[Vpn-devel] various bugs and fixes

Matthew Grooms mgrooms at shrew.net
Wed Oct 10 00:05:15 CDT 2007

Nicolas Deschildre wrote:
> Yes! Could you give me some background on the differents VPN client
> capabilities, and what the shrew soft VPN client can/can't do? For
> example, I have understood that the vpnc client is only for cisco
> ipsec servers, not others...

The Shrew Soft VPN client is an advanced cross platform IPsec VPN client 
for FreeBSD, NetBSD, Linux and Windows 2000/XP. It includes an Internet 
Key Exchange daemon, pfkey library and Qt based client applications to 
manage the connections. On unix targets, the client is 100% open source 
and uses the existing kernel IPsec functionality ( unlike vpnc ). On 
windows, client uses some proprietary kernel modules and IPsec protocol 
processing code that is not open source but is still free for both 
commercial and personal use.

The IKE daemon can be used to provide client connectivity or can be run 
as a stand-alone component on a VPN Gateway to service client 
connectivity. The GUI client tools offer a powerful interface that can 
be used to configure all aspects of a remote Site Configuration. To 
initiate a connection, you just hilight the Site and click the connect 
button. The daemon supports lots of features such as using Virtual 
private adapters, Dead Peer Detection, NAT-T, IKE Fragmentation, RSA or 
Preshared Key peer authentication, optional Xauth or Hybrid user 
authentication, Mode config ( ike-cfg ) for automatic client 
configuration, advanced policy generation and much more.

Although the software was originally created to inter-operate with the 
ipsec-tools racoon ike daemon, it has been reported to work with many 
commercial VPN gateways such as Cisco, Lancom, Zywall, Linksys as well 
as other open source Key daemons such as Strong/Free SWAN and OpenBSD 

For a complete list of features for the VPN Client 2.0.1 release, please 
take a look at the online documentation available here ...


The next version 2.1.0 ( not yet released ) will further improve 
interoperability by supporting the IPsec over DHCP for gateways such as 
Fortigate and expand platform support to Windows Vista and possibly Mac 
OSX. For development status and roadmap, please take a look at the 
following document ...


Thanks again and please let me know if there is anything else I can do 
to help :)


More information about the vpn-devel mailing list