Note: if you tried installing older version of Shrew VPN (e.g. alpha version), and you keep getting blue screen, I recommend doing System Restore to get rid of it (it might also affect other programs you installed after Shrew VPN). Otherwise it's very difficult to stop BSODs.
I published the NCP-e VPN configuration tutorial not so long ago, which was the first 64bit IPSec VPN client that worked for me, it's not free (probably that's why), most other clients gave me blue screens while installing drivers. But now it seems, as we are getting closer to Windows 7 64bit release date, there soon be a choice of even free IPSec VPN clients working on 64bit Windows 7. It's for you to decide whether you want a commercial VPN client with more support and extra features or just a free VPN client. I only intend to publish my personal experience when testing them. Now it's time for Shrew VPN client, which only recently (3rd of Sept) released it's RC3 version, that worked on my computer.
Installation:
After
downloading the
2.1.5(rc3) version of Shrew VPN, start installing it, a message or two maybe pop-up asking to confirm driver installation, which may hide behind the installation window (press ALT+TAB if your installation doesn't seem to be doing much to check if it's hiding somewhere), click yes (install) to it.
Update: version 2.1.5 is no longer in beta or RC version, so you can download the stable 2.1.5 version of 05 Dec 2009 (or newer betas if you fancy testing new releases).
Configuration:
If you have a
.pcf file from your older CISCO VPN client, then open Shrew Soft VPN, go to
File>Import>Select .pcf file extension from the filter>Select your file>click open. Try connecting now, if it works then great (it didn't for me at this point).
If it doesn't then click Modify>select "client" tab>Navigate to NAT traversal>Select "force-rfc" Update: force rfc is probably not required in most configurations, only in very particular cases. If it's still not connecting, check the configuration as described below.
If you
don't have a configuration file from your old Cisco client, then make sure that you have these common settings:
- IPSec gateway (e.g. vpn.blahblah.com or 129.123.000.000)
- IPSec ID, also known as group ID (usually just a word)
- IPSec secret. also known as group password (also a word)
- remote access personal username (xauth username)
- remote access personal password (xauth password)
(and maybe other advanced settings as well, if you were given those)
1) First add a new connection profile, by clicking
ADD button, you will see
General VPN settings tab, enter your IPSec gateway in "
Host Name or IP address" field (and port settings if you were given them).
2) Navigate to client tab, and select force-rfc under NAT traversal (leave other settings on default, unless you were given different ones). (see the first image for the screenshot). Update: this is probably not required for most connection types
3) Navigate to
Name Resolution tab, and leave all automatic settings (unless you were given specific WINS, DNS servers etc.., but try automatic first).
4) Navigate to
Authentication tab, select
Mutual PSK+Xauth under
Authentication method (if you method of authentication is IPSec group ID and pre-shared key, select a different one if you are using a certificate, etc..).
- Navigate to Local Identity sub-tab, select Key Identifier under Identification Type and enter your IPSec group ID in the "Key ID String" field.
- Navigate to Remote Identity sub-tab and leave it on Any Identification type.
- Navigate to Credentials sub-tab and enter your IPSec Group Password in "Pre Shared Key" field. If you are using a certificate as your authentication method then select your certificate in this tab.
5) Phase 1 tab,
Phase 2 tab and
Policy tab usually don't need any changes, unless you were given particular settings that you need to enter, like main exchange type if you are using a certificate, encryption algorithms supported by your server, PFS exchange, etc ..
Click save, and then in the main program windows click connect. You will be asked for your Xauth username and password. Enter them and if your connection is successful, you can check your IP address on
www.whatismyipaddress.com .
There are also two things that I recommend, go to
File>Preferences>Tick Minimize when connection succeeds and
Tick remember the connection username. And select
Visible in system tray only for both drop-down lists, because it's very annoying to see those two windows in taskbar all the time.
Main VPN window (aka Access Manager can be closed now , or minimized if you want it to stay in system tray, it allows you to edit VPN connections, but otherwise is not needed to be open).
And I have not found a way to remember Xauth password yet, you'll have to enter it everytime you want to connect to your vpn.
That's it!
If you need any help or think something in this tutorial is wrong or misleading, leave a comment or contact me via message box on the right =>
Sign up for updates from this blog as well!! there will be more interesting
STUFF!
Useful Tip:
To run Shrew VPN automatically or from command line (or remember password), create a text file in Notepad and add this line:
cd C:\Program Files\ShrewSoft\VPN Client\
start ipsecc.exe -r "configuration name" -u "user name" -p "password" -a
(without quotes), and save this file as 1.bat. Now when you run it, Shrew VPN will pop-up, connect and disappear automatically!! It's magic!!!