VPN Client Certified

Certified CC EAL3+ security for government agencies and strategic operators

TheGreenBow Certified VPN Client is the first VPN client worldwide to achieve Common Criteria EAL3+ certification combined with qualification for EU restricted and NATO restricted use.

First VPN Client Certified Common Criteria EAL3+ NATO restricted and UE restricted

The Certification testifies and guarantees the reliability and the solid implementation of TheGreenBow VPN client as well as the unrivalled level of security provided by our product.

The Certification process also validates the quality of internal procedures for Software development, customer support, QA, documentation and maintenance, providing the guarantee for a high quality support and permanent improvement of TheGreenBow Certified VPN Client.

TheGreenBow Certified VPN Client is the only VPN client providing the certified level of trust required for securing remote connections in highly sensitive environments such as Strategic Operators, private and public administrations and government agencies.

TheGreenBow is more than ever the privileged provider for building safe IT Network Infrastructures.

TheGreenBow Certified VPN Client license is provided as an annual subscription covering VIP support and maintenance.

Please, don't hesitate to contact us for any further question about TheGreenBow Certified VPN Client.

ANSSIANSSI Certification Reference for TheGreenBow VPN Client
NATONATO / NIAPC Catalog Reference for TheGreenBow VPN Client

VPN Client Certified

30 days FREE evaluation
Size: 5.80 Mb  
Date: Aug 2016  
OS: Windows XP 32-bit
Windows Vista 32/64-bit
Windows 7 32/64-bit
Windows Server 2008 32/64-bit
32 bit

32/64 bit
TheGreenBow  Software Supports Windows 8 32/64-bit
32/64 bit
TheGreenBow  Software Supports Windows 10 32/64-bit
32/64 bit
Languages: Arabic, Chinese (simplified), Czech, Danish, Dutch, English, Farsi, Finnish, French, German, Greek, Hindi, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai & Turkish.  

VPN Certified Release Note

Release 5.2

Release 5.22 build 005

  • Bug fixing: Command line option "/close" fixed.

Release 5.22 build 003

  • Bug fixing: Buffer overflow in GINA X-Auth login/password values
  • Bug fixing: Buffer overflow in UI command line ()
  • Improvement (vulnerability): PIN Code erased from process memory after being used
  • Improvement (vulnerability): Import/Export password erased from process memory after being used

Release 5.21 build 002

  • Bug fixing: The integrity (signature) of a VPN Configuration is correctly and always checked when the configuration is imported. Corrupted configuration cannot be imported anymore.
  • Bug fixing: GINA UI correctly displayed after first installation.
  • Improvement (vulnerability): Strongest cryptographic mechanism for administrator password storage.
  • Improvement (vulnerability): Administrator password is hidden in user memory.
  • Improvement (vulnerability): Strongest access control mechanism, which avoid the access control being bypassed via code hacking.
  • Improvement (vulnerability): Logs (trace) do not contain sensitive information.
  • Improvement: Uninstall improvement on Windows 8
  • Improvement: Setup and first launch correctly manage obsolete windows certificates

