Shrew Soft VPN Client
|
Shrew Soft VPN Client is a free IPsec Remote Access VPN Client for Windows operating systems ( x86 and amd64 versions ). It was originally developed to provide secure communications between mobile Windows hosts and open source VPN gateways that utilize standards compliant software such as ipsec-tools, OpenSWAN, FreeSWAN, StrongSWAN, isakmpd. It now offers many of the advanced features only found in expensive commercial software solutions and provides compatibility for VPN appliances produced by vendors such as Cisco, Juniper, Checkpoint, Fortinet, Netgear, Linksys, Zywall and many others.
By tunneling traffic between the VPN Client and the VPN Gateway, the host is able to access private network resources in a manner which is secure even when connecting from an insecure public network. This functionality is provided by implementing the IPsec Protocol standard which is used by a wide variety of both commercial and open source operating systems.
Many commercial VPN Gateways are available on the market. Most of these products are bundled with proprietary VPN Client software that is designed to communicate with a specific gateway device. While most major open source operating systems have had support for basic IPsec functionality for some time, they have lacked a sophisticated IKE daemon and kernel support for protocol extensions that would be required to properly support IPsec Client connectivity. Luckily this is no longer the case. Recent improvements to the IPsec Tools software and added kernel support for features such as NAT Traversal have enabled open source operating systems such as Linux, FreeBSD or NetBSD to be considered as a viable alternative to expensive commercial VPN Gateway solutions. The Shrew Soft VPN Client offers a complimentary Windows IPsec implementation that can be used to communicate with these gateways.
The Shrew Soft Client for Windows is free for both commercial and private use.
This Software implements the IPsec Protocol standard and uses ISAKMP version 1.0 to negotiate security parameters with a VPN Gateway. In addition, it includes support for the XAuth protocol extension for user authentication and the Configuration Exchange extension for automatic client configuration. Please read below for a complete list of supported features.
Firewall Traversal Options
1. NAT Traversal ( RFC & Draft 00-04 versions )
2. NAT Keep Alive
3. IKE Fragmentation
Authentications Methods
1. Hybrid RSA + XAuth
2. Mutual RSA + XAuth
3. Mutual PSK + XAuth
4. Mutual RSA
5. Mutual PSK
Identification Types
1. ASN1DN
2. FQDN
3. UFQDN
4. Address
5. Key Identifier
Exchange Modes
1. Main
2. Aggressive
3. Configuration ( push or pull )
4. Quick
5. Informational
Phase1 Ciphers
1. AES
2. Blowfish
3. 3DES
4. CAST
5. DES
Phase1 Hash Algorithms
1. MD5
2. SHA1
Phase2 Transforms
1. ESP-AES
2. ESP-Blowfish
3. ESP-3DES
4. ESP-CAST
5. ESP-DES
Phase2 HMAC Algorithms
1. HMAC-MD5
2. HMAC-SHA1
Phase2 Options
1. PFS is supported
2. Tunnel mode is supported
3. Transport mode is not supported
4. Compression is not supported
Basic Configuration Exchange Attributes
1. Banner
2. Address
3. Netmask
4. WINS Server
5. DNS Server
Advanced Configuration Exchange Attributes
1. DNS Default Domain
2. Login Banner
3. Split Network Include List
4. Split Network Exclude List
5. Split DNS Domain List
6. PFS DH Group
Although the VPN Client supports a rapidly growing feature set, it still lacks some options found in the popular commercial solutions. Most of these features will be added in future releases. Please read below for a brief list.
* Pre-Login Connection Support for AD/Domain Logins
* Client Side Stateful Firewall
* Multi Language Support
* Additional Platform Support
For best results, Shrew Soft recommends the use of a VPN Gateway running Linux, FreeBSD or NetBSD and IPsec Tools version 0.7 or later. The VPN Client has also been reported to work with several commercial VPN Gateways.
The license of this software is Freeware, you can free download and free use this remote access software.