Netgear VPNG05L, VPNG01L Owner's Manual
NETGEAR ProSAFE VPN Client
Version 5.5 and Earlier Versions
User Manual
April 2013
202-10684-05
350 East Plumeria Drive
San Jose, CA 95134
USA
NETGEAR ProSAFE VPN Client
Support
Thank you for selecting NETGEAR products.
After installing your device, locate the serial number on the label of your product and use it to register your product
at https://my.netgear.com. You must register your product before you can
NETGEAR recommends registering your product through the NETGEAR
support, visit http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR.
Phone (Other Countries): Check the li
http://support.netgear.com/general/cont
st of phone numbers at
act/default.aspx.
use NETGEAR telephone support.
website. For product updates and web
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. NETGEAR, Inc. All rights reserved.
Revision History
Publication Part Number Version Publish Date Comments
202-10684-05 – April 2013 • Entirely reorganized and rewrote the manual
task-based manual.
as a
• Described new features in the following
sections:
- VPN Client Features
- Configure PKI Options
- Software Setup Command Reference
- Customize How the VPN Client Handles
Readers and Certificates
• Described changes in the global parameters
faults (see Configure the Global VPN
de
Parameters).
202-10684-04 v1.0 April 2012 Minor new features and improvemen
Remote Sharing pane.
202-10684-03 v1.0 May 30, 2011 Major revision to document the new format of the
use
r interface and some new features such as the
enhanced capability to change languages.
202-10684-02 v1.1 December 2010 Minor editorial changes and addition of an index.
202-10684-02 v1.0 December 2010 Reorganization an d revision
202-10684-01 v1.0 June 2010 First publication.
of the entire manual.
ts such as the
2
Contents
Chapter 1 Introduction
Chapter 2 Install the Software
How to Use This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
VPN Client Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
VPN Client Licenses (Lite and Professional) and Supported Features . . .10
Linux Appliance Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
References and Useful Websites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Software Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Launch the VPN Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Trial Software Evaluation . . . . . . . . . . . . . .
License Number Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Software Activation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Software Activation Wizard
Troubleshoot Software Activation. . . . . . . . .
Software Upgrade Concepts . . . .
Software Uninstallation. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
. . . . . . . . . . . . . . . . . . . . . . . .14
. . . . . . . . . . . . . . . . . . . . .20
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
. . . . . . . . . . . . . . . . . . . . . . . .22
Chapter 3 Overview of the User Interface
Overview of the User Interface Components . . . . . . . . . . . . . . . . . . . . . . .24
Configuration Panel Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
About Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Options Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Wizards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
System Tray Icon and System Tray Menu . . . . . . . . . . . . . . . . . . . . . . . . .27
System Tray Pop-Up Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Connection Panel Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
VPN Console Active Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Chapter 4 Create VPN Tunnel Connections
Use the Configuration Wizard to Create a VPN Tunnel Connection . . . . .36
Open and Close VPN Tunnels with the User Interface . . . . . . . . . . . . . . .39
High-Level Steps to Manually Create a VPN
Manually Configure Authentication or Phase 1 . . . . . . . . . . . . . . . . . . . . .41
Configure Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Tunnel Connection . . . . . . .40
3
NETGEAR ProSAFE VPN Client
Configure Advanced Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Manually Configure IP Security or Phase 2 . . . . . . . . . . . . . . . . . . . . . . . .49
High-Level Steps to Specify a Cer
Configure the Global VPN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .55
tificate for User Authentication . . . . . . .53
Chapter 5 Advanced Configuration Options
Configure How VPN Tunnels Are Opened. . . . . . . . . . . . . . . . . . . . . . . . . 59
Configure a Tunnel to Open Automatically. . . . . . . . . . . . . . . . . . . . . . . 59
Configure a VPN Tunnel to Open before Windows Logon. . . . . . . . . . .60
Open a Tunnel with a Double-Click on a Deskt
Configure Alternate DNS and WINS Servers. . . . . . . . . . . . . . . . . . . . . . .63
Configure Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configure Remote Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
USB Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Enable a New USB Drive with a VPN Configuration . . . . . . . . . . . . . . .68
To Configure Tunnels to Open Automatically w
Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Certificate Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Import Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
View and Assign Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
View Certificate Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Use Certificates from USB Tokens and Smart Cards. . . . . . . . . . . . . . .80
Troubleshoot Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Configure PKI Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
VPN Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Import a VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Export a VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Merge VPN Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Split a VPN Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Easily Import a VPN Configuration and Open a Tunnel
Configure Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Configure the User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Configure VPN Client Startup Mode and N
Configure Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
op Icon . . . . . . . . . . . . .62
ith a USB Drive. . . . . . . 72
. . . . . . . . . . . . . 91
etwork Interface Detection . . . 95
Chapter 6 VPN Client Software Setup and Network Deployment
Software Setup and Deployment Concepts . . . . . . . . . . . . . . . . . . . . . . .101
Software Setup File Example. .
