|
 |
|
Hier finden Sie Informationen und häufig gestellte Fragen zu unserem VPN Client.
Fragen
TheGreenBow IPSec VPN Client Software
VPN Fehler und Fehlermeldungen
VPN Überblick
 | Was
ist ein Virtual Private Network (VPN) ? |
 |
Ein virtuelles privates Netzwerk (VPN) bietet die Möglichkeit, öffentliche Telekommunikations-infrastrukturen wie z.B. das Internet zu
nutzen, um Firmenstandorte oder Telearbeitsplätze sicher zu vernetzen. In
der Vergangenheit waren hierzu teure und exklusive Standleitungen notwendig.
Ein VPN bietet die selben Möglichkeiten wie eine Standleitung, nur zu
wesentlich niedrigeren Kosten.
Ein VPN benutzt das Internet (World
Wide Web) als Zugang/Trägermedium. Der Informations-austausch selbst geschieht verschlüsselt in
einem abhörsicheren Tunnel.
| Warum mit IPSec verschlüsseln ? |
|
IPSec (Internet Protocol Security) bietet Sicherheitsfeatures auf den IP Layer,
Definition: IPSec (Internet Protocol Security) provides security services at the IP layer
by enabling a system to select required security protocols, determine the algorithm(s)
to use for the service(s), and put in place any cryptographic keys required to provide
the requested services. The IPsec architecture is described in the RFC-2401 (www.ietf.org RFC-2401).
IPSec has been selected to be embedded in IPv6. IPSec is strong because it was designed to be
strong and replace some older methods like PPTP.
Today IPSec is the most secure way to access the corporate network from the Internet, here are some elements why:
Heute ist IPSec der sicherste Weg, um Zugriff auf entfernte (Remote) Netzwerken zu ermöglichen. Hier einige Sicherheitsfeatures:
- Strong encryption mechanisms like Encapsulated Security Payload (ESP) using DES, 3DES, AES with long key length (i.e. 128, 192, 256)
- Starke Verschlüsselungsmechanismen wie z.B. Encapsulated Security Payload (ESP), unter Verwendung von DES, 3DES, AES mit sicheren Schlüssellängen (128, 192, 256).
- Strong authentication of parties identity with the use of X-Auth and Certificate with long key length (i.e 1536, 2048)
- Starke Authentisierung der Endpunkte unter Verwendung von X-Auth und Zertifikaten mit sicheren Schlüssellängen (1536, 2048).
- Use of Internet Key Exchange (IKE) and ISAKMP to automatically exchange keys and mutual authentication.
- Protection against denial of service attacks. The IPSec protocols use a sliding window. Packets are numbered and only accepted if they fit the window.
- Schutz vor "denial of service" Attacken. Das IPSec Protokoll....
- Use of USB Stick, USB Token in conjunction with IPSec Client software to protect identity/authentication information and VPN configurations (i.e. a TheGreenBow specific feature).
- Durch die Verwendung von USB Sticks oder USB Token mit unserem VPN Client schützen Sie zusätzlich Identitäts- und Authentisierungsinformationen, sowie die VPN Konfiguration.
|
Was ist NAT Traversal (NAT-T) und unterstützt dies der Client ? |
|
Definition: Network Address Translation (NAT) is designed to decrease IT manager frustration for
scarce public IP addresses. A NAT device takes a packet's originating private IP address,
translates that address into a public IP address, before sending the packet across the Internet
to its destination. NAT devices use an internal table to keep track of translated addresses but
unfortunately manipulate the packet's original IP header, impacting IPSec ability to function.
IETF (Internet Engineering Task Force) group worked out a solution called NAT Traversal
(NAT-T RFC-3193). NAT Traversal is now widely implemented in routers and appliances.
Der TheGreenBow IPSec VPN Client unterstützt NAT-T Drafts 1, 2 and 3 (inkl. UDP Encapsulation).
|
Tunnel versus Transport Modus ? |
|
Der Unterschied zwischen Tunnel und Transport Modus (näher spezifiziert in der RFC-2401, www.ietf.org) kann anhand der folgenden Netzwerkkonfiguration erklärt werden:
- Tunnel Mode is most commonly used whenever either end of a security association is a
security gateway or both ends of a security association are security gateways, the security gateway
acting as a proxy for the hosts behind it. Tunnel mode encrypts both payload and the whole header (UDP/TCP and IP).
