Finally, a working,*free* VPN client for Windows7, including 64.

Hi.

As I know many here are looking for a VPN Client for Win7 working with 
Bordermanager, I spent some time to try something out, and found a 
solution that's not perfect (yet), but IMHO good enough to be published. 
I've not finished my full documentation yet, but I nevertheless post the 
information now.

This is the client that works:

http://www.shrew.net/

There are some restrictions you will have to live with for now:

1. You have to manually configure the protected Networks in the VPN 
Client. It can't (at least I coudln't make it work), pull the protected 
network policy from the BM, liek the Novell client does.

2. Currently, the rekeying of the IKE key when it expires doesn't work, 
and the client loses the connection when it's time to rekey. *But*, I've 
succesfully configured the client to use a key lifetime of 28800 
seconds, e.g 8 hours. That should be good for most setups.

So, here are the basics:

The client works in Certificate Mode (and also Prehared Key, but that's 
not really a supported setup in Bordermanager for clients, so I'll 
concentrate on Cert mode only).

So, the prerequisites are, first of all, Bordermanager 3.9, fully 
patched. No way for BM3.8, sorry.

Second, your VPN Server Certificate for the BM Server needs to be in 
good shape (which it probable isn't for many here, as the default one 
expires after 2 years, which, unless you also run a S2S VPN, goes 
unnoticed).

Third, you need to create custom User Certificates for every VPN User in 
Imanager. *Custom* is important, because the key usage must be manually 
specified to include all three options, Digital Signature, Key 
Encipheremt and Data Encipherment.

Last but not least, you need to export user certificate (*including 
privat key*), and convert it into .pem format. You can use Openssl to do 
that. Here's a doc showing the necessary commands:

http://www.sslshopper.com/article-most-common-openssl-commands.html

You also need a *current* copy of your CA root cerificate 
(sys:\public\rootcert.der on Netware), and convert that to .pem format too.

This is all, so this is the options you need to set in the client, or 
rather the setting that worked for me. Here, for brevity, I'll only list 
those, that are non-default:

In the "General" Tab, as Address Method, chose "Use an existing Adapter 
and current address"

In the "Client" Tab, disable Ike Fragmentation, and "Enable Client Login 
Banner"

In the "Name Reolution" Tab, for initial testing, disable everything. 
You can later configure a potential internal DNS server.

Now the key page: The "Authentication" Tab:

Authentication Method: "Mutual RSA"

Local Identity:

Identification Type: ASN.1 Distinguished Name, and "use the subject in 
the client certificate" enabled.

Remote Identity: ANY.

Credentials: You need to fill in the paths to your previously exported 
and converted certificates and the key.

"Phase 1" Tab:

Exchange Type: Main

DH Exchange: Auto

Cipher Algorithm: 3des

Hash Algorithm: sha1 (md5 should work too).

"Phase 2" Tab:

Transform Algorithm: esp-3des

HMAC Algorithm: md5 (again, sha1 should work here, may test)

PFS Exchange: disabled (this must be disabled in BM too (Perfect Forward 
Secrecy). I didn't test if both sides set to "enabled" works).

Compress Algorithm: disabled.

Key Life Time: 28800 (this is above mentioned setting to avoid the 
problem with the failing rekeying).


"Policy" Tab:

Policy Generation Level: Auto.

Maintain persistent SAs: disabled.

Obtain Topology automatically or Tunnel all: disabled. (My CLient 
traffic rules include only one subnet. I know many BM setups are 
configured to encrypt all Networks, I haven�t tested if this settign 
enabled works in such a setup).

Now you need to manually add every protected ressource (network) exactly 
as configured on your BM. You can see the protected Networks in the BM 
VPN client when it has a connection.


That should do it. I will hopefully produce a more detailed graphic 
documentation for all necessary steps soon, especially the Bordermanager 
Setup and configuration for Certificate mode.

Please fel free to post here for comments and questions.

Have fun!

CU,
-- 
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0
Massimo
2/6/2012 11:49:12 AM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

0 Replies
799 Views

Similar Articles

[PageSpeed] 35
Get it on Google Play
Get it on Apple App Store

Reply:

Similar Artilces:

windows7 VPN client blocks all other VPN
We have a strange situation at one of our customers. There is a C2S connection on a BM3.9 server. There are 2 PC running XP in the remote location. This setup runs properly since 2-3 years. Yesterday a new PC, Windows 7 ()32bit) was installed in the remote office. Tried to do VPN connection with VPN client 3.9.2 from the Windows & machine, but we got error (Failed to get DH public value). But after this the old XP machines were also unable to connect. After a server restart the windows XP machines are able to login again. 1)Is there any kind of defense mechanism in the BM ...

