90.1. Shrew Soft IPsec VPN client

90.1.1. Installing Shrew Soft IPsec VPN client

Go to https://www.shrew.net/ and download Shrew Soft IPsec VPN client (release 2.2.2) from DOWNLOAD > VPN Client For Windows section.

Double-click the downloaded file and install the program following the instructions (Standard Edition).

90.1.2. Checklist of parameters

This table show the parameters of Shrew Soft and their corresponding parameters in Abilis configuration. The information must be inserted in a “mirror” way: i.e. “LOCAL” information for Abilis are “REMOTE” for IPsec client and vice versa.

Table 90.1. Checklist of parameters

The Shrew Soft parameterAbilis IKE TableAbilis IKE Table parameter
Remote HostHOSTLOC-IP
Authetication metodHOSTAUTH
Pre Shared KeyPSKKEY
Cipher AlgorithmHOSTCIPHER
Hash AlgorithmHOSTHASH
DH ExcangeHOSTDH
Auto ConfigurationHOSTMODE-CFG
Remote Identification TypeHOSTID-TYPE
Remote Address StringHOSTIP or FQDN
Local Identification TypeHOSTPEER-ID-TYPE
Local Address StringHOSTPEER-IP or PEER-FQDN
Local HostCLINET-REM
Transform AlgorithmCLIESP-CIPHER
HMAC AlgorithmCLIESP-AUTH
PFS ExcangeCLIPFS
Remote Network ResourceCLINET-LOC

90.1.3. Configuring Shrew Soft IPsec VPN client

Suppose that Abilis is configured in the following way. Refer to Section 83.19.1, “How to configure a RAS using IPSEC VPN server” for the configuration of IPsec and IKE resources.

[22:54:53] ABILIS_CPX:d ike host:0

-------------------------------------------------------------------------------
HOST: NAME:                              LIFETIME: HASH:     DPD:    DPD-ACTION:
      LOCIP:          NATT:   MODE:      MODE-CFG: DH:               DPD-DELAY:
      REMIP:          SIDE:   AUTH:      XAUTH:    CIPHER:   SA-TRY: DPD-TOUT:
      XAUTH-USER:                        XAUTH-PWD:
      -- PSK ID ---------------------------------------------------------------
      ID-TYPE:        IP:/ID:
      PEER-ID-TYPE:   PEER-IP:/PEER-ID:
      -- RSA Cert -------------------------------------------------------------
      CERT-SEND:      ASN1-DN:
      CERT-PEER:      PEER-ASN1-DN:
      CERT-VERIFY:
-------------------------------------------------------------------------------
0     Agent_HOST1                        28800     SHA1      YES     STOP
      080.080.080.080 SYS     MAIN       NO        MODP1024          30
      *               INSIDE  PSK        NO        AES256    3       120
      -- PSK ID ---------------------------------------------------------------
      IP              080.080.080.080
      IP              192.168.200.001
-------------------------------------------------------------------------------

[22:54:53] ABILIS_CPX:d ike psk:0

-------------------------------------------------------------------------------
PSK: KEY:     PEER-ID-TYPE:  PEER-IP:/PEER-ID:
-------------------------------------------------------------------------------
0    ******** ANONYMOUS      

[22:54:53] ABILIS_CPX:d ike cli:0

-------------------------------------------------------------------------------
CLI:  NAME:                                LIFETIME: ESP:        AH:
HOST: NET-LOC:           RULE:  PASSIVE:   PFS:      ESP-AUTH:   AH-AUTH:
      NET-REM:                  PERMANENT: TUNNEL:   ESP-CIPHER: MODE-CFG-DNS:
-------------------------------------------------------------------------------
0     Agent_Cli1                           3600      YES         NO
0     192.168.001.000/24 IPSEC  YES        YES       SHA1        SHA1
      192.168.200.001/32        YES        YES       AES256      SYS
-------------------------------------------------------------------------------

Execute Shrew Soft program (VPN Access Manager): the following window will appear.

Click the Add button to create a new VPN connection. Configure General tab as shown here below.

Click the Name Resolution tab and configure the DNS as shown here below.

Click the WINS subtab and disable WINS.

Click the Authentication tab and configure as shown here below.

Click the Remote Identity subtab and configure as shown here below.

Click the Credentials subtab and configure as shown here below.

Click the Phase 1 tab and configure as shown here below.

Click the Phase 2 tab and configure as shown here below.

Click the Policy tab and click the Add button.

Insert the Remote Network and click Ok.

The Shrew Soft VPN IPsec client is now configured. Click the Save button to save the configuration.

Select the VPN connection recently configured and click the Connect button.

The following window will appear. Click the Connect button to open the VPN connection.

If will appear the message "tunnel enabled", then VPN connection is active

Click the Disconect button to close the VPN connection. Click Exit button to close the window.