- Tunnel Modus wird meistens verwendet, wenn entweder ein Endpunkt einer "security association (SA)" ein VPN Gateway ist, oder. beide Endpunkte VPN Gateways sind. Das Gateway dient hier als Proxy für die Hosts dahinter.
- Transport Mode is used where traffic is destined for a security gateway and the security
gateway is acting as a host e.g. SNMP commands. Transport Mode encrypts only the data portion and
leaves the IP header untouched.
Der TheGreenBow IPSec VPN Client unterstützt beide Methoden.
| Pre-shared key versus Certificates ? |
|
Computer authentication by IPSec is performed by using preshared keys or computer certificates.
A pre-shared key identifies one party during Authentication Phase. Per definition, "Pre-shared"
means you have to share it with another party before you can establish a secure VPN tunnel.
The strongest method of authentication is the use of a PKI and certificates. However, smaller organizations
cannot afford the implementation of a PKI system and a well managed preshared key method can be easier and
just as powerful.
Der TheGreenBow IPSec VPN Client unterstützt beide Methoden.
| IPSec versus SSL ? |
|
Please see our IPSec versus SSL page where we compare both technologies.
| Can we use IPSec to secure our WiFi network ? |
|
Please see our IPSec versus WiFi page where we look at WEP, 802.11i and we compare technologies.
|
Was bedeutet Dead Peer Detection? |
|
DPD oder "Dead Peer Detection" ist eine Internet Key Exchange (IKE) Erweiterung (RFC3706),
und dient zur Entdeckung und Umgehung von Verbindungsabbrüchenndes Tunnels. Dieses Feature wird bei der Verwendung mehrerer redundanter Gateways eingesetzt.
TheGreenBow IPSec VPN Client Software
|
Welche Microsoft Windows© Versionen werden unterstützt? |
|
- Windows 2000 (Workstation)
- Windows XP 32-bit. WinXP all service packs, including SP2
- Windows Server 2003 32-bit
- Windows Server 2008 32-bit
- Windows Server 2008 64-bit
- Windows Vista 32/64-bit
- Windows 7 32-bit
- Windows 7 64-bit
|
 |
Bitte beachten Sie folgende Installationshinweise für Windows 7 64-Bit und 2008 Server 64-Bit::
- Klicken Sie die Datei 'TheGreenBow_VPN_Client.exe' vor der Installation und Wählen Sie 'Eigenschaften'
- Im Eigenschaftsfenster, wählen Sie den Tab 'Kompatibilität'.
- Wählen Sie 'Programm im Kompatibilitätsmodus ausführen:' und wählen Sie 'Windows Vista'
- Klicken Sie 'Ok'.
|
|
|
Welche Sprachen werden unterstützt? |
|
Insgesamt ist der VPN Client in 21 Sprachen verfügbar: Arabisch, Chinesisch (Simplified), Holländisch, Englisch, Finnisch, Französisch, Deutsch, Griechisch, Dänisch, Hindi, Italienisch, Japanisch, Polnisch, Portugiesisch, Russisch, Serbisch, Tschechisch, Slowenisch, Spanisch, Thai und Türkisch..
Hier eine komplette Übersicht der verfügbaren Sprachoptionen: VPN Client Lokalisierung.
Die verwendete Sprache des Clients kann während der Installation festgelegt werden.
|
Wie kann der TheGreenBow IPSec VPN Client übersetzt werden ? |
|
Um den VPN Client in eine beliebige Sprache zu übersezten, haben wir auf der Webseite IPSec VPN Client Localization ein Übersetzungstool bereitgestellt. Der Lokalisierungsprozess ist sehr einfach, mit dem nächsten VPN Softwarerelease wird Ihre neue Sprachversion veröffentlicht.
|
Welche VPN Router, VPN Gateways Gateways und VPN Server werden unterstützt? |
|
Der TheGreenBow IPSec VPN Client ist kompatibel zu allen gängigen, auf dem IKE/IPSec Standard basierenden Geräten. Eine detaillierte Übersicht, sowie zahlreiche Konfigurationsanleitungen finden Sie auf unserer Übersicht der zertifizierten VPN Gateways.
