be executed on start, after connect, after disconnect and on termination. %m inserts the local interface ip address. After connect, %i inserts the assigned IP address and %n %s insert assigned primary and secondary name server addresses.
  CAPRI32 can automatically disconnect on termination of the executed program.

Connection Setup
dialog box for defining ISP specific parameters.


Name:name for the connection entry.

Phone number: PBX's sometimes require a special key code for dialing out. If this prefix is not displayed on incoming calls, Dial back and CLI will normally fail. To solve this problem an outgoing call prefix supported, which is not checked on incoming calls. The prefix can be specified in front of each ISDN number separated by a comma. Digits, which should not be used in an outgoing call, but have to be present for CLI can be marked by a decimal point from the common part of the number.
Examples:
089.345678 will dial 345678 and will match incoming calls from 089345678
0,30.123456 will dial 0123456 and will match incoming calls from 30123456
00,123456789 will dial 00123456789 and will match incoming calls from 123456789.

Mode: Defines the mode of operation.
In/Out: incoming and outgoing calls allowed.
Incoming: only incoming calls are enabled.
Out: only outgoing calls are allowed
Req.Callback (ring): Request callback. To avoid costs the connection set up  is dropped immediately after the connect request.
Req.Callback (connect): Request callback. The connection setup is terminated on the connect confirmation. If the peer does not reject the call, the call will be charged.
Req.PPP-Callback: The PPP callback option is transmitted during PPP handshaking to request a callback.
Callback: Rejects an incoming call and calls back.
PVC: Permanent virtual connection (because it is manufacturer specific, implemented only for ISDN cards from EICON/Diehl)

Protocol: Defines the framing protocol of the packets.

NAT: Network address translation is used to translate between private and official IP addresses.
NAT with dynamic IP assignment should be used if your provider uses PPP with dynamic IP addresses
NAT with static IP has to be used for providers that use fixed official addresses.
NAT can be disabled in case of a fixed official IP address. In this case the official IP address must be configured in the TCP/IP set up of Windows.
Peer IP: PPP can assign an IP address to the peer. This IP address can be defined here.

PPP-Options:
TCP header compression: PPP will match TCP header compression with the configuration of the peer.

Attention: The number compression slots is limited on most dial in systems. If you have many simultanous TCP connection because of a LAN access, TCP header compression can degrade perfomance.



Timer Options:
Unit Adaptive Disconnect with Shorthold of: Adaptive disconnect requires the definition and selection of  units through unit emulation or support of unit messages during the connection.
On expiration of the short hold idle timer, CAPRI32 calculates the remaining time of the current unit. If no further activity occurs the connection will close down a few seconds before the end of the unit was estimated.
Disconnect, if idle for: Defines the idle time-out for this connection. The value is used for incoming calls and in if a unit depended time-out is not defined.
Idle Timer ignores Received Packets:
If a peer sends packets on a regular basis to test the line, a idle time-out would never occur. The options will force CAPRI32 not to reset the idle timer on incoming packets.
Idle Timer ignores Bcasts & Netbios requests: Broadcast messages and NetBIOS name lookup messages will not reset the idle timer and not open a new connection. They are only transmitted, if a connection is already established.
MultiLink/Loadsharing: Three kinds of PPP-Multilink or Loadsharing using both B-channels are available: Static (set the timer value to 0), manual (don't enter a timer value) or dynamic (exceeding the configured load level for the defined time interval opens a second connection).



Units options:
Emulate Units messages: Allows CAPRI32 to emulate unit messages based on a setup entry.
An entry consists of up to 5 pairs of
Starting-hour,length-of-unit-in-seconds
Separate entries for week days and weekend/holidays can be created.

Attention: A length of 0 disables outgoing calls to the peer during the specified hours.

Log
displays a connection and optionally trace log.

CAPI Messages

logs all ISDN related messages exchanged over the CAPI interface (except data messages)

PPP Setup

allows to trace the setup of a PPP connection. PPP data packets are not logged.

Application Interface

logs information related to the upper layer interface and additionally DNS queries.

TCP/IP

logs TCP/IP information of all packets. source IP, destination IP and protocol are logged for all IP protocols. Further values depend on the protocol, e.g. source and destination ports are logged for TCP and UDP.

Attention: Use the trace option only for debugging NOT during normal operation.

