tags:

views:

287

answers:

1
+2  Q: 

Methods of programatically altering ipsec rules with C#?

Hey stackoverflow,

The only method I know how to execute IPsec changes involves calling netsh to do the changes. Is there a method using System.Management and WMI objects directly? If so, what is it? I am having a hard time finding relevant WMI information with MSDN.

Or is there some other useful method someone out there has used?

EDIT: I am working in C#, and would prefer C# examples with regard to .NET System.Management based answers.

Thank you!

+1  A: 

1) Exact: WMI.

The EnableIPFilterSec WMI class static method can enable IP security globally across all IP-bound network adapters. With security enabled, security characteristics for any specific adapter can be altered with the EnableIPSec WMI class method. MSDN for the former here:

http://msdn.microsoft.com/en-us/library/aa390381%28VS.85%29.aspx

And see this MSDN entry for information about EnableIPSec and its parameters (that allow you to declare a list of ports and protocols):

http://msdn.microsoft.com/en-us/library/aa390382%28VS.85%29.aspx

Finally, this is a link to the WMI.NET code directory, where there are useful samples of code using System.Management to execute WQL queries.

http://msdn.microsoft.com/en-us/library/ms257338.aspx

NOTE:

If you need to mess around extensively with WQL tests for your ObjectQuery/SelectQuery System.Management objects, as I did, give wbemtest a try. It is the Windows Management Instrumentation tester, and makes writing, testing, and honing WQL for your applications much nicer.

2) Related: Programmatic firewall changes on Vista or later using FirewallAPI, INetFwRule Interface, and anything else one may need.

On Vista or later, using the FirewallAPI.dll is an easy option if you need ipsec functionality but don't care about the legacy PolicyAgent implementation.

I did not realize this was an option at first because I did not know that the Advanced Firewall in Vista and later truly combines IPSec and firewalling within the WFP (Windows Filtering Platform), and keeps legacy IPSec implementations going through PolicyAgent.

This means that using FirewallAPI.dll can give all the functionality of IPSec with the stateful intelligence of the firewall, which is exactly what I wanted. I just add blacklist rules (since blacklist rules take precedence), and add to the blacklist when needed through the API and WFP starts dropping the traffic. Done!

asteroid  2009-10-24 02:14:01

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?