Bitte kontaktieren Sie unseren technischen Support falls Ihr VPN Gerät nicht in dieser Liste aufgefüht wird. Um eine Anleitun für Ihr Gerät ausarbeiten zu können benötigen wir die VPN Clint Konfigurationsdatei, das Logfile aus der Konsole, sowie Screenshots der VPN Routerkonfiguration.
| How to connect the IPSec VPN Client to Linksys VPN router ? |
|
We've made available for download VPN Configuration Guides for most of the gateways we support on our web site support section, and there are some on Linksys. VPN Configuration Guides are either written by our partners or by our engineering team.
We do support Linksys RV082 and Linksys BEFVP41. You might want to look at our answer about Linksys WRV54G.
| How to setup TheGreenBow IPSec VPN Client using Cisco ? |
|
We've made available for download VPN Configuration Guides for most of the gateways we support on our web site support section, and there are some on Cisco. VPN Configuration Guides are either written by our partners or by our engineering team.
We do support Cisco gateways like Cisco PIX501, Cisco ASA 5510, Cisco PIX 506-E, Cisco 871, Cisco 1721.
|
Unterstützt der VPN Client NAT Traversal ? |
|
Ja. der Client unterstützt NAT Traversal Draft 1 (enhanced), Draft 2 and 3 (full implementation). IP address emulation.
- NAT_OA support
- NAT keepalive
- NAT-T aggressive mode
|
Unterstützt der IPSec VPN Client DNS/WINS Anfragen ? |
|
Ja. der VPN Client beherrscht den sog. Mode-Config. "Mode-Config" ist eine IKE Erweiterung
welche es dem VPN Gateway ermöglicht Informationen über das Remote Netzwerk an den VPN Client weiterzureichen, wie z.B. DNS oder WINS Anfragen.
Sollte Ihr VPN Gateway den Mode-Config nicht unterstützen, können sie DNS und WINS Server im VPN Client fest konfigurieren.
| Is TheGreenBow IPSec VPN Client compatible with Linksys WRV54G ? |
|
TheGreenBow IPSec VPN Client is fully certified with Linksys WRV54G firmware 2.37 and later. Please download Linksys WRV54G VPN Configuration Guide.
The Linksys WRV54G firmware 2.25.2 does not accept IPSec connexions from any IPSec VPN Clients with dynamic IP addresses. However, there is a workaround. You need to set up IPSec VPN Client's IP address in the Linksys configuration.
Linksys has released a newer firmware since then. You might want to test it: click here
TheGreenBow IPSec VPN Client is fully certified with Linksys RV082 and Linksys BEFVP41 (see also Certified VPN Products list or download VPN Configuration Guides).
|
Welche Firewall Portfreigaben benötigt der IPSec VPN Client ? |
|
UDP Port 500 und UDP Port 4500 müssen offen sein, auch muss das ESP Protokoll (Protokoll Nummer 50) erlaubt sein..
| Is it possible to use TheGreenBow IPSec VPN Client through Microsoft ISA Server 2000 and 2004 ? |
|
According from Microsoft support, in most cases, IPSec VPN traffic does not pass through ISA Server 2000.
For more details about ISA server 2004, read Q838379 in Microsoft Knowledge Base
| What must be filled in Phase 2 field "VPN client address" ? |
|
This field is the virtual IP address that the IPSec VPN client will have inside the remote subnet. With most of VPN gateways, this address must not belong to the remote network subnet.
For example, if you use a VPN gateway with a subnet 192.168.0.0/255.255.255.0, you should use in "VPN Client address" a value like 192.168.100.1 or 10.10.10.1.
Take the case you choose an IP address non-used in the subnet like 192.168.0.200. When the IPSec VPN Client is sending a TCP or an UDP packet to a target remote computer 192.168.0.x, this target will send inside its subnet an ARP request in order to get IPSec VPN Client MAC address and reply directly to it. But, this request cannot receive any answer because the client is not physically present inside the subnet. So, initial packets from the client will not be answered.