Software Setup Command Requirements . . . .
Examples of Options that You Can Include in a Software Setup File. .102
Software Setup Command Reference . . . . . . .
Customize VPN Client Display and Access for End Users . . . . . . . . . . .108
Display the Configuration Panel Screen after Startup . . . . . . . . . . . . .109
Display the Connection Panel Screen after Startup. . . . . . . . . . . . . . .109
Display the System Tray Menu Only after St
Require a Password to Access the Config
Limit Usage to the System Tray Menu and Require a
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
. . . . . . . . . . . . . . . . . . 102
. . . . . . . . . . . . . . . . . . . .103
artup . . . . . . . . . . . . . . . .109
uration Panel Screen . . . . .110
4
NETGEAR ProSAFE VPN Client
Password to Access Other Screens . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Configure Which Items of the System Tray Menu Are Visible . . . . . . .111
VPN Client Silent Software Setup Deployment
Create a Silent VPN Client Software Setup . . . . . . . . . . . . . . . . . . . . .112
Deploy a VPN Client Software Setup from a CD-ROM . . . . . . . . . . . .113
Deploy a VPN Client Software Setup from a
Deploy a VPN Client Software Setup Using a Batch Script . . . . . . . . .115
Deploy a VPN Client Software Setup from a
Deliver a VPN Configuration to an End User . . . . . . . . . . . . . . . . . . . . . .117
Embed a VPN Configuration in a VPN
Setup Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Export and Deploy a VPN Configuration . . . . . . . . . . . . . . . . . . . . . . .119
Command-Line Interface Command Reference. . . . . . . . . . . . . . . . . . . .120
Customize the VPN Client Using CLI Commands . . . . . . . . . . . . . . . . . .123
Open or Close a VPN Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Close All Active Tunnels and Close the VPN Client. . . . . . . . . . . . . . .124
Import, Export, Add, or Replace the VPN Conf
Customize How the VPN Client Handles R
Customize the vpnsetup.ini File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Customize the vpnconf.ini File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
to End Users . . . . . . . . .112
Shortcut . . . . . . . . . . . . .114
Network Drive. . . . . . . . .116
Client Software
iguration. . . . . . . . . . . .124
eaders and Certificates. . . . .126
Chapter 7 Troubleshoot the VPN Client
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Resolve Firewall Interference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Typical Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
PAYLOAD_MALFORMED Error (Wrong
INVALID_COOKIE Error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
no keystate Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
received remote ID other than expected Error
NO_PROPOSAL_CHOSEN Error (Phase 1) . . . . . . . . . . . . . . . . . . . .135
NO_PROPOSAL_CHOSEN Error (Phase 2) . . . . . . . . . . . . . . . . . . . .135
INVALID_ID_INFORMATION Error . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Other Common Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
There Is No Response to a Phase 1 Request . . . . . . . . . . . . . . . . . . .137
The Console Shows Only SEND and RECV . . . . . . . . . . . . . . . . . . . .137
There Is No Response to a Phase 2 Requests . . . . . . . . . . . . . . . . . .138
A Tunnel No Longer Opens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
A VPN Tunnel Is Up but You Cannot Ping the Remo
View the Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Phase 1 [SA]). . . . . . . . . . . .134
. . . . . . . . . . . . . . . . . . .135
te Endpoint. . . . .138
Appendix A Configure the VPN Client with a NETGEAR Router
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Sample VPN Network Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Configure the SRX5308 VPN Router . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Use the VPN Wizard to Configure a Client-to-Router VPN Connec
Manually Configure a Client-to-Router VPN C
Configure the VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
onnection . . . . . . . . . . .150
tion144
5
NETGEAR ProSAFE VPN Client
Use the Configuration Wizard to Configure the VPN Client . . . . . . . . .155
Manually Configure the VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Establish a VPN Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Index
6
1. Introduction
The VPN Client supports all Windows versions and allows you to establish secure connections
over the Internet, for example, between a remote worker and the corporate Intranet. IPSec is the
most secure way to connect to the enterprise because it provides strong user authentication and
strong tunnel encryption with the ability to work with existing network and firewall settings.
