Tunneling Protocol with full IKE support. Our IKE implementation is based on the OpenBSD 3.1 implementation (ISAKMPD), thus providing best compatibility with existing IPSec routers and gateways. Full IPSec support:

• Main mode and Aggressive mode
• MD5 and SHA hash algorithms

IP Encapsulating Security: mode tunnel & transport. Multi-tunneling to several VPN Gateways. Allows 'IPSec only' trafic filtering, can block all other connections than the VPN connections. Accepts incoming IPSec Tunnels.

Strong User Authentication provided by:

• PreShared keying
• X-Auth
• USB Token and SmartCard
• X509 Certificates. Flexible Certificate format (PEM, PKCS12, ...) on various media (USB, smartcard, tokens)
• Hybrid mode is a specific authentication method used within IKE. Phase 1. This method assume an asymmetry between the authenticating entities.
• Keying group: Support of Diffie-Hellman Group1, 2, 5 and 14 (i.e. 1536 and 2048)

All connections types such as Dial up, DSL, Cable, GSM/GPRS and WiFi are supported. Several connection modes:

• IPSec VPN Client to Gateway Mode
  allows remote users and business partners or subcontractors to securely connect to the corporate network, with strong authentication solution.
• Peer to Peer Mode
  can be used to securely connect branch office servers to the corporate information system.
• Redundant gateway
  can offer to remote users a highly reliable secure connection to the corporate network. Redundant gateway feature allows TheGreenBow IPSec VPN Client to open an IPSec tunnel with an redundant gateway in case the primary gateway is down or not responding.

USB token and SmartCard add another layer of security on top of IPSec:

• VPN configurations and security elements (certificates, preshared key,…) can be saved into an USB Stick in order to remove authentication information from the computer.
• TheGreenBow IPSec VPN Client can read Certificates from SmartCards to make full use of existing corporate ID card or employee cards that may carry Digital credentials.

The VPN Configuration is fully protected when it is stored locally on the work station or stored on a USB stick. All the Security Elements of a VPN tunnel (certificates, private key and the whole IPSec/IKE configuration) are encrypted.

The localization of the IPSec VPN Client is fully customisable, even by a third party. To know how to produce a new localization, see our localization page.

Multiple Remote Desktop Sharing sessions may be configured in the 'Remote Sharing' tab. This feature enables a user to share his machine on the corporate network from a remote location like home. When the user click on one of the Remote Desktop Sharing session, the associated VPN tunnel automatically opened, and an Remote Desktop Protocol session is launched to reached the remote machine.

NAT-Traversal support of Draft 1 (enhanced), Draft 2, Draft 3 and RFC 3947 (full implementation), IP address emulation, including:

• NAT_OA support (floating port for IKE exchange)
• NAT keepalive
• NAT-T in aggressive mode
• Forced NAT-T

Strong IPSec encryption provided by:

• DES, 3DES 192 bit
• AES 128, 192, 256 bit
• RSA 2048

"Mode-Config" is an Internet Key Exchange (IKE) extension that enables the IPSec VPN gateway to provide LAN configuration to the remote user's machine (i.e. IPSec VPN Client). Once the tunnel is opened with "Mode Config", the end-user is able to address all servers on the remote network by using their network name (e.g. //myserver/marketing/budget) instead of their IP Address.

IP Range is a new feature that enables TheGreenBow IPSec VPN Client to establish a tunnel only within a range of predefined IP addresses

Multi vendor strategy allows us to support as many IPSec VPN Gateways and Routers on the market as possible to offer a true multi-vendor solution to enterprises. TheGreenBow has certified several IPSec VPN gateways like Bewan, Cisco, Linksys, Netgear, Netscreen, SonicWall, Symantec, Zyxel and Linux appliances that support StrongS/WAN or FreeS/WAN.

Please also check our Certified VPN Gateway/Routeur complete list. If you are experiencing testing errors or stagging errors, compatibility issues or configuration problems in a multi gateways/routers environment then you want to try TheGreenBow IPSec VPN Client.

Vista Credential Providers (aka GINA on W2K/WXP) support to enable Windows logon via VPN tunnel or choose to logon on local machine.

Flexible software deployment means software, configuration, policy and updates can be deployed whenever and wherever they are needed while maintaining low TCO for your organisation. TheGreenBow software provides the best combination of strong IPSec security and "lightweight" IPSec Clients that can be web-deployed to simplify IPSec based network-layer access. TheGreenBow IPSec VPN Client has a tiny software footprint without compromising any security features.

Silent install and invisible graphical interface allow IT managers to deploy solutions while preventing users from misusing configurations. For more details about silent install, see our Deployment User Guide.

To allow IT Managers to deploy VPN Configurations securely, import and export functions are available both through the GUI or through direct command line options. These import and export functions may be protected with a password in order to ensure the protection of the VPN Configuration diffusion.

Operates as a Service, allowing the use on unattended Servers.