If your VPN gateway can answer this ARP request for the IPSec VPN Client, you can fill "VPN Client address" field with an IP address belonging to remote subnet.
You might want to download our IPSec VPN Client User Guide.
| Windows(NT) is unable to find/start the TGBSTARTER service |
|
Windows NT may not be able to start the service "TgbIKE Starter". The error message tells the user Windows is unable to find TgbStarter, despite the fact it is actually in the system directory.
This is due to a wrong registry configuration. To solve the problem, check the following key:
<[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TgbIKE Starter]
"DisplayName"="TgbIKE Starter"
"ErrorControl"=dword:00000001
"ImagePath"="C:\\Winnt\\System32\\TgbStarter.exe"
"Start"=dword:00000002
"Type"=dword:00000110
"ObjectName"="LocalSystem"
|
| Is it possible to hide the graphical user interface i.e. "silent" mode ? |
|
It is possible to run the standard IPSec VPN Client setup in "silent" mode. You need to download
the whole procedure described is this document:
VPN Deployment Guide
| Is TheGreenBow IPSec VPN Client compatible with Linksys WRVS4400N oder WRV200 ? |
|
Yes, TheGreenBow IPSec VPN Client is fully certified with Linksys WRVS4400N oder WRV200
(see also Certified VPN Gateway list or download VPN
Configuration Guides).
| Can a Redundant Gateway be defined ? |
|
Yes. It is possible to define a Redundant Gateway in the IPSec VPN Client. Redundant Gateway can offer
to remote users a highly reliable secure connection to the corporate network. The Redundant Gateway
feature allows TheGreenBow IPSec VPN Client to open an IPSec tunnel with an alternate gateway in case
the primary gateway is down or not responding. Remote gateway failure is detected by "Dead Peer
Detection" function.
|
Kann der IKE Port individuell verändert werden ? |
|
Ja. Sie können im Menüpunkt 'Parameter' den zu verwendenden IKE Port global konfigurieren.
| What are TgbStarter.exe and TgbIke.exe ? |
|
TgbStarter.exe and TgbIke.exe are components of TheGreenBow IPSec VPN Client.
- TgbStarter.exe is the software daemon component (ran as a service)
- TgbIke.exe is the IPSec/IKE run-time of the software.
| The Software Activation doesn't succeed. |
|
When I try to activate the software, it doesn't succeed (I got an error message)
You can find a complete help guide about the activation on our Online Software Activation Help Guide.
You can also get your software activated at anytime, by following the procedure described on our Manual Software activation.
| What is a Default VPN Configuration? |
|
A Default VPN Configuration is VPN configuration designed by TheGreenBow Techsupport team to connect
to our online IPSec VPN gateways and servers. Those are always live and you can use it to test your
network environement at any time. The Default VPN Configuration is embedded into the IPSec VPN Client.
Check out online help or download the default VPN Configuration file below.
| Can I get temporary license numbers that I can use during my tests? |
|
Yes, license can last several weeks. For further details, contact our sales department.
| | How to launch my CRM app automatically when IPSec tunnel to my corporate intranet opens ? |
|
It is possible. Go to Configuration Panel>Phase2 and click on scripts. In the Script window,
you can select the application you want to start before or after a tunnel opens or closes.
|
|
Does IPSec VPN Client Software support two-way authentication keys and Tokens? |
|
Yes. TheGreenBow supports several two-factor and two-way authentication Tokens to store users, personal credentials, such as private keys, passwords and digital certificates. Please see the Certified Token List.
|
|
How to connect to a remote Windows Domain by using the 'Start before Windows logon' feature? |
|
To make it work, please proceed through the following steps:
- Go to menu 'File' > 'Preferences', select 'Start VPN Client before Windows logon'.
- Go to 'P2 advanced', select 'automatically open this vpn tunnel when client starts'.
- Go to 'P2 advanced', select 'automatically open this tunnel on traffic detection'.