This chapter includes the following sections:
• How to Use This Manual
• VPN Client Features
• VPN Client Licenses (Lite and Professional) and Supported Features
• Linux Appliance Support
• References and Useful Websites
Note: For more information about the topics covered in this manual, visit
the support website at http://support.netgear.com.
1
Note: Firmware updates with new features and bug fixes are made
available from time to time on
products can regularly check the site a
or you can check for and download new firmware manually. If the
features or behavior of your product do not match what is described
in this guide, you might need to update your firmware.
downloadcenter.netgear.com. Some
nd download new firmware,
7
NETGEAR ProSAFE VPN Client
How to Use This Manual
This manual is primarily intended for network administrators who need to implement the VPN
Client for end users.
The manual explains how to use the user interface
to configure the VPN Client. An exception
is Chapter 6, VPN Client Software Setup and Network Deployment. That chapter describes
how to use software setup commands, how to use CLI commands, and how to configure
initializa
tion files to preconfigure the VPN Client software setup before deployment to end
users, to remotely install or upgrade the VPN Client, and to centrally manage VPN
configurations.
VPN Client Features
The VPN Client has the following features.
Table 1. List of features
Feature Specifications
Windows versions • Windows 2000 32-bit
• Windows XP 32-bit SP3
• Windows Server 2003 32-bit
• Windows Server 2008 32/64-bit
• Windows Vista 32/64-bit
• Windows 7 32/64-bit
• Windows 8 32/64-bit
Languages Arabic, Chinese (simplified), Czech, Danish, D
German, Greek, Hindi, Hungarian, Italian, Japanese, Korean, Norwegian Polish,
Portuguese, Russian, Serbian, Slovenian, Spanish, Thai, and Turkish.
Connection modes • Supports peer-to-peer connections (point-to
computers that have the VPN Client installed).
• Supports peer-to-gateway connections, for example
the VPN Client installed and NETGEAR platform that supports VPN.
• Supports connection types such as dial-u
WiFi.
• Allows IP range networking.
• Runs in a Remote Desktop Protocol (RDP) connection session.
Tunneling protocols • Full Internet Key Exchange (IKE) support: the IKE implementation is based on the
OpenBSD 3.1 impleme
with existing IPSec routers and gateways.
• Full IPSec support:
- Main mode and aggressive mode
- MD5, SHA-1, and SHA-256 hash algorithms
- Change IKE port
ntation (ISAKMPD). This provides the best compatibility
Introduction
utch, English, Farsi, Finnish, French,
-point connections between two
, between a computer that has
p, DSL, cable, GSM/GPRS, 3G, 4G, and
8
NETGEAR ProSAFE VPN Client
Table 1. List of features (continued)
Feature Specifications
NAT Traversal • NAT Traversal Draft 1 (enhanced), Draft 2, and Draft 3 (full implementation),
including:
- NAT OA support
- NAT keep-alive
- NAT-T aggressive mode
• Forced NAT-Traversal mode
SIP/VoIP support Support for Session Initiation Protocol (SIP) and Voice over IP (VoIP) traffic in a VPN
nel on Window Vista, Windows 7, and Windows 8.
tun
Encryption Provides the following encryption algorithms:
• 3DES, DES, and AES 128/192/256-bit encryption
• Support for Diffie-Hellman group 1 (768 bits), group 2 (1024 bits), group 5
536 bits), and group 14 (2048 bits)
(1
User authentication Supports the following user authentication methods:
• Pre-shared keying and X509 certificate support. Compatible with most of the
rrently available IPSec gateways.
cu
• Extended authentication (AUTH).
• Flexible certificates: PEM, PKCS#12 certificates ca
user interface. Ability to configure one certificate per tunnel.
• Hybrid authentication method.
n be directly imported from the
Certificate storage capabilities:
• USB token and smart card support
• Personal Certificate Store support
• VPN configuration file
Remote login:
• Gina mode supported on Windows 2000 and Wi ndows XP to enable Windows
ogon using a VPN tunnel or enable to log in on a local machine.
l
• Credential providers supported on Windows Vista and Windows 7 to enable
indows logon using a VPN tunnel or enable to log in on a local machine.
W
Dead Peer Detection Dead Peer Detection (DPD) is an IKE exten
peer.
Redundant Gateway The Redundant Gateway feature provides a highly reliable secure connection to a
corporate network. The Redundant Gateway feature allows the VPN Client to open an
IPSec tunnel with an alternate gateway if the primary gateway is down or not
responding.
Mode Config Mode Config is an IKE extension that ena
configuration to the remote user’s machine (that is, the VPN Client). With Mode Config,
you can access all servers on the remote network by using their network name (for
example, \\myserver\marketing\budget) instead of their IP address.