Bordermanager VPN client AND iFolder 2 client
Hello, We have always given our laptop users the Novell BorderManager VPN client (WinXP Pro)to access various services. We now have iFolder 2.1 available to them. However, when they install the iFolder client, on reboot, they are informed that a problem has occured with the installion the iFolder client and to retry the install. This doesn't get resolved. Is it possible to run both?. I know the VPN client is not required for remote access to iFolder, however, our users need the VPN client to access other services. Rgds. Stan Chelchowski Hi, stanch@**.co.uk wrote: &...

Error connecting to VPN through VPN Client
Hi, I am running NW6.5 with BM3.8 and everytime I type in my server ip and the other options to login to the server through vpn with NMAS i get the error, "failed to connect to the authentication gateway either 19*.***.***.*** is an invalid server address or the authentication gateway is not loaded on the server" What is the usual cause of this? > Hi, > > I am running NW6.5 with BM3.8 and everytime I type in my server ip and the > other options to login to the server through vpn with NMAS i get the error, > > "failed to connect to the a...

VPN Client
I have a Border Manager 3.7 server with a Site to Site and Client to Site VPN enabled. The VPN client can access all information of the WAN except for the site that is accross the Site to Site VPN. The client to site is configured to encrypt this network. From the internal network the remote site accross the VPN site to site works fine. Any help would be appreciated Rob C Rob, This is really working as designed. If you want a vpn client to access the other site, you'll need to enable client-site on the other BM server. -- Lance Reynolds, CNE &l...

Free VPN client?
I need to connect no a linksys BEFVP41 from a w2k machine. SSH�s (www.ssh.com) Sentinel worked great but my license expired. I was wondering if I could find a free windows IPSEC VPN client. Does anybody know of one? Thanks, Eduardo Eduardo <nospam@nospam.com.br> wrote: > I need to connect no a linksys BEFVP41 from a w2k machine. SSH�s > (www.ssh.com) Sentinel worked great but my license expired. I was > wondering if I could find a free windows IPSEC VPN client. Does anybody > know of one? No clue. http://www.google.com/search?hl=en&q=ipsec+vpn+client+f...

Free vpn client
Well, I have been searching the net looking for a free (possibly open source) vpn client to use on a winxp pro or vista machine but did not find anything. It just seems the only available choices, although good, are commercial products. The vpn client integrated in windows xp seems too basilar and I am looking for something else. Is anybody aware of a good free, possibly open source, client around? This is my situation: I own an adsl router from Digicom that integrates a vpn server and client (pptp, l2tp ipsec or ipsec) and I use win vista basic edition to connect to my router ...

MS VPN Client to BM38 VPN Server?
On win2k and on XPHome I create a network connection which is a VPN connection, then try to do certificate authentication to the BM 38 VPN server. I have the Novell VPN client on the same machine which can authenticate with the same certificate. The MS client returns an Error 800: unable to establish connection, maybe the network is unreachable, maybe your security settings are wrong. With the Novell Client I pick exactly the certificate I want to use to authenticate. I can't find that option in the MS client, I can select a Trusted Root (so I had to export the Trusted Root and add it ...

Newest VPN client not working
I tried to use the new VPN Client and couldn't log in. The client connected and started to authenticate, but . . . I'm on a WinXP fully patched PC with Novell Client 4.9.1 SP5. My firewall is off, I have a router and I'm on comcast broadband. I reinstalled the prior version (3.8.16) and connected right away. Here is part of my IKE log files for the period using the newest VPN client. ******************************************************************* 2-22-2009 9:41:05 pm Start IPSEC SA 8E536C60 - Initiator****totSA=1 2-22-2009 9:41:05 pm src from IPsec 2-22-2009 9...

VPN Client
Hi, i am using a Dell Latitude 800 Notebook with W2k SP3 (german) and NWClient 4.83 SP1 (engl.) + nt483pt6 + 483filtr and bm37vpn2.exe + 37vpnup1.exe. For a long time hibernate (suspend to disk) worked without any problem. Since some weeks (IMHO i did not change anything at the Client, SPs or things like that) hibernate does not work anymore, there is a problem with the driver for "3Com 10/100 Mini PCI Ethernet Adapter - Novell Virtual Private Network Miniport". I already installed the newest patches for the NWClient, reinstalled the VPN Client with the beta patch (...