Now, please be aware that, due to the specificity of this functionality, it can only work with an IPSec VPN Client software that has been already activated. As long as the IPSec VPN Client software remains in trial mode, it will start only after the user clicked on 'Evaluate', and thus, after Windows logon of course. As a consequence, this is the only feature which cannot be tested with a demo version.
Note: Because users can not check if the tunnel is opened, as Windows logon is not done yet, the best way to test your VPN Configuration is to define a 'Remote VPN Client address' (i.e. panel 'Advanced Phase2') and try to ping this IP address from the remote network. If ping is responding then tunnel is opened and your VPN Configuration is correct. For this test to work, a route might have to be added on the VPN Router/Firewall to reach the VPN Client.
Troubleshootings
| "I have message XXXXX in the console". What does it mean ? |
|
We do make available for download a complete guide of messages from TheGreenBow IPSec VPN Client console with explanations and resolving hints. If this document does not help you, send us all the exchanges with RECV and SEND lines. Keep log levels to "0" and click on "Save file". Log file can be found in Program Files \Sistech \TheGreenBow \LogFiles.
| No response from the VPN server |
|
If you have the following logs, that means the remote VPN server does not answer to client's IKE requests.
115317 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
115319 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
115321 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
115323 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
|
Take a look at remote VPN server logs and check if requests from the client are received. If you find no trace, IKE requests must have been dropped somewhere. Check any firewall (including computer Personal Firewall) that can be found between the IPSec VPN client and the VPN server.
| VPN is up but I can't ping ? |
|
When logs look like the ones below, the IPSec VPN tunnel is established. Now you should be able to ping any devices onto your VPN server LAN. TheGreenBow IPSec VPN Client configuration is correct.
121902 Default (SA Cnx-Cnx-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE]
121905 Default (SA Cnx-Cnx-P2) RECV phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE]
121905 Default (SA Cnx-Cnx-P2) SEND phase 2 Quick Mode [HASH]
|
If you still cannot ping the remote LAN, here are a few guidelines:
- Check Phase 2 settings : VPN client address and Remote LAN address. Usually, client IP address should not belong to the remote LAN subnet (read also What must be filled in Phase 2 field "VPN client address" ?)
- Once tunnel is up, packets are sent with ESP protocol. This protocol can be blocked by firewall. Check that every device between the client and the VPN server does accept ESP
- Check your VPN server logs. Packets can be dropped by one of its firewall rules.
- Check your ISP support ESP
- If you still cannot ping, follow ICMP traffic on VPN server LAN interface and on LAN computer interface (with Ethereal for example). You will have an indication that encryption works.
- Check the "default gateway" value in VPN Server LAN. A target on your remote LAN can receive pings but does not answer because there is not "Default gateway" settings.
- You cannot access to the computers in the LAN by their name. You must have specified their IP address inside the LAN.
For full trace with explanations and resolving hints, please see our Troubleshooting document.
| "PAYLOAD MALFORMED" error (Wrong Phase 1 [SA]) |
|
If you have a "PAYLOAD MALFORMED" error, like this sequence of events, check if the IKE algorithms are the same on each side of the VPN tunnel.
114920 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
114920 Default (SA Cnx-P1) RECV phase 1 Main Mode [NOTIFY]
114920 Default exchange_run: exchange_validate failed
114920 Default dropped message from 195.100.205.114 port 500 due to notification type PAYLOAD_MALFORMED
114920 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error
|
For full trace with explanations and resolving hints, please see our Troubleshooting document.
| "INVALID COOKIE" error |
|
If you have an "INVALID COOKIE" error, it means that one of the endpoint is using a SA that is no more in use. Reset the VPN connection on each side.
115933 Default message_recv: invalid cookie(s) 5918ca0c2634288f 7364e3e486e49105
115933 Default dropped message from 195.100.205.114 port 500 due to notification type INVALID_COOKIE
115933 Default SEND Informational [NOTIFY] with INVALID_COOKIE error
|
For full trace with explanations and resolving hints, please see our Troubleshooting document.
| "NO KEYSTATE" error |
|
If you have a "no keystate" error, check if the preshared key is correct or if the local ID is correct (see " Advanced " button). You should have more information in the remote endpoint logs.