USB drive You can save VPN configurations and security ele
and so on) to a USB drive to remove security information (for example, user
authentication) from the computer. You can automatically open and close tunnels when
plugging in or removing the USB drive. You can attach a VPN configuration to a specific
computer or to a specific USB drive.
sion (RFC3706) for detecting a dead IKE
bles the VPN gateway to provide LAN
ments (certificates, pre-shared key,
Introduction
9
NETGEAR ProSAFE VPN Client
Table 1. List of features (continued)
Feature Specifications
Smart card and USB
token
Log console All phase messages are logged for testing or staging purposes.
Flexible user
rface
inte
Scripts Scripts or applications can be launched automaticall
Configuration
nagement
ma
Live update Ability to check for online updates.
The VPN Client can read certificates from smart cards to make full use of existing
corporate ID or employee cards that carry digital credentials.
You can easily import smart card ATR codes
models that are not yet in the software.
• Silent install and invisible graphical interface allow network administrators to
deploy solutions while preventing user misuse of configurations.
• Small Connection Panel screen and VPN Configuration Panel screen can be
ilable to end users separately with access control.
ava
• Drag and drop VPN configurations into the VPN Client.
• Keyboard shortcuts to easily navigate the VPN Client.
and after a tunnel opens, or before and after a tunnel is closed).
• User interface and command-line interface (CLI).
• Password-protected VPN configuration file.
• Specific VPN configuration file can
• Embedded demo VPN configuration to test and debug with online servers.
• Ability to prevent software upgrade or unin
to enable new smart card and USB token
y on events (for example, before
be provided within the setup.
stallation if protected by password.
VPN Client Licenses (Lite and Professional) and Supported Features
NETGEAR products can include a license for the VPN Client Lite or for a 30-day trial copy of
the VPN Client Professional, or for both. The following table lists the features that are
included in the VPN Client Lite and VPN Client Professional versions. When you launch the
VPN Client, you can purchase a license for the VPN Client and activate (register) either the
VPN Client Professional or VPN Client Lite.
Introduction
10
NETGEAR ProSAFE VPN Client
The following table compares the features of the VPN Client Professional and VPN Client
Lite.
Table 2. Feature comparison between VPN Client Lite and VPN Client Professional
VPN Client Functions Lite Pro
Configuration Configuration Wizard
X-Auth
Mode Config
DNS/WINS server manual configuration
Hybrid mode –
IKE/NAT-T ports can be modified –
Control Connection Panel
Console logs
Disable split tunneling
Dead Peer Detection
System tray popup
GUI protection (password) –
Auto Open (Windows on startup on traffic detection) –
Start VPN tunnel before Windows logon –
Easy deployment by command-line interface (CLI ) –
Advanced Features Multitunnel configurations –
Redundant Gateways
Scripts –
USB mode –
Linux Appliance Support
The VPN Client supports several versions of Linux IPSec VPN such as StrongS/WAN and
FreeS/WAN. The VPN Client is compatible with most of the IPSec routers and appliances
that are based on those Linux implementations.
Introduction
11
NETGEAR ProSAFE VPN Client
References and Useful Websites
These references and websites are for the ProSAFE VPN Client Lite and ProSAFE VPN
Client Professional, both of which are developed by TheGreenBow.
• Access to VPNG01
http://support.netgear.com/product/VPNG01L
• Access to VPNG05
http://support.netgear.com/product/VPNG05L
• VPNG01L/VPNG05L FAQs:
http://kb.netgear.com/app/answers/detail/a_id/14903
• TheGreenBow IPSec VPN Client:
http://www.thegreenbow.com/vpn.html
• TheGreenBo
http://www.thegreenbow.com/vpn_doc.html
The documents that you can access from this link are ba
Client. The NETGEAR ProSAFE VPN Client Lite and ProSAFE VPN Client Professional
are developed by TheGreenBow, so configuration is likely identical or similar.
Note: For documentation about the legacy ProSAFE VPN Client that was
w VPN documentation and manuals:
developed by SafeNet, see the following NETGEAR sites:
http://support.netgear.com/product/VPN01L
http://support.netgear.com/product/VPN05L
L product information and a 30-day trial software version:
L product information and a 30-day trial software version:
sed on TheGreenBow VPN
Introduction
12
2. Install the Software
This chapter describes installation of the VPN Client and related processes. The chapter
includes the following sections:
• Software Installation
• Launch the VPN Client
• Trial Software Evaluation
• Software Activation
• Software Upgrade Concepts
• Software Uninstallation
2
13
NETGEAR ProSAFE VPN Client
Software Installation
The VPN Client software installation does not require specific information and is
self-explanatory. After completing the installation, you are asked to reboot your computer.