Bordermanager VPN Client and Linux
Hello, has anyone tried to connect with the Bordermanager VPN Client to a Linux VPN Gateway? Could anyone give me a hint? I try it since 3 days. Thanks to everyone In article <662b3276.0408050404.5c96b3ab@posting.google.com>, Arndt wrote: > has anyone tried to connect with the Bordermanager VPN Client to a > Linux VPN Gateway? Could anyone give me a hint? I try it since 3 days. > I think I tried it a few months ago, but did not spend much time. Are you trying certificate mode or preshared key? Either should work, but I agree that it could take a lot of trying...

Cisco VPN Client not working
I have a Netware 6.5SP6 server with BM3.8SP5. I have recently added certificate support. This is working fine with the BM3xVPN16 client. I can not seem however to get this working with the Cisco VPN software. I imported my certificate (obtained thru the Novell VPN client and through logging in as the user and exporting the certificate) gave it a new password (and tried the original password set during the �Get Certificate�) added the connection, and I keep getting errors. I have enabled �all users/certificate authentication�, just to get the connection to work. I have set...

Bordermanager vpn vs Cisco router vpn etc
I have a small client with a Novell 5.x server with about 35 clients, many of which are needing some sort of vpn access. Trying to figure out if it is easier to setup border manager for vpn access on the server or simply get a router that will provide vpn access. Which would be easier or more cost effective in this scenario over a dsl connection. Any suggestions or comments are appreciated. Thanks Paul I guess it depends a lot on cost. Do you already have BMgr? (A copy that includes client-site VPN?) If so, just install that and configure it. As for using ...

NBM VPN-Client /w Cisco VPN Concentrator
Hi all, Is it possible to use the Novell BorderManager VPN-Client to connect to a Cisco VPN Concentrator? If so, can anybody point me in a direction how to set this up? Thanks in advance. Rgrds, Martijn Yes, it should be possible, but no, I don't know where to point for config info. However, as part of interoperability testing (for VPN certification), I'm pretty sure this scenario was tested and worked. Myself, I would first get the BMgr VPN set up (with BMgr VPN client and BMgr VPN server) to do certificate-based authentication, so that you know what to do on...

VPN C2S using Cisco VPN Client to BM38...
Has anyone got the Cisco VPN Client successfully connecting to a BM38 server? Is so, is there an Appnote like for S2S using BM38 to Cisco IOS... I have seen quite a few posts about this subject by no real positive stuff like....I've got it working!! Cheers, Richard. Hello Richard, i'm only know two tid's from novell discribe this problem, but i dosn't know someone how get it work ;-) S2S Cisco and BM: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090479.htm C2S Cisco to BM http://support.novell.com/cgi-bin/search/searchtid.cgi?/1009543...

Web resources about - Finally, a working,*free* VPN client for Windows7, including 64. - novell.bordermanager.vpn

Working fluid - Wikipedia, the free encyclopedia
A working fluid is a pressurized gas or liquid that actuates a machine . Examples include steam in a steam engine , air in a hot air engine and ...

Company trials email-free working
Italian firm tells staff to stop emailing each other for a week to reduce stress.

Yangtze ferry disaster: Chinese ferry sinks with 458 on board; rescuers working to free passengers from ...
Rescuers are working to save passengers trapped inside the hull of a ship that capsized in the Yangtze River with 458 people on board.

U.S., Turkey working to establish ISIS-free zone in northern Syria
The U.S. and Turkey are finalizing plans for a military campaign to push ISIS out of a strip of Syrian territory along the Turkish border, a ...

Canadian Coast Guard working to free ship trapped on Lake Erie
Canadian Coast Guard officials are attempting to free a freighter stuck in the ice on southern Lake Erie.

Asking for Free Work – Working on Spec
... Dymond : Learn more about our Scrum and Agile training sessions on WorldMindware.com Please share! The post Asking for Free Work – Working ...

Google Is Working On A High Performance, Java-Free App Framework For Android Based On Dart
Most of the standard (non-game) Android apps we use today are created with Java. Alternatives are available, like Apache Cordova and Mono for ...

UPDATE: Abe says Japan is still working to free 2 hostages, calls unverified video 'unforgiveable'
Prime Minister Shinzo Abe said Jan. 25 that Japan was still working to free two hostages held by the extremist Islamic State group while calling ...

Wild Nothing working on third LP, going on free Converse Rubber Tracks tour this month
by Bill Pearis Jack Tatum is currently finishing up work on the third Wild Nothing album (Nocturne came out in 2012). While no details on that ...

Konami working on a new, likely Kojima-free Metal Gear
Konami's website has the first indications of Metal Gear Solid continuing without series creator Hideo Kojima . This note from Konami confirms ...

Resources last updated: 11/25/2015 7:18:19 PM