Certified VPN Client

Weltweit erster zertifizierter VPN Client


30 Tage Demo testen


Anfrage

Zertifizierte CC EAL3+ Sicherheit für Regierungsbehörden und strategische Betreiber.


Der TheGreenBow-zertifizierte VPN Client ist der erste VPN-Client weltweit, der die Common Criteria EAL3+ -Zertifizierung in Kombination mit der Qualifikation für die Verwendung mit EU- und NATO-Beschränkungen erhalten hat.

Logo EU Rat Logo Common Criteria Logo NATO Logo VISASECU

Die Zertifizierung bestätigt und garantiert die Zuverlässigkeit und die solide Implementierung des VPN Clients, sowie das unübertroffene Sicherheitsniveau, das unser Produkt bietet.

Der Zertifizierungsprozess validiert auch die Qualität der internen Verfahren für Softwareentwicklung, Kundensupport, Qualitätssicherung, Dokumentation und Wartung und bietet die Garantie für einen qualitativ hochwertigen Support und eine permanente Verbesserung des TheGreenBow Certified VPN Client.

Der TheGreenBow Certified VPN Client ist der einzige VPN Client, der das für die Sicherung von Remoteverbindungen in hochsensiblen Umgebungen wie strategischen Betreibern, privaten und öffentlichen Verwaltungen und Regierungsbehörden erforderliche zertifizierte Vertrauensniveau bietet.

Die TheGreenBow Premium VPN Client Lizenz wird als Jahresabonnement für den VIP-Support und die Wartung bereitgestellt.

Referenzen:

alert icon

SECURITY ALERT
In Release 5.22.005 wurden Sicherheitslücken gefunden. Sehen Sie hierzu unsere Security Advisory Page mit allen Informationen und führen Sie bitte ein Update auf die aktuellste Release Version 5.22.008 (Zur Download Seite) durch, welches die Sicherheitslücken schliesst.

Certified VPN Client Download


Release Version: 5.22.008

Unterstützte Betriebs­systeme

  • Windows XP 32-bit
  • Windows Vista 32/64-bit
  • Windows 7 32/64-bit
  • Windows Server 2008 32/64-bit

Sprachversionen

  • Arabisch, Chinesisch (Simplified), Holländisch, Englisch, Finnisch, Französisch, Deutsch, Griechisch, Hindi, Italienisch, Japanisch, Polnisch, Portugiesisch, Russisch, Serbisch, Slowenisch, Spanisch, Thai, Türkisch, Tschechisch, Ungarisch, Persisch, Norwegisch und Dänisch
win xp logo

32-bit

win 7 logo

32/64-bit

Certified VPN Client Release Notes


Client Release Version 5.2

Was ist neu in Version 5.2?

alert icon

SECURITY ALERT
In Release 5.22.005 wurden Sicherheitslücken gefunden. Sehen Sie hierzu unsere Security Advisory Page mit allen Informationen und führen Sie bitte ein Update auf die aktuellste Release Version 5.22.008 (Zur Download Seite) durch, welches die Sicherheitslücken schliesst.


Release Version 5.2


  • Improvement (vulnerability): Improvement of the CA handling in the Windows Certificate Store.
  • Vulnerability fixing: DOS on the configuration panel with an oversized administrator password.
  • Vulnerability fixing: Some padding bytes of the VPN configuration file signature can be patched.
  • Vulnerability fixing: DOS while the software is in trace mode, with a UDP packet flood.
  • Vulnerability fixing: The VPN Client software accepts to authentify the gateway even if no AUTH payload is received.
  • Vulnerability fixing: Certificate date validity can be bypassed through the use of GeneralizedTime format.
  • Vulnerability fixing: DOS upon malformed certificate reception.
  • Vulnerability fixing: Possibility of a man-in-the-middle attack via the use of a CA stored in the Windows certificate store.
  • Vulnerability fixing: DOS when managing certificate with special characters.

  • Bug fixing: Command line option "/close" fixed.