However, if your operating system is Windows 8, Windows 7, or Windows Vista, you can
install the VPN Client software without rebooting your computer.
After you have rebooted and logged in to your computer, the VPN Client Activation Wizard
screen displays. The information
a trial license or activate a permanent license:
about how to proceed depends on whether you want to use
• If you do
• If you purchased a p
wnloaded a free trial software version, see Trial Software Evaluation on page 14.
ermanent license, see Software Activation on page 17.
Launch the VPN Client
After you have installed the VPN Client software, there are three methods to launch the VPN
Client:
• On
• In the
• From the S
The VPN Client creates new rules in the Windows firewall (V
so that VPN traffic is enabled: UDP ports 500 and 450 0 are authorized both for authentication
(phase 1) traffic and for IPSec (phase 2) traffic.
your desktop, double-click the VPN Client shortcut.
taskbar, click the VPN Client icon.
tart menu, select the path to the VPN Client, for example:
Start > All Programs > NETGEAR > NETGEAR VPN Client.
Note: If your operating system is Windows 8, Windows 7 or Windows Vista,
can select a check box to automatically run the VPN Client after software
you
installation.
ista and later operating systems)
If you use an earlier Windows operating system or anothe
firewall rules to enable the VPN Client. For information, see Resolve Firewall Interference on
page 133.
r firewall, you might have to create
Trial Software Evaluation
The VPN Client is available as a free trial version. The evaluation period is limited to 30 days.
After the evaluation period has expired, the VPN Client becomes disabled. By purchasing
and activating a permanent license, you can transfer the trial version to a permanent version
and access the VPN Client indefinitely. For more information, see License Number Concepts
on page 17 and Software Activation on p
age 17.
Install the Software
14
NETGEAR ProSAFE VPN Client
To use the VPN Client during the evaluation period:
1. In the taskbar, click the VPN Client icon.
For other methods to launch the VPN Client, see Launch the VPN Client on p
The Software Activation screen displays:
2. Select th
e I want to Evaluate the software radio button.
You do not need to enter a license number and email address to activate the trial
sof
tware.
age 14.
3. Click Next.
The Configuration screen displays, and the user interface is accessible.
During the evaluation period, the Software Activation scree
n displays each time that you start
the VPN Client. The remaining days of the evaluation period are displayed next to the
calendar icon on the right of the screen. You can also see the remaining time of the
evaluation period on the About screen (see About Screen on p
age 26).
When the evaluation period expires, the following occurs:
he I want to Activate the software radio button is automatically selected.
• T
he I want to Evaluate the software radio button is masked out.
• T
• T
he message Evaluation period expired is displayed.
• T
he software is disabled.
When the evaluation period has expired, in order
for you to use the VPN Client, you need to
purchase and activate a permanent license. You can purchase and activate a permanent
license while you are still in the evaluation period or after the evaluation period has expired.
Install the Software
15
NETGEAR ProSAFE VPN Client
To view the remaining time of the evaluation period from VPN Client’s user interface:
From the main menu of the Connection Panel screen, select ? > About.
(When you launch the VPN Client, the Configuration Panel screen displays by default.)
The About screen displays, showing the number of days that
remain in the evaluation period:
To buy a permanent license:
1. In the t
askbar, click the VPN Client icon.
For other methods to launch the VPN Client, see Launch the VPN Client on p
age 14.
Install the Software
16
NETGEAR ProSAFE VPN Client
The Software Activation screen displays. The following figure shows the Software
Activation screen after the evaluation period has expired:
2. Click the Bu
The NETGEAR website displays. Follow the
permanent license.
3. Af
ter you have purchased a license, follow the procedure in Software Activation, to activate
the permanent license.
y a license link.
instructions onscreen to purchase a
License Number Concepts
A license number is attached to a single computer after activation. However, you can
deactivate the license number (see Software Uninstallation on
another computer.
You can also change the license number at any time, but
Client before you can reinstall the VPN Client with another license number.
After activation, save the license key number. You might need it again to reactivate your
tware if a problem has occurred. Also, keep the CD label for technical support.
sof
page 22) and transfer it to
you first need to uninstall the VPN
Software Activation
When you purchase a permanent license, you are required to activate it before you can use
the VPN Client.
