VPN Client Produkte
Support / FAQ
VPN Gateways
VPN Token
BestellenZertifizierte CC EAL3+ Sicherheit für Regierungsbehörden und strategische Betreiber.
Der TheGreenBow-zertifizierte VPN Client ist der erste VPN-Client weltweit, der die Common Criteria EAL3+ -Zertifizierung in Kombination mit der Qualifikation für die Verwendung mit EU- und NATO-Beschränkungen erhalten hat.
Die Zertifizierung bestätigt und garantiert die Zuverlässigkeit und die solide Implementierung des VPN Clients, sowie das unübertroffene Sicherheitsniveau, das unser Produkt bietet.
Der Zertifizierungsprozess validiert auch die Qualität der internen Verfahren für Softwareentwicklung, Kundensupport, Qualitätssicherung, Dokumentation und Wartung und bietet die Garantie für einen qualitativ hochwertigen Support und eine permanente Verbesserung des TheGreenBow Certified VPN Client.
Der TheGreenBow Certified VPN Client ist der einzige VPN Client, der das für die Sicherung von Remoteverbindungen in hochsensiblen Umgebungen wie strategischen Betreibern, privaten und öffentlichen Verwaltungen und Regierungsbehörden erforderliche zertifizierte Vertrauensniveau bietet.
Die TheGreenBow Premium VPN Client Lizenz wird als Jahresabonnement für den VIP-Support und die Wartung bereitgestellt.
Referenzen:
- ANSSI Certification Reference for TheGreenBow VPN Client
- NATO / NIAPC Catalog Reference for TheGreenBow VPN Client
- EU Approved cryptographic products - RESTREINT UE/EU RESTRICTED
- Common Criteria EAL3+
SECURITY ALERT
In Release 5.22.005 wurden Sicherheitslücken gefunden. Sehen Sie hierzu unsere Security Advisory Page mit allen Informationen und führen Sie bitte ein Update auf die aktuellste Release Version 5.22.008 (Zur Download Seite) durch, welches die Sicherheitslücken schliesst.
Certified VPN Client Download
Release Version: 6.52.006
- Größe: 25 MB
- Datum: Dezember 2019
- Download-Datei
Unterstützte Betriebssysteme
- Windows 10 32/64-bi
- Windows 8 & 8.1 32/64-bit
- Windows 7 32/64-bit
- Windows Server 2019
- Windows Server 2012 32/64-bit
- Windows Server 2008 32/64-bit
Sprachversionen
- Arabisch, Chinesisch (Simplified), Holländisch, Englisch, Finnisch, Französisch, Deutsch, Griechisch, Hindi, Italienisch, Japanisch, Polnisch, Portugiesisch, Russisch, Serbisch, Slowenisch, Spanisch, Thai, Türkisch, Tschechisch, Ungarisch, Persisch, Norwegisch und Dänisch
32/64-bit
Certified VPN Client Release Notes
Client Release Version 5.2
Was ist neu in Version 5.2?
SECURITY ALERT
In Release 5.22.005 wurden Sicherheitslücken gefunden. Sehen Sie hierzu unsere Security Advisory Page mit allen Informationen und führen Sie bitte ein Update auf die aktuellste Release Version 5.22.008 (Zur Download Seite) durch, welches die Sicherheitslücken schliesst.
Release Version 5.2
- Improvement (vulnerability): Improvement of the CA handling in the Windows Certificate Store.
- Vulnerability fixing: DOS on the configuration panel with an oversized administrator password.
- Vulnerability fixing: Some padding bytes of the VPN configuration file signature can be patched.
- Vulnerability fixing: DOS while the software is in trace mode, with a UDP packet flood.
- Vulnerability fixing: The VPN Client software accepts to authentify the gateway even if no AUTH payload is received.
- Vulnerability fixing: Certificate date validity can be bypassed through the use of GeneralizedTime format.
- Vulnerability fixing: DOS upon malformed certificate reception.
- Vulnerability fixing: Possibility of a man-in-the-middle attack via the use of a CA stored in the Windows certificate store.
- Vulnerability fixing: DOS when managing certificate with special characters.
- Bug fixing: Command line option "/close" fixed.
- Bug fixing: Buffer overflow in GINA X-Auth login/password values
- Bug fixing: Buffer overflow in UI command line ()
- Improvement (vulnerability): PIN Code erased from process memory after being used
- Improvement (vulnerability): Import/Export password erased from process memory after being used
- Bug fixing: The integrity (signature) of a VPN Configuration is correctly and always checked when the configuration is imported. Corrupted configuration cannot be imported anymore.
- Bug fixing: GINA UI correctly displayed after first installation.
- Improvement (vulnerability): Strongest cryptographic mechanism for administrator password storage.
- Improvement (vulnerability): Administrator password is hidden in user memory.
- Improvement (vulnerability): Strongest access control mechanism, which avoid the access control being bypassed via code hacking.
- Improvement (vulnerability): Logs (trace) do not contain sensitive information.
- Improvement: Uninstall improvement on Windows 8
- Improvement: Setup and first launch correctly manage obsolete windows certificates
- Feature request: Gina Mode supported on Windows 7, Vista 32-64bit.
- Feature request: Added a password confirmation field when exporting a VPN Configuration.
- Feature request: ESP anti-replay service supported i.e. RFC 2401/4303.
- Feature request: Added several command lines (and setup init file) to better choose Certificates from Token or SmartCard in VPN Configuration. They are called PKI Options. For more details, look at our deployment guide on our website. "KeyUsage" allows limiting access only to "Authentication" certificates from the Token or SmartCard. "SmartCardRoaming" allows setting the rule used to fetch a Certificate from the Token or SmartCard. "Pkcs11Only" allows limiting access only to "PKCS#11" certificates from the Token or SmartCard. "NoCaCertReq" allows using Certificate with different Certificate Authority the VPN Gateway is using. "PKICheck" allows to force having the Root Certificate onto the user machine.