  • Bug fixing: Buffer overflow in GINA X-Auth login/password values
  • Bug fixing: Buffer overflow in UI command line ()
  • Improvement (vulnerability): PIN Code erased from process memory after being used
  • Improvement (vulnerability): Import/Export password erased from process memory after being used

  • Bug fixing: The integrity (signature) of a VPN Configuration is correctly and always checked when the configuration is imported. Corrupted configuration cannot be imported anymore.
  • Bug fixing: GINA UI correctly displayed after first installation.
  • Improvement (vulnerability): Strongest cryptographic mechanism for administrator password storage.
  • Improvement (vulnerability): Administrator password is hidden in user memory.
  • Improvement (vulnerability): Strongest access control mechanism, which avoid the access control being bypassed via code hacking.
  • Improvement (vulnerability): Logs (trace) do not contain sensitive information.
  • Improvement: Uninstall improvement on Windows 8
  • Improvement: Setup and first launch correctly manage obsolete windows certificates

  • Feature request: Gina Mode supported on Windows 7, Vista 32-64bit.
  • Feature request: Added a password confirmation field when exporting a VPN Configuration.
  • Feature request: ESP anti-replay service supported i.e. RFC 2401/4303.
  • Feature request: Added several command lines (and setup init file) to better choose Certificates from Token or SmartCard in VPN Configuration. They are called PKI Options. For more details, look at our deployment guide on our website. "KeyUsage" allows limiting access only to "Authentication" certificates from the Token or SmartCard. "SmartCardRoaming" allows setting the rule used to fetch a Certificate from the Token or SmartCard. "Pkcs11Only" allows limiting access only to "PKCS#11" certificates from the Token or SmartCard. "NoCaCertReq" allows using Certificate with different Certificate Authority the VPN Gateway is using. "PKICheck" allows to force having the Root Certificate onto the user machine.
  • Feature request: The PKI Options are also manageable through the user interface via a new tab in the "Tools" > "Option..." window.
  • Feature request: Enable the IT manager to disable the Configuration Panel via registry key. When the specific registry key is set, the user cannot access the Configuration Panel (OEM partners specific).
  • Feature request: The VPN Configuration backup folder might not exist on some custom Windows environment. The VPN Configuration backup folder is customized (OEM partners specific).
  • Feature request: The Software Activation folder might not exist on some custom Windows environment. The Software Activation folder is customized (OEM partners specific).
  • Feature request: Exclusion of DHCP protocol from network filter to allow DHCP mechanism when network configuration forces everything in tunnel (0.0.0.0/0.0.0.0).
  • Feature request: Algorithms SHA2 is supported to sign with a CSP smart card.
  • Feature request: Remove "buy" button (OEM partners specific).
  • Feature: Korean is now embedded as a new language.
  • Feature: Ability to open the current User Certificate Store when selecting a Certificate in the configuration Panel, instead of the local machine Certificate Store.
  • Feature: Gemalto .NET with CSP middleware supported on Windows Vista & Seven.
  • Improvement: New order to move the focus from one field to another with the tab key in the Configuration Panel > IPsec Phase 2 tab.
  • Improvement: Do not display systray popup on Phase1/Phase2 renegotiation.
  • Improvement: Extended the size of SmartCard PIN code field to be able to enter longer PIN code.
  • Improvement: Ability to activate the software on Windows machine where system folders like MyDocuments or ProgramData might or might not be available.
  • Improvement: Ability to connect to Wifi hotspot with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask 0.0.0.0).
  • Improvement: The "Lock Access to Config Panel" password popup doesn't have focus.
  • Improvement: VPN Configuration can be accessible in computer memory.
  • Improvement: IKE buffer overflow with Vendor ID.
  • Improvement: Minor cosmetic.
  • Bug fixing: VPN Client "Start Mode" should be "Manual" instead of "After Windows logon" in Windows Seven 64bit (some OEM partners only).
  • Bug fixing: The VPN Client cannot open a tunnel when using a Certificate with Unicode or UTF8 characters like Japanese characters.
  • Bug fixing: PKCS#11 middleware used instead of CSP middleware when SmartCardRoaming Option is set to either 2, 3, 4 or 5.
  • Bug fixing: No wrong PIN code popup when using Smart Card with CSP middleware.
  • Bug fixing: Alternate DNS/WINS are not applied if tunnel open when enabling "Auto open this tunnel on traffic detection".
  • Bug fixing: In Gina mode and "Open tunnel" with Alternate DNS/WINS, the DNS/WINS are applied to Local Interface instead of Virtual Interface.
  • Bug fixing: Packet fragmentation not properly performed when modifying MTU size (some values) on Windows XP.
  • Bug fixing: Software upgrade fails when using silent mode "/S".
  • Bug fixing: Impossible to open with certificate when user does not have admin right.
  • Bug fixing: VPN Client not responding after received Key renewal from router.
  • Bug fixing: No tunnel when using SHA2 algorithm and Windows Certificate Store.
  • Bug fixing: Another tunnel does not open properly after unplugging a smartcard with some smartcard models.
  • Bug fixing: Crash IKE in some network circumstances when coming out of sleep mode, or when tunnel fails to open on "Wrong Remote Address" followed by "Save" VPN Configuration.
  • Bug fixing: Remote Config feature creates logs in the wrong directory.
  • Bug fixing: Activation not properly working in some circumstances like multiple user levels on the same machine.
  • Bug fixing: Accept the Section ID in VPN Configuration file coming from the VPN Gateway when virtual IP address is set to 0.0.0.0.
  • Bug fixing: Support VPN configuration coming from the VPN gateway containing "-" in the tunnel names.
  • Bug fixing: The feature VPN "Peer to Peer" might fail when there is a router with NAT-T in between, in some network configuration.
  • Bug fixing: VPN tunnel might not open when configured with a Certificate selected from the User Certificate Store.
  • Bug fixing: The VPN tunnel opens properly but no traffic goes through when using X-Auth based configuration and VPN Client address is 0.0.0.0.
  • Bug fixing: VPN Client stops responding for a while after received Key Renewal from the VPN Router in some VPN Configuration circumstances.
  • Bug fixing: IP address renewal with DHCP server does not working properly with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask 0.0.0.0).
  • Bug fixing: Import of VPN Configuration not working properly when the Certificate has a local ID type DER_ASN1_DN_ID containing a subject with chars like spaces and "/".
  • Bug fixing: "Phase2" > "Advanced" > "Alternate Server" > IP addresses cannot be reset to 0.0.0.0.
  • Bug fixing: The VPN tunnel fails to open when using Mode-Config with some specific VPN Routers (OEM partners).
  • Bug fixing: Cannot create a VPN Configuration via the Configuration Panel (specific OEM partner customization).