Install the Software
17
NETGEAR ProSAFE VPN Client
Software Activation Wizard
In order for you to use the VPN Client beyond the evaluation period, you need to activate the
VPN Client license on your computer. You need the license number or key and an email
address.
To activate your software using the Activation Wizard:
1. Make su
re that your computer is connected to the Internet.
2. Do one of the following:
• If you
did not yet launch the VPN Client:
In the taskbar, click the VPN Client icon.
For other methods to launch the VPN Client, see Launch the VPN Client on p
• If you
From the main menu on the Configuration Panel screen, se
already launched the VPN Client and the user interface is accessible:
lect ? > Activation Wizard.
The Software Activation screen displays. The following figure shows the Software
Activation screen
when the evaluation period has not yet expired:
age 14.
3. Select the I want to Activate the software radio button.
4. Enter
5. Enter your
your permanent license number.
email address.
Your email address is used to send you the activation confirmation.
Install the Software
18
NETGEAR ProSAFE VPN Client
Note: The email address might not be required. If the network
administrator suppresses display of the Email address field during
the software setup, the Software Activation Wizard does not display
the Email address field. Suppression can be used to centralize all
software activation confirmation emails to a single email address.
6. Click Next.
The Activat
ion Wizard attempts to automatically connect to the activation server to
activate the VPN Client software. The progress bar shows the activation progress.
When the activation is complete, the screen shows
whether the activation was successful
and displays messages associated with the outcome (see also Troubleshoot Software
Activation on p
age 20).
7. (Optional,
and only if an error occurs) Click the More information about this error link.
For troubleshooting information, see the following section, Troubleshoot Software
Activation.
8. Click Run.
The VPN Client relaunches with the new lice
nse. The Configuration screen displays and
the user interface is accessible.
Install the Software
19
NETGEAR ProSAFE VPN Client
Troubleshoot Software Activation
Errors can occur during the activation process. Each activation error type is displayed on the
Software Activation screen.
You can resolve most of errors by carefully checking the following:
erify that you entered the correct license number. (Error 031 indicates that the license
• V
number was not found.)
• Y
our license number could already be activated (Error 033). Contact NETGEAR support.
our license number cannot be used for activation (Error 034). Contact NETGEAR
• Y
support.
• A firewall might
block communication with the activation server (Error 053 or Error 054).
Find out if a personal or corporate firewall is blocking communications.
• The a
ctivation server might be temporarily unreachable. Wait a few minutes and try
again.
All activation errors are listed at www.netgear.com/support.
The following two figures show example
s of activation errors.
Figure 1. Activation Error 31
Install the Software
20
Figure 2. Activation Error 34
NETGEAR ProSAFE VPN Client
Software Upgrade Concepts
You need to reactivate the VPN Client after each software upgrade. Depending on your
maintenance contract, a software upgrade activation might be rejected. Carefully read the
recommendations in this section.
To check the status of the VPN Client’s software release:
From the main menu of the Connection Panel screen, select ? > Check f
The NETGEAR website displays. You can check if
the VPN Client is running that latest
software release or download a new software release.
The success of a software upgrade activation depends on your maintenance contract:
• During th
e maintenance period (which starts from your first activation), all software
upgrades are allowed.
• I
f the maintenance period has expired or if you have no maintenance contract, only
maintenance software upgrades are allowed. Maintenance software upgrades are
identified by the last digit of a version.
Example: Your maintenance period has expired and your current software release is
.12. You can upgrade to releases 3.13 through 3.19 but not to release 3.20, 3.30, 4.00,
3
or 5.00.
If you want to subscribe or extend your maintenan
ce period, contact NETGEAR by email at
sales@netgear.com.
or Update.
Install the Software
21
NETGEAR ProSAFE VPN Client
Note: The VPN configuration is saved during a software upgrade and
automatically reenabled within the new release.
Note: If you have specified a password for access control (see Configure
Access Control on p
upgrade the software.
age 92), you need to enter it to be able to
Software Uninstallation
To transfer a license to a new computer, you need to uninstall the software from the old
computer. Deactivation of the license on the old computer occurs automatically if the
computer is connected to the Internet. The license can then be used to activate the VPN
Client on a new computer.
If your computer is not connected to the Interne
contact NETGEAR support by email at support@netgear.com, or call the technical center to
inactivate your license.
There are several methods to uninstall the VPN Client sof
operating system, these methods might differ slightly from the following procedures.
Tip: Af
To uninstall the VPN Client through the Control Panel:
1. Make su
2. Select S
3. Double-click Programs and
double-click Add or Remove Programs.)
4. Right-click the NETGEA
you need to select Remove.)