- Feature request: The PKI Options are also manageable through the user interface via a new tab in the "Tools" > "Option..." window.
- Feature request: Enable the IT manager to disable the Configuration Panel via registry key. When the specific registry key is set, the user cannot access the Configuration Panel (OEM partners specific).
- Feature request: The VPN Configuration backup folder might not exist on some custom Windows environment. The VPN Configuration backup folder is customized (OEM partners specific).
- Feature request: The Software Activation folder might not exist on some custom Windows environment. The Software Activation folder is customized (OEM partners specific).
- Feature request: Exclusion of DHCP protocol from network filter to allow DHCP mechanism when network configuration forces everything in tunnel (0.0.0.0/0.0.0.0).
- Feature request: Algorithms SHA2 is supported to sign with a CSP smart card.
- Feature request: Remove "buy" button (OEM partners specific).
- Feature: Korean is now embedded as a new language.
- Feature: Ability to open the current User Certificate Store when selecting a Certificate in the configuration Panel, instead of the local machine Certificate Store.
- Feature: Gemalto .NET with CSP middleware supported on Windows Vista & Seven.
- Improvement: New order to move the focus from one field to another with the tab key in the Configuration Panel > IPsec Phase 2 tab.
- Improvement: Do not display systray popup on Phase1/Phase2 renegotiation.
- Improvement: Extended the size of SmartCard PIN code field to be able to enter longer PIN code.
- Improvement: Ability to activate the software on Windows machine where system folders like MyDocuments or ProgramData might or might not be available.
- Improvement: Ability to connect to Wifi hotspot with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask 0.0.0.0).
- Improvement: The "Lock Access to Config Panel" password popup doesn't have focus.
- Improvement: VPN Configuration can be accessible in computer memory.
- Improvement: IKE buffer overflow with Vendor ID.
- Improvement: Minor cosmetic.
- Bug fixing: VPN Client "Start Mode" should be "Manual" instead of "After Windows logon" in Windows Seven 64bit (some OEM partners only).
- Bug fixing: The VPN Client cannot open a tunnel when using a Certificate with Unicode or UTF8 characters like Japanese characters.
- Bug fixing: PKCS#11 middleware used instead of CSP middleware when SmartCardRoaming Option is set to either 2, 3, 4 or 5.
- Bug fixing: No wrong PIN code popup when using Smart Card with CSP middleware.
- Bug fixing: Alternate DNS/WINS are not applied if tunnel open when enabling "Auto open this tunnel on traffic detection".
- Bug fixing: In Gina mode and "Open tunnel" with Alternate DNS/WINS, the DNS/WINS are applied to Local Interface instead of Virtual Interface.
- Bug fixing: Packet fragmentation not properly performed when modifying MTU size (some values) on Windows XP.
- Bug fixing: Software upgrade fails when using silent mode "/S".
- Bug fixing: Impossible to open with certificate when user does not have admin right.
- Bug fixing: VPN Client not responding after received Key renewal from router.
- Bug fixing: No tunnel when using SHA2 algorithm and Windows Certificate Store.
- Bug fixing: Another tunnel does not open properly after unplugging a smartcard with some smartcard models.
- Bug fixing: Crash IKE in some network circumstances when coming out of sleep mode, or when tunnel fails to open on "Wrong Remote Address" followed by "Save" VPN Configuration.
- Bug fixing: Remote Config feature creates logs in the wrong directory.
- Bug fixing: Activation not properly working in some circumstances like multiple user levels on the same machine.
- Bug fixing: Accept the Section ID in VPN Configuration file coming from the VPN Gateway when virtual IP address is set to 0.0.0.0.
- Bug fixing: Support VPN configuration coming from the VPN gateway containing "-" in the tunnel names.
- Bug fixing: The feature VPN "Peer to Peer" might fail when there is a router with NAT-T in between, in some network configuration.
- Bug fixing: VPN tunnel might not open when configured with a Certificate selected from the User Certificate Store.
- Bug fixing: The VPN tunnel opens properly but no traffic goes through when using X-Auth based configuration and VPN Client address is 0.0.0.0.
- Bug fixing: VPN Client stops responding for a while after received Key Renewal from the VPN Router in some VPN Configuration circumstances.
- Bug fixing: IP address renewal with DHCP server does not working properly with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask 0.0.0.0).
- Bug fixing: Import of VPN Configuration not working properly when the Certificate has a local ID type DER_ASN1_DN_ID containing a subject with chars like spaces and "/".
- Bug fixing: "Phase2" > "Advanced" > "Alternate Server" > IP addresses cannot be reset to 0.0.0.0.
- Bug fixing: The VPN tunnel fails to open when using Mode-Config with some specific VPN Routers (OEM partners).
- Bug fixing: Cannot create a VPN Configuration via the Configuration Panel (specific OEM partner customization).
Known issues
- Several Certificates with same Subject added to the Windows Certificate Store might prevent a tunnel to open in some circumstances.
- The VPN Client might be able to open tunnel under RDP sessions in some circumstances.
- Windows might not recognize software signature when installing the software although signature is provided, Windows Vista only.
VPN Certified Dokumentation
Video Anleitungen
Howto 'USB Drive' Feature
YouTube Video
Howto 'RDP Session' Feature
YouTube Video
VPN Client Top Features
YouTube Video
Remote Desktop Sharing
YouTube Video