NETGEAR VPN, VPN Client Release Note

NETGEAR™ ProSafe VPN Client

Release Notes

Version: 10.1.1, build 10 Release Notes Issued on: 09/29/2003

Product Description

The NETGEAR ProSafe VPN Client is a virtual private network (V PN ) client for
remote access and secure communications.

New Features and Enhancements

• Smart card removal clears keys option

• Phoenix Device-Connection Authentication support

• WAN maximum transmission unit (MTU) adjust settings for Windows 2000
and XP to better integrate running the client over DSL lines using Point-to-Point
Protocol over Ethernet (PPPoE)
.

Component Versions

Component Version
CSP Library (FIPS) 3.1.0b22

CSP Library (Non-FIPS) 3.0.1b22
Deterministic Networks (DNE) shim 2.20
Layer 2 Tunneling Protocol (L2TP) 4.29
Security Policy Editor 1.2.1 B10
Certificate Manager 1.2.1 B10
Phoenix Device-Connection Authentication CryptoOSD 1.2.3.2

Before Installing or Upgrading to This Version

When upgrading from an earlier version of the VPN client, take these required steps
before installing the client:

1. Uninstall the existing version through the Control Panel Add/Remove
Programs application.

2. Reboot your computer.
Note: The original Windows installation files may be required during installation,

depending on the specific version of Windows and your configuration . Make sure that
you have the CD-ROMs or files available before you start the installation.

Release Notes

Windows Compatibility

Supported Windows Version
95: versions 4.00.950 B and C Me
98 and 98 SE 2000 Professional
NT 4.0 Workstation: SP 5 and 6 XP Home and Professional
Unsupported Windows Versions (Not Y2K-Compliant)
95, versions 4.00.950 and 950a NT 4.0, SP 3

Install the latest Windows service pack, dial-up networking
upgrade, and Internet Explorer version.

Network Interface Cards

This version should be compatible with all NDIS-compliant Ethernet network
interface cards (NICs). Plug and play is supported on Windows 95, 98, Me, and 2000
only. Plug and play is not supported on notebook computers running Windows NT.

Compatibility Issues

• Windows XP Internet Connection Firewall with the SafeNet Virtual Adapter

The SafeNet Virtual Adapter must be “firewalled” with the Windows XP
Internet Connection Firewall if the connection used to create VA is Windows
XP “firewalled”; otherwise, packets will not pass.

• Driver signing warnings on Windows XP with Security Patch MS02-50
Description: Earlier versions of the MS02-50 Security Patch on Windows XP

caused unsigned driver messages when installing the client.
Workaround: Download the latest MS02-50 Patch from this page on the

Microsoft web site:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/securit
y/bullet in/MS02-050.asp

If the patch is no longer on this page, search for this patch on the Microsoft
support web site, support.microsoft.com.

• Nortel Contivity VPN Switch
Description: The elements of the distinguished name sent by the switch are

not in the standard order expected by the client. When entering the
distinguished name in the Connect using Nortel Co ntivity VPN Switch group,
select the Enter Subject Name in LDAP Format check box. Make sure
that the order of the elements matches the order from the switch, for
example:

LDAP Format

CN Name

S State
C City

OU Department

O Company

Certificate
Information

Workaround: The Nortel switch's firmware version 3.5 or later,

with Keep Alives disabled is required. If a message regarding
invalid hash length appears in the Log View, this means that the
keep alive feature is enabled. The Keep Alives option is controlled
through the IPSec section of the Group profile. The menu item in
IPSec is called Enable Client Failover Tuning.

• PPPoE software for DSL connections must be installed

and operational before the client is installed.
Description: Installing PPPoE software on a computer that the

client is already on removes some network components.
Workaround: If the computer doesn’t have the client installed,

install the PPPoE install the PPPoE software before you install the
client. If the client is already installed, uninstall, and save the
IPSec policy when prompted during the uninstall. After your
computer reboots, install the PPPoE software, and then install the
client again.

• Compatibility issue with 3Com Smart Agent software
Description: If the 3Com Smart Agent software is installed before

the client in
installed, the client doesn’t operate correctly.
Workaround: Install the Smart Agent software before installing
the client

• Errors when the gateway sends certificates with more

than 1024 bits to a client without the Microsoft Enhanced
CSP

Description: Log Viewer errors and connection failures occur on

the client when the gateway sends certificates larger than 1024 bits
on computers that don’t have a 128bit version of Internet Explorer
installed. Log errors can’t acquire enhanced provider verify context,
and signature verification fails.

Workaround: For gateways that send certificates larger than 1024
bits to the client, upgrade to the 128-bit version of Internet
Explorer, which include the Microsoft Enhanced CSP.

• Automatic certificate selection may not work in Aggressive

Mode.
Description: Because Aggressive Mode sends an ID payload in the

first initiator packet, and no explicit certificate is selected, the
session may fail. The client make a best guess, and selects the first
certificate that meets the specified ID type, such as DN, email, or
IP address. This certificate, however, may not be a valid
certificate.

Workaround: Manually select the certificate when using
Aggressive Mode, or limit your certificates to one in the
Certificate Manager.

• Compatibility issues with EarthLink software
Description: The client is incompatibility with EarthLink Internet

software, version 5.02.

Workaround: EarthLink can still be accessed through a standard
dial-up networking configuration. Uninstall the EarthLink software.
EarthLink Technical Support is aware of the situation; contact
EarthLink for help in setting up a standard dial-up configuration for
EarthLink access.

• Compatibility issues with Sony Vaio and 3COM 3CCFE575CT

CardBus PC Card
Description: The 3COM 3CXFE575CT 10/100 LAN CardBus PC

Card isn’t compatible with Sony Vaio notebook computers; after
the client is installed, the computer requires an Ethernet cable to
be attached to boot. This NIC card works fine in other computers..

Workaround: Use hardware profiles to disable the NIC card, or
remove the NIC card when the computer isn’t attached to the
network.

• On Windows 95/98/Me, the Entrega USB has problems with

suspend/standby.

Description: The Entrega USB has problems when returning from

suspend mode in that the interface is not always present.
Workaround: Unplug the adapter, and then plug it back in.