Release 5.20 build 006

  • Feature request: Gina Mode supported on Windows 7, Vista 32-64bit.
  • Feature request: Added a password confirmation field when exporting a VPN Configuration.
  • Feature request: ESP anti-replay service supported i.e. RFC 2401/4303.
  • Feature request: Added several command lines (and setup init file) to better choose Certificates from Token or SmartCard in VPN Configuration. They are called PKI Options. For more details, look at our deployment guide on our website. "KeyUsage" allows limiting access only to "Authentication" certificates from the Token or SmartCard. "SmartCardRoaming" allows setting the rule used to fetch a Certificate from the Token or SmartCard. "Pkcs11Only" allows limiting access only to "PKCS#11" certificates from the Token or SmartCard. "NoCaCertReq" allows using Certificate with different Certificate Authority the VPN Gateway is using. "PKICheck" allows to force having the Root Certificate onto the user machine.
  • Feature request: The PKI Options are also manageable through the user interface via a new tab in the "Tools" > "Option..." window.
  • Feature request: Enable the IT manager to disable the Configuration Panel via registry key. When the specific registry key is set, the user cannot access the Configuration Panel (OEM partners specific).
  • Feature request: The VPN Configuration backup folder might not exist on some custom Windows environment. The VPN Configuration backup folder is customized (OEM partners specific).
  • Feature request: The Software Activation folder might not exist on some custom Windows environment. The Software Activation folder is customized (OEM partners specific).
  • Feature request: Exclusion of DHCP protocol from network filter to allow DHCP mechanism when network configuration forces everything in tunnel (
  • Feature request: Algorithms SHA2 is supported to sign with a CSP smart card.
  • Feature request: Remove "buy" button (OEM partners specific).
  • Feature: Korean is now embedded as a new language.
  • Feature: Ability to open the current User Certificate Store when selecting a Certificate in the configuration Panel, instead of the local machine Certificate Store.
  • Feature: Gemalto .NET with CSP middleware supported on Windows Vista & Seven.
  • Improvement: New order to move the focus from one field to another with the tab key in the Configuration Panel > IPsec Phase 2 tab.
  • Improvement: Do not display systray popup on Phase1/Phase2 renegotiation.
  • Improvement: Extended the size of SmartCard PIN code field to be able to enter longer PIN code.
  • Improvement: Ability to activate the software on Windows machine where system folders like MyDocuments or ProgramData might or might not be available.
  • Improvement: Ability to connect to Wifi hotspot with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask
  • Improvement: The "Lock Access to Config Panel" password popup doesn't have focus.
  • Improvement: VPN Configuration can be accessible in computer memory.
  • Improvement: IKE buffer overflow with Vendor ID.
  • Improvement: Minor cosmetic.
  • Bug fixing: VPN Client "Start Mode" should be "Manual" instead of "After Windows logon" in Windows Seven 64bit (some OEM partners only).
  • Bug fixing: The VPN Client cannot open a tunnel when using a Certificate with Unicode or UTF8 characters like Japanese characters.
  • Bug fixing: PKCS#11 middleware used instead of CSP middleware when SmartCardRoaming Option is set to either 2, 3, 4 or 5.
  • Bug fixing: No wrong PIN code popup when using Smart Card with CSP middleware.
  • Bug fixing: Alternate DNS/WINS are not applied if tunnel open when enabling "Auto open this tunnel on traffic detection".
  • Bug fixing: In Gina mode and "Open tunnel" with Alternate DNS/WINS, the DNS/WINS are applied to Local Interface instead of Virtual Interface.
  • Bug fixing: Packet fragmentation not properly performed when modifying MTU size (some values) on Windows XP.
  • Bug fixing: Software upgrade fails when using silent mode "/S".
  • Bug fixing: Impossible to open with certificate when user does not have admin right.
  • Bug fixing: VPN Client not responding after received Key renewal from router.
  • Bug fixing: No tunnel when using SHA2 algorithm and Windows Certificate Store.
  • Bug fixing: Another tunnel does not open properly after unplugging a smartcard with some smartcard models.
  • Bug fixing: Crash IKE in some network circumstances when coming out of sleep mode, or when tunnel fails to open on "Wrong Remote Address" followed by "Save" VPN Configuration.
  • Bug fixing: Remote Config feature creates logs in the wrong directory.
  • Bug fixing: Activation not properly working in some circumstances like multiple user levels on the same machine.
  • Bug fixing: Accept the Section ID in VPN Configuration file coming from the VPN Gateway when virtual IP address is set to
  • Bug fixing: Support VPN configuration coming from the VPN gateway containing "-" in the tunnel names.
  • Bug fixing: The feature VPN "Peer to Peer" might fail when there is a router with NAT-T in between, in some network configuration.
  • Bug fixing: VPN tunnel might not open when configured with a Certificate selected from the User Certificate Store.
  • Bug fixing: The VPN tunnel opens properly but no traffic goes through when using X-Auth based configuration and VPN Client address is
  • Bug fixing: VPN Client stops responding for a while after received Key Renewal from the VPN Router in some VPN Configuration circumstances.
  • Bug fixing: IP address renewal with DHCP server does not working properly with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask
  • Bug fixing: Import of VPN Configuration not working properly when the Certificate has a local ID type DER_ASN1_DN_ID containing a subject with chars like spaces and "/".
  • Bug fixing: "Phase2" > "Advanced" > "Alternate Server" > IP addresses cannot be reset to
  • Bug fixing: The VPN tunnel fails to open when using Mode-Config with some specific VPN Routers (OEM partners).
  • Bug fixing: Cannot create a VPN Configuration via the Configuration Panel (specific OEM partner customization).

Known issues
  • Several Certificates with same Subject added to the Windows Certificate Store might prevent a tunnel to open in some circumstances.
  • The VPN Client might be able to open tunnel under RDP sessions in some circumstances.
  • Windows might not recognize software signature when installing the software although signature is provided, Windows Vista only.

VPN Certified Documentation

  Brochure TheGreenBow  All English PDF (1.94 Mb)
       Français PDF (1,37 Mo)
  Certified VPN Client Datasheet (EN/FR)  5.2 English PDF (225 KB)
       Français PDF (225 KB)
  IPSec VPN Client Presentation  6.x English PDF (218 Kb)
       Français PDF (218 Ko)
  EAL3+ Common Criteria Certificate (french)  5.2 English PDF (511 KB)
       Français PDF (511 Ko)
  Certified IPSec VPN Client User Guide  5.2 English PDF (2.4 MB)
       Français PDF (2,4 Mo)
  VPN Deployment Guide  All Français PDF (983 KB)
       English PDF (983 Ko)
  VPN Gateway Configuration  All English On-line
       Français On-line
  Token and Smartcards list  All English On-line
       Français On-line
  Certificate Management Guide  All English PDF (983Kb)
  Management Tool  All English On-line
       Français On-line
Features/How to
  Authentication Servers  All English On-line
       Français On-line
  USB Mode  All English On-line
       Français On-line
  Remote desktop sharing  All English On-line
       Français On-line
  Languages / Translation  All English On-line
       Français On-line
  FAQ  All English On-line
       Français On-line
  Online support  All English On-line
       Français On-line
Videos tutorials