To uninstall the VPN Client through the All Programs menu:
1. Make su
2. Select S
3. Select the p
ter uninstallation, save the license key number . You might need it again
to reactivate your software. Also, keep the CD label for technical support.
re that your computer is connected to the Internet.
tart > Control Panel.
Features. (In some Windows versions, you need to
R VPN Client and select Uninstall. (In some Windows versions,
re that your computer is connected to the Internet.
tart > All Programs.
ath to the VPN Client, for example:
t and you need to inactivate your license,
tware. Depending on your Windows
Start > All Programs > NETGEAR > NETGEAR VPN Client.
4. Select the uninst
all option.
Install the Software
22
3. Overview of the User Interface
This chapter describes the user interface for the VPN Client. The chapter includes the following
sections:
• Overview of the User Interface Components
• Configuration Panel Screen
• System Tray Icon and System Tray Menu
• System Tray Pop-Up Screens
• Connection Panel Screen
• VPN Console Active Screen
• Keyboard Shortcuts
3
23
NETGEAR ProSAFE VPN Client
Tree list pane
Configuration pane
Main menu
Status bar
Overview of the User Interface Components
The VPN Client is fully autonomous and can start and stop tunnels without user intervention,
depending on traffic to certain destinations. However, it requires a VPN configuration.
The VPN Client configuration is defined in a VPN con
interface allows creating, modifying, saving, exporting, or importing the VPN configurations
together with security elements such as a pre-shared key or certificates.
The user interface consists of the following components:
• Config
• Connection
• Main menus
• System t
• S
• Wizards
• Preferen
uration Panel
Panel
ray icon and pop-up screens
tatus bar
ces
figuration file. The software user
Configuration Panel Screen
When you launch the VPN Client, the Configuration Panel screen displays by default. (The
following figure shows configured VPN tunnels, which would be absent if you launched the
Configuration Panel for the first time.)
Figure 3. Configuration Panel screen
Overview of the User Interface
24
NETGEAR ProSAFE VPN Client
The Configuration Panel screen enables you to configure VPN tunnels, and consists of the
following components:
• Main
• T
• A tr
• A configuration p
• S
menu (at the top of the screen), showing the Configuration, Tools, and ? menu
selections.
he Save and Apply buttons in the left column of the screen:
- Save. The
saved to the startup configuration. The next time that you start the VPN Client, the
configuration is present.
- Appl
to the startup configuration. The next time that you start the VPN Client, the
configuration is no longer present.
ee list pane (in the left column of the screen) that contains the Global Parameters
button and all authentication phase names (that is, phase 1 names) with their associated
IPSec configuration names (that is, phase 2 names or tunnel names).
settings for each tree level.
tatus bar (at the bottom of the screen).
Note: For information about restricting access to the Configuration Panel
VPN tunnel is saved for immediate and future use. The VPN tunnel is
y. The VPN tunnel is saved for immediate use only . The VPN tunnel is not saved
ane (in the right column of the screen) that shows the associated
screen, see
For information about hiding the Configuration Panel link from the
system tray menu, see Configure the User Interface on page 94.
Configure Access Control on page 92.
Main Menu
The main menu lets you make the following selections:
• Confi
• T
• ?. Let
guration. Lets you import and export a VPN configuration, select the location of the
VPN configuration (locally stored on the computer or on a USB drive), access the
Configuration Wizard, and quit the VPN Client.
ools. Lets you access the Connection Panel, access the Console screen, reset the IKE
settings, and access the Option screen to configure miscellaneous preferences such as
the way the VPN Client starts and the language of the VPN Client.
s you access online help, check for software updates, connect to the NETGEAR
website to purchase a license online, access the Activation Wizard, and access the About
screen.
Note: Some selections that are available from the Configuration menu are
also available by right-clicking a component of the tree list pane in
the Configuration Panel screen.
Overview of the User Interface
25
NETGEAR ProSAFE VPN Client
Statu s Bar
The status bar at the bottom displays the following information:
• The ra
ready; gray indicates not ready.)
• The
VPN Client Ready, or Apply VPN configuration).
• The p
configuration.
dio button indicates whether the VPN Client is ready for use. (Green indicates
text to the right of the radio button provides the status of the VPN Client (for example,
rogress bar at the very right displays the progress when you apply or save the
About Screen
The About screen that you can access by clicking the question mark (?) on the main menu
provides the VPN Client software release number and sof tware activation information. There
is also a URL to the NETGEAR website.
Figure 4. About screen
Overview of the User Interface
26
NETGEAR ProSAFE VPN Client
Options Screen
This screen is available in the VPN Client Professional but not in the VPN Client Lite.