115317 Default (SA Cnx-P1) SEND phase 1 Main Mode [KEY][NONCE]
115319 Default (SA Cnx-P1) RECV phase 1 Main Mode [KEY][NONCE]
115319 Default (SA Cnx-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
115319 Default ipsec_get_keystate: no keystate in ISAKMP SA 00B57C50
|
For full trace with explanations and resolving hints, please see our Troubleshooting document.
| "received remote ID other than expected" error |
|
If you have a "received remote ID other than expected ." error, the " Remote ID " value (see " Advanced " Button) does not match what the remote VPN endpoint is expected.
120351 Default (SA Cnx-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default (SA Cnx-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY]
120351 Default ike_phase_1_recv_ID: received remote ID other than expected
support@thegreenbow.fr
|
For full trace with explanations and resolving hints, please see our Troubleshooting document.
| "NO PROPOSAL CHOSEN" error |
|
If you have a "NO PROPOSAL CHOSEN" error (hereafter), check that the "Phase 2" algorithms are the same on each side of the IPSec VPN Tunnel.
115915 Default (SA Cnx-Cnx-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE]
115915 Default RECV Informational [HASH][NOTIFY] with NO_PROPOSAL_CHOSEN error
115915 Default RECV Informational [HASH][DEL]
115915 Default Cnx-P1 deleted
|
If you have a "NO PROPOSAL CHOSEN" error (hereafter), check that the "Phase 1" algorithms are the same on each side of the IPSec VPN Tunnel.
115905 Default sysdep_app_open: Init Connection for : Cnx-Cnx-P2 Cnx-remote-addr
115905 Default sysdep_app_open: IPV4_SUBNET Network 192.168.1.1
115905 Default sysdep_app_open: IPV4_SUBNET Netmask 255.255.255.0
115911 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
115911 Default RECV Informational [NOTIFY] with NO_PROPOSAL_CHOSEN error
|
For full trace with explanations and resolving hints, please see our Troubleshooting document.
| "INVALID ID INFORMATION" error |
|
If you have a "INVALID ID INFORMATION" error, check if "Phase 2" ID (local address and network address)
are correct and match what is expected by the remote VPN endpoint. Check also ID type. If network mask is not
checked, you are using an IPV4_ADDR type (and not a IPV4_SUBNET type).
122626 Default (SA Cnx-Cnx-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE]
122626 Default RECV Informational [HASH][NOTIFY] with INVALID_ID_INFORMATION error
122626 Default RECV Informational [HASH][DEL]
122626 Default Cnx-P1 deleted
|
For full trace with explanations and resolving hints, please see our
Troubleshooting document.
| DELL or HP laptops with Broadcom Chipset |
|
TheGreenBow recommends customers using a Broadcom chipset integrated with some Dell or HP laptops to
update driver bcmwl5.sys to the most recent release. This driver causes blue screen intermittently even
if our IPSec VPN client is not installed.
| Intel Adapter Switching Utility |
|
Intel Adapter Switching Utility causes blue screen when TheGreenBow IPSec VPN Client is installed.
If you have an Intel Pro/Wireless 2100 or 2200, follow these steps in the given order.
- Go to the Start/Control Panel/Add\Remove Programs. Remove the Intel PROset item
- Go to the Start/Control Panel/System.
Select the hardware tab and press the device manager button.
In the device manager, click on the plus sign to expand the Network Adapters item.
Select Intel PRO/Wireless LAN 2200 (or 2100) adapter and right click.
Select Uninstall from the pop-up menu.
- Restart the computer.
Upon reboot the laptop will re-detect the wireless card and install the drivers for it. It will not
intall the Intel PROset drivers. The wireless card should still function, but the added functionality
of the adapter switching will not be available. Windows will then manage the wireless profiles instead
of the Intel PROset utilities.