Known issues

  • Several Certificates with same Subject added to the Windows Certificate Store might prevent a tunnel to open in some circumstances.
  • The VPN Client might be able to open tunnel under RDP sessions in some circumstances.
  • Windows might not recognize software signature when installing the software although signature is provided, Windows Vista only.

VPN Certified Dokumentation

Marketing
TheGreenBow Broschüre Alle PDF Englisch (1.94 MB)
VPN Certified Datenblatt 5.2 PDF Englisch (225 Kb)
PDF Französisch (225 Kb)
IPsec VPN Client Präsentation 6.x PDF Englisch (218 Kb)
PDF Französisch (218 Kb)
EAL3+ Common Criteria Certificate 5.2 PDF Französisch (511 Kb)

Anleitungen
Certified Benutzer­hand­buch 5.2 PDF Englisch (2.24 MB)
PDF Französisch (2.24 MB)
VPN Deploy­ment Guide 5.2 PDF Englisch (575 Kb)
PDF Französisch (572 Kb)
VPN Gateway Konfigura­tion Alle Deutsch (Online)
Englisch (Online)
Französisch (Online)
Token und Smart­Cards Alle Deutsch (Online)
Englisch (Online)
Französisch (Online)
PKI Konfiguration,
Zertifikate, Token
Alle PDF Englisch (237 Kb)
PDF Französisch (239 Kb)
VPN Management Tools Alle Französisch (Online)

Features, How-To
Authentisierungs­server / Radius Alle Deutsch (Online)
Englisch (Online)
Französisch (Online)
USB Feature Alle Deutsch (Online)
Englisch (Online)
Französisch (Online)
Remote Desktop Sharing Alle Deutsch (Online)
Englisch (Online)
Französisch (Online)
Sprachen, Übersetzungen Alle Englisch (Online)
Französisch (Online)
Support
FAQ Alle Deutsch (Online)
Englisch (Online)
Französisch (Online)
Online Support Alle Englisch (Online)
Französisch (Online)
Video Anleitungen

Howto 'USB Drive' Feature
YouTube Video

Howto 'RDP Session' Feature
YouTube Video

VPN Client Top Features
YouTube Video

Remote Desktop Sharing
YouTube Video