The Options screen, which you access by selecting Tools > Options from the main menu,
has four tabs that provide access to the following panes:
• V
iew pane. From the View pane, you can configure access control to the user interface
(see Configure Access Control on p
interface (see Configure the User Interface on
• General
configure detection of the state of the network interface (see Configure VPN Client
Startup Mode and Network Interface Detection on
• PKI Options
checked, accessed, and read (see Configure PKI Options on p
• L
anguage pane. From the Language pane, you can select the language for the user
interface and modify the default translations (see Configure Languages on p
pane. From the General pane, you can configure the startup mode and
pane. From the PKI Options pane, you can configure how certificates are
age 92) and change the appearance of the user
page 94).
page 95).
age 84).
age 97).
Wizards
There are several wizards available:
• VPN Configurati
from the main menu (for more information, see Use the Configuratio n W izard to Create a
VPN Tunnel Connection on p
• Sof
• USB Mode W
• Certific
tware Activation Wizard. Access this wizard by selecting ? > Activation Wizard
from the main menu (for more information, see Software Activation Wizard on p
main menu (for more information, see USB Mode o
ate Export Wizard. Access this wizard in the following way:
1. On the
2. On the
3. Select Cop
For more information, see View Certificate Details on p
Certificate pane, select View Certificate.
View Certificate screen, click the Details tab.
on Wizard. Access this wizard by selecting Configuration > Wizard
age 36).
izard. Access this wizard by selecting File > Move to USB Drive from the
n page 68).
y to File.
age 79.
System Tray Icon and System Tray Menu
After you have launched the VPN Client (see Launch the VPN Client on page 14), the VPN
Client displays an icon in the system tray that indicates whether a tunnel is opened, using a
color c
ode.
age 18).
Overview of the User Interface
27
NETGEAR ProSAFE VPN Client
Purple icon:
no VPN tunnel opened.
Green icon:
at least one VPN tunnel opened.
Figure 5. VPN Client icon colors in the system tray
To open the system tray menu:
Right-click the purple VPN Client icon in the system tray.
The system tray menu displays:
By default, the system tray menu shows the following links from top to bottom:
• Configured tunne
ls with their status. You can open or close tunnels by selecting Open
'<gateway name-tunnel name>' or Close '<gateway name-tunnel name>'.
• Console.
• Connectio
Clicking the link opens the VPN Console Active screen.
n Panel. Clicking the link opens the Connection Panel screen, which lets you
open and close VPN tunnels and displays information about VPN tunnels.
• Configuration
Panel. Clicking the link opens the Configuration Panel screen, which lets
you create and configure VPN tunnels.
• Qui
t. Clicking the link closes all established VPN tunnels, then closes the VPN Client.
Note: The Quit link for the system tray menu is disabled in the VPN Client
Lite. For the VPN Client Professional, you can remove this link
during the software setup through the menuitem software setup
command (see
Configure Which Items of the System Tray Menu Are
Visible on page 111).
Overview of the User Interface
28
NETGEAR ProSAFE VPN Client
To hide one or more links from the system menu tray:
1. From the main menu, select Tools > Options.
The Options screen displays. The View pane is selected by default.
2. In the Sho
w in systray menu section of the screen, configure which links are hidden in the
system tray menu:
• Cons
• Conn
ole. Clear the check box to hide the Console link from the system menu tray.
ection Panel. Clear the check box to hide the Connection Panel link from the
system menu tray.
• Confi
guration Panel. Clear the check box to hide the Configuration Panel link from
the system menu tray.
Note: The Quit check box is disabled. You cannot disable the Quit link in the
system tray menu fr
om the View pane. For information about disabling the Quit
link in the system tray menu, see Configure Which Items of the System Tray
Menu Are Visible on pag
e 111.
3. Click OK.
Overview of the User Interface
29
NETGEAR ProSAFE VPN Client
System Tray Pop-Up Screens
When a VPN tunnel opens or closes, by default, a small pop-up screen comes out from the
system tray icon and shows the following:
• VPN tunnel opening with dif ferent phases. The pop-up screen disappea rs after 6 seconds
unless you move the mouse over the screen.
Figure 6. Tunnel opened pop-up screen
• VPN tunnel closing, followed by tunnel closed.
Figure 7. Tunnel closed pop-up screen
• If the VPN tunnel cannot open, the screen might display an error or warning with a link to
more information.
Figure 8. Pre-shared key mismatched pop-up screen
Overview of the User Interface
30
Loading...