For more details, see the
Intel technical advisory
| "Default UDP create:[...] must exist as a listener too" |
|
Problem: the following message appears in the console :
205618 Default udp_create: xxx.xxx.xxx.xxx: 500 must exist as a listener too
205618 Default exchange_establish: transport "udp" for peer "CnxVpn1-P1" could not be created
|
Solution: This error occurs when the client cannot create a socket for communicating outside. It can be due to the fact that this IP
address is invalid or not used any more. Check if this address still exists. Usually, this error occurs when a specific IP address was
selected in the "Interface" dropdown list and saved instead of "*".
| Die IPSec VPN Client Software lässt sich nicht deinstallieren. |
|
Problem: I cannot uninstall IPSec VPN Client software, it always asks to first uninstall the previous version.
Solution: You can use our tool
to clean the remaining components of IPSec VPN Client software.
| Wie reporte ich einen Bug bei IKE Daemon Abstürzen (Bluescreens) ? |
|
Der vollständige Prozeß ist hier beschrieben : Reporting Bugs.
We strongly recommend users on Windows Vista to upgrade their network adapter drivers with Windows Update. This action can prevent from driver crashes in some network configurations. Also, Windows Vista bug fix pack KB938194 should be installed. More details and download are available on http://support.microsoft.com/?kbid=938194.
|
TheGreenBow VPN Client unter Microsoft Windows 7 Beta 32-Bit einrichten? |
|
Gehen Sie wie folgt vor, um den TheGreenBow VPN Client unter Windows 7 Beta zu installieren:
- Klicken Sie mit der rechten Maustaste die Datei 'TheGreenBow_VPN_Client.exe' an, bevor Sie den Client installieren. Wählen Sie nun 'Eigenschaften'.
- Wählen Sie im Eigenschaftsfenster das Register 'Kompatibilitätsmodus'
- Wählen Sie die Option 'Programm im Kompatibilitätsmodus ausführen für:' und wählen Sie Windows Vista.
- Klicken Sie ’Ok’.
Unter Umständen kann es sein, dass der VPN Tunnel unter Microsoft Windows Vista nicht geöffnet werden kann. Der Tunnelaufbau scheint blokiert, in der VPN Konsole (Menü Tools - Konsole [STRG&D]) sehen Sie Einträge wie folgt:
115317 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
115319 Default (SA Cnx-P1) SEND phase 1 Main Mode [SA][VID]
|
Hier blockiert die Windows Vista Firewall die IPSec Kommunikation.
TheGreenBow VPN IPSec Client 4.2 und höher: Der VPN Client erstellt während der Installation automatisch entsprechende Regeln für die Windows Vista Firewall. Damit wird für die Applikation "TheGreenBow VPN Client" IPSec VPN Traffic ermöglicht (Beachten Sie auch das Kapitel "Windows Firewall" im Benutzerhandbuch).
Achtung: Unter Windows 7 (Win 7), kann es bei bestehenden Firewallregeln für den VPN Client passieren, dass die Einstellungen für die Profile 'Privat' und 'Domäne' nicht korrekt gesetzt werden. Bitte überprüfen Sie die Firewallregeln und stellen Sie Sicher, daß die Profile 'Privat' und 'Domäne' aktiviert sind (Schritt 6).
TheGreenBow VPN IPSec 4.1 und kleiner: Um IPSec Kommunikation zu erlauben (oder die Einstellungen zu prüfen), gehen Sie bitte wie folgt vor:
- Go to 'Windows Start' button and enter "Windows Firewall with Advanced Security" in Search field. Alternatively, enter 'cmd' and in the command line window enter 'wf'.
|
|
screenshot
|
- Select in the left menu "Inbound Rules", then in the right column "New Rule...".
|
|
screenshot
|
- Select "Port" and then click on "Next".
|
|
screenshot
|
- Select "UDP" and the "Specific local ports," then enter two values 500 and 4500 separated by comma (i.e. "500,4500").
Click on "Next".
|
|
screenshot
|
- Verify that "Allow the connection" bullet is selected. Click on "Next".
|
|
screenshot
|
- Make sure this rule applies to all Profiles. Click on "Next".
|
|
screenshot
|
- Assign a name to this new rule. Click on "Finish".
|
|
screenshot
|
|
|
|
- Select in the left column "Outbound Rules" and in the right column "New Rule...", and configure exactly the same rule (i.e. UDP ports 500 and 4500, VPN Outbound).
|
|
screenshot
|
|
)
){kind=spacer}