Statistics

displays connection statistics

Firewall

The dialog box allows you to configure the packet filtering firewall. The packets are tested against the rules in top down order.
A trusted host is allowed to communicate using any protocol or service (port).
Protocols can be enabled for all or selected addresses.
TCP or UDP protocol can be enabled completly or based on selected services (ports).
Address rules for a certain protocol or service are scanned sequentially for a match. A match may exclude or include a host or host range from communication over this protocol or service.
In learning mode the user will be prompted to allow or deny a service.

The example allows all local computers unrestricted outbound access for TCP and UDP. All incoming TCP connections and incoming UDP packets are blocked. Only ICMP packets are allowed in both directions.

Port Mapping

To forward packets with known port numbers to a defined client you can configure static mapping entries. The dialog box allows you add static port mapping entries and the IP address of the client that should receive the packets.
DNS:
To enables redirection of DNS request to dynamically assigned name servers. The name server addresses are determined automatically from the Windows configuration. Change these addresses only if required (e.g. in case of a local DNS forwarder).

Name Resolution

With DNS interception all clients on the LAN can resolve Domain names from a common name table without accessing an external name server. DNS IP address record requests are trapped and the IP addresses are looked up in a local name table. If a matching entry is found a reply is generated and the request dropped. If no match was found the query is forwarded in the standard way.
The dialog box configures DNS interception. Set the check mark to enable local name resolution through the name table.

Add the IP addresses and the full Internet Domain Name of those hosts you want to resolve locally.

Exit

terminates the program.

Help

starts a HTML browser with this manual.

Show License

shows the license conditions for this software

Register

prompts for the license key and your name, company. To activate a license key you have to restart the program. After restart check the About menu to find out if the license information was accepted.

About

displays program version information.

Connect

manually connects to an IP destination. The initial setting of the repeat dial request option depends on the Preferences configuration.

Disconnect

disconnects an active connection or terminates a repeated dial request.

Auto Dial

enable or disables the auto dial feature.

---

Remarks

Connection state

The state of an ISDN connection is displayed on its status page and in place of an icons title by the following codes:
_ = free,
D = D-channel up,
C = B-channel requested,
B = B-channel up,
A = active, ISDN connection up,
additional information for PPP:
L = LCP configuration up,
I = PAP/CHAP configuration up, IPCP configuration started,
P = PPP connection up
additional information for SLIP:
S = SLIP configuration up

On ISDN connection set up and termination the CAPI 2.0 error and status codes are displayed.

Program Startup

CAPRI32.EXE can be started with the following optional command line arguments:
(You can enter arguments for a Windows program via the Properties entry of Aliases.)

CAPRI32 [Flags] [ConfigFile]

Flags

• -iconic starts CAPRI32 iconified.
• -disconnect disconnect all active connections.
• -unload unload running copy of CAPRI32. Prompt user if a connection is active.
• -terminate disconnect and unload a running copy of CAPRI32.

ConfigFile specifies the name of the CAPRI32 configuration file. If the name is not given, it defaults to "CAPRI32.INI". The configuration file is a readable text file.

If you want to set up separate configurations for more than one provider start CAPRI32 with the name of a configuration file and create an alias pointing to CAPRI32.EXE with the named configuration file, e.g.
C:\CAPRI32\CAPRI32.EXE tonline.ini.

Running CAPRI32 as Service

To run CAPRI32 as a service execute
caprisrv -install
This will install CAPRI32 as a service.
caprisrv -remove
will remove CAPRI32 as a service.

If CAPRI32 is running as a service, the configuration dialogs are protected by the Administrator password. After entering the correct password access to the dialogs is enabled. Permission to access the dialogs is terminated with the current interactive session or on clicking on the close Symbol X of the main window of CAPRI32.

Do not stop or delete the "CAPRI ISDN Service" from the system, otherwise setting the standard gateway will fail.

Remote Control of Connection

To monitor and control a connection from a remote client:
1. Enable remote control under Preferences.
2. Copy REMCAP.EXE to the client and start it.

REMCAP uses UDP Port 77 (private remote job services) for communication.
It sends an UDP Subnet broadcast packet to locate CAPRI32.

---

Support

The latest version of CAPRI32 is available on www.hanewin.de. Please mail comments, questions, problems to .