80.1. Shrew Soft IPsec VPN client

80.1.1. Installing Shrew Soft IPsec VPN client

Go to https://www.shrew.net/ and download Shrew Soft IPsec VPN client (release 2.2.2) from DOWNLOAD > VPN Client For Windows section.

Double-click the downloaded file and install the program following the instructions (Standard Edition).

80.1.2. Checklist of parameters

This table show the parameters of Shrew Soft and their corresponding parameters in Abilis configuration. The information must be inserted in a “mirror” way: i.e. “LOCAL” information for Abilis are “REMOTE” for IPsec client and vice versa.

Table 80.1. Checklist of parameters

The Shrew Soft parameterAbilis IKE TableAbilis IKE Table parameter
Remote HostHOSTLOC-IP
Authetication metodHOSTAUTH
Pre Shared KeyPSKKEY
Cipher AlgorithmHOSTCIPHER
Hash AlgorithmHOSTHASH
DH ExcangeHOSTDH
Auto ConfigurationHOSTMODE-CFG
Remote Identification TypeHOSTID-TYPE
Remote Address StringHOSTIP or FQDN
Local Identification TypeHOSTPEER-ID-TYPE
Local Address StringHOSTPEER-IP or PEER-FQDN
Local HostCLINET-REM
Transform AlgorithmCLIESP-CIPHER
HMAC AlgorithmCLIESP-AUTH
PFS ExcangeCLIPFS
Remote Network ResourceCLINET-LOC

80.1.3. Configuring Shrew Soft IPsec VPN client

Suppose that Abilis is configured in the following way. Refer to Section 72.19.1, “How to configure a RAS using IPSEC VPN server” for the configuration of IPsec and IKE resources.

[22:54:53] ABILIS_CPX:d ike host:0

Parameter:  | Value:
------------+------------------------------------------------------------------
HOST:         0
NAME:         user_1
LOC-IP:       080.080.080.080
REM-IP:       *
IPRES:        4
AUTH:         PSK
HASH:         MD5
DH:           MODP1024
CIPHER:       3DES
SIDE:         INSIDE
XAUTH:        NO
XAUTH-USER:
XAUTH-PWD:
MODE-CFG:     NO
KEYING-TRIES: 3
LIFE-TIME:    3600
DPD-ENABLE:   YES
DPD-DELAY:    30
DPD-TIMEOUT:  120
DPD-ACTION:   RESTART
ID-TYPE:      IP
IP:           080.080.080.080
PEER-ID-TYPE: IP
PEER-IP:      192.168.200.001
-------------------------------------------------------------------------------

[22:54:53] ABILIS_CPX:d ike psk:0

Parameter:  | Value:
------------+------------------------------------------------------------------
PSK:          0
KEY:          ********
ID-TYPE:      ANONYMOUS
-------------------------------------------------------------------------------

[22:54:53] ABILIS_CPX:d ike cli:0

Parameter:  | Value:
------------+------------------------------------------------------------------
CLI:          0
NAME:         user_1
HOST-ID:      0
RULE:         IPSEC
PASSIVE:      YES
PERMANENT:    YES
TUNNEL:       YES
ESP:          YES
ESP-CIPHER:   3DES
ESP-AUTH:     MD5
AH:           NO
AH-AUTH:      MD5
LIFE-TIME:    28800
PFS:          YES
NET-LOC:      192.168.001.000/24
NET-REM:      192.168.200.001/32
MODE-CFG-DNS: SYS
-------------------------------------------------------------------------------

Execute Shrew Soft program (VPN Access Manager): the following window will appear.

Click the Add button to create a new VPN connection. Configure General tab as shown here below.

Click the Name Resolution tab and configure the DNS as shown here below.

Click the WINS subtab and disable WINS.

Click the Authentication tab and configure as shown here below.

Click the Remote Identity subtab and configure as shown here below.

Click the Credentials subtab and configure as shown here below.

Click the Phase 1 tab and configure as shown here below.

Click the Phase 2 tab and configure as shown here below.

Click the Policy tab and click the Add button.

Insert the Remote Network and click Ok.

The Shrew Soft VPN IPsec client is now configured. Click the Save button to save the configuration.

Select the VPN connection recently configured and click the Connect button.

The following window will appear. Click the Connect button to open the VPN connection.

If will appear the message "tunnel enabled", then VPN connection is active

Click the Disconect button to close the VPN connection. Click Exit button to close the window.