89.2. TheGreenBow IPsec VPN client

89.2.1. Installing TheGreenbow IPsec VPN client

Go to http://www.thegreenbow.com/ and download TheGreenBow IPsec VPN client from Products > VPN Client > Download section.

Double-click the downloaded file and install the program following the instructions.

89.2.2. Checklist of parameters

These tables show the parameters of TheGreenBow and their corresponding parameters in Abilis configuration. The information must be inserted in a “mirror” way: i.e. “LOCAL” information for Abilis are “REMOTE” for IPsec client and vice versa.

Table 89.2. Phase 1 parameters

TheGreenBow parameterAbilis IKE TableAbilis IKE Table parameter
NameHOSTNAME
InterfaceHOSTREM-IP
Remote GatewayHOSTLOC-IP
Preshared KeyPSKKEY
EncryptionHOSTCIPHER
AuthenticationHOSTHASH
Key GroupHOSTDH
Remote ID (Advanced parameter)HOSTID-TYPE
Remote ID Value (Advanced parameter)HOSTIP or FQDN
Local ID (Advanced parameter)HOSTPEER-ID-TYPE
Local ID Value (Advanced parameter)HOSTPEER-IP or PEER-FQDN

Table 89.3. Phase 2 parameters

TheGreenbow parameterAbilis IKE TableAbilis IKE Table parameter
NameCLINAME
VPN Client addressCLINET-REM
Address typeCLI
Remote host addressCLINET-LOC
Subnet MaskCLINET-LOC
EncryptionCLIESP-CIPHER
AuthenticationCLIESP-AUTH
ModeCLITUNNEL

89.2.3. Configuring TheGreenBow IPsec VPN client

Suppose that Abilis is configured in the following way. Refer to Section 81.19.1, “How to configure a RAS using IPSEC VPN server” for the configuration of IPsec and IKE resources.

[22:54:53] ABILIS_CPX:d ike host:0

-------------------------------------------------------------------------------
HOST: NAME:                              LIFETIME: HASH:     DPD:    DPD-ACTION:
      LOCIP:          NATT:   MODE:      MODE-CFG: DH:               DPD-DELAY:
      REMIP:          SIDE:   AUTH:      XAUTH:    CIPHER:   SA-TRY: DPD-TOUT:
      XAUTH-USER:                        XAUTH-PWD:
      -- PSK ID ---------------------------------------------------------------
      ID-TYPE:        IP:/ID:
      PEER-ID-TYPE:   PEER-IP:/PEER-ID:
      -- RSA Cert -------------------------------------------------------------
      CERT-SEND:      ASN1-DN:
      CERT-PEER:      PEER-ASN1-DN:
      CERT-VERIFY:
-------------------------------------------------------------------------------
0     Agent_HOST1                        28800     MD5       YES     STOP
      080.080.080.080 SYS     MAIN       NO        MODP1024          30
      *               INSIDE  PSK        NO        3DES      3       120
      -- PSK ID ---------------------------------------------------------------
      IP              080.080.080.080
      IP              192.168.200.001
-------------------------------------------------------------------------------

[22:54:53] ABILIS_CPX:d ike psk:0

-------------------------------------------------------------------------------
PSK: KEY:     PEER-ID-TYPE:  PEER-IP:/PEER-ID:
-------------------------------------------------------------------------------
0    ******** ANONYMOUS      

[22:54:53] ABILIS_CPX:d ike cli:0

-------------------------------------------------------------------------------
CLI:  NAME:                                LIFETIME: ESP:        AH:
HOST: NET-LOC:           RULE:  PASSIVE:   PFS:      ESP-AUTH:   AH-AUTH:
      NET-REM:                  PERMANENT: TUNNEL:   ESP-CIPHER: MODE-CFG-DNS:
-------------------------------------------------------------------------------
0     Agent_Cli1                           3600      YES         NO
0     192.168.001.000/24 IPSEC  YES        YES       MD5         MD5
      192.168.200.001/32        YES        YES       3DES        SYS
-------------------------------------------------------------------------------

Execute TheGreenBow program: the following window will appear.

Configuration of Phase 1.

  • Right click on Configuration, and select New phase 1.

  • Configure Phase 1 as shown here below.

  • Click the Advanced… button and configure the following window as explained.

  • Click the OK button to close the window.

  • Click the Save & Apply button to save and initialize the changes made.

Configuration of Phase 2.

  • In the main window right click on the selected Phase 1 and select Add Phase 2.

  • Configure Phase 1 as shown here below and click the Save & Apply button to save and initialize the changes made.

  • Then click the Open Tunnel button to open the VPN.

  • When the VPN is active the “Tunnel” light at the bottom becomes green. It's possible to display the status of the connection by clicking on Connections: this window will be shown.

  • To close the Tunnel, click the Close Tunnel button.