IPSec VPN Client Management Tools

For users who want to use Certificates, we especially provide a User Guide which details the procedure to generate and use certificates with our IPSec VPN Client.

Certificate User Guide

It is necessary to use a third party Certification Authority to be able to generate X509 Certificates and to open a VPN tunnel securely. There are many options to generate Certificates like using Microsoft Certificates server (i.e. Microsoft Certificate Service) available under Windows 2000-2003 Server, OpenSSL or some VPN Router themselves.

Certificate Script

TheGreenBow IPSec VPN Client can be stopped at any time with the command line option: "/stop"

Example: " vpnconf.exe /stop "

This functionality allows the IPSec VPN Client to be called within a script, opening the IPSec VPN Client as the network connection is starting, closing the IPSec VPN Client as the connection ends.
Note: If one or several tunnels are active, they are correctly closed.

TheGreenBow IPSec VPN Client can import a specific VPN configuration file using the command line options: "/import:" or "/importonce:"

Example: " vpnconf.exe /importonce:"C:\My documents\config.tgb" "

"/import:" may be used whether the IPSec VPN Client is running or not. When the IPSec VPN Client is already running, it imports dynamically the new VPN configuration and automatically applies it (i.e. restarts the IKE service). If the IPSec VPN Client is not running, it is launched with the new VPN configuration.

The "/import" option can be used to open a tunnel with a double-clic on a "tgb" file (also called the "dial-up" mode): This allows for example to open a tunnel with a double-clic on a 'tgb' file from the desktop, or to deploy a configuration by email.

"/importonce:" allows to import a VPN configuration file without running the IPsec VPN Client. This command is especially useful in installation scripts: it allows to run a silent installation and to import a VPN configuration automatically.

"/replace:" enables to replace the current configuration by a new VPN Configuration. This feature is available in software release 4.1 and older, and may be used instead of the /importonce option to import a VPN configuration file without running the VPN Client.

"/add:" Import a new VPN Configuration into an existing VPN Configuration and merge both into a single VPN Configuration. This command line may be used either if the VPN Client is running or not. This command doesn't start the VPN Client if it is not running already.

Since the release 3.1 of TheGreenBow IPSec VPN Client, certificates can be embedded within a configuration file to be imported. For more details, see the IPSec VPN Client User Guide.

TheGreenBow IPSec VPN Client can export a specific IPSec VPN configuration file using the command line options: "/export:" or "/exportonce:"

Example: " vpnconf.exe /export:"C:\My documents\export.tgb " "

"/export:" may be used whether the IPSec VPN Client is running or not. When the IPSec VPN Client is already running, it exports dynamically the VPN configuration. If the IPSec VPN Client is not running, it is launched after having exported the configuration.

"/exportonce:" allows to export a VPN configuration file without running the IPSec VPN Client. This command is especially useful in installation scripts: it allows to run a silent uninstallation and to export a VPN configuration automatically.

A specific VPN Configuration file can be embedded within the VPN Setup. This VPN Configuration will be automatically imported at the first time the software is run. This feature enables to embed pre-configured VPN configuration and to deploy "customized" setups to end-users.

See our Deployment Guide for details about how to embed a VPN Configuration in a VPN setup.

The VPN Setup handles several command line options. These options are used to customized the Software installation.

• start=[logon(default)|boot|manual]:
  Enables to define the way the software will start:
  - login: the software will automatically starts on windows logon
  - boot: the software will start during the boot (before windows logon).
    This mode may be used to open secured connections, e.g. for maintenance
    operations.
  - manual: the software will start only when it is run by the end-user.
• vpngui=[full(default)|user|hidden]
  Enables to define the way the software will be displayed to the end-user:
  - full: Configuration Panel
  - user: Connection Panel
  - hidden: No GUI can be displayed by the end-user.
    He only can open/close tunnels via the systray menu.
  
• menuitem=[00-0F(default)]
  Enables to specify the items of the systray menu, the value is a bitfield:
  - 1: Quit
  - 2: Connection Panel
  - 4: Console
  - 8: Save & Apply
  Example: menuitem=5 will configure a systray menu with Quit + Console.
  Note 1: the tunnels are always shown in the systray menu, and can always be opened and closed from this systray menu.
  Note 2: 'Menuitem' and 'vpngui=hidden'.
  By default, vpngui=hidden set the systray menu to Quit + Console.
  But 'menuitem' takes precedent over 'vpngui'. It means the following options: "--vpngui=hidden --menuitem=1" will set a systray menu with only the 'Quit' item.
• license=[license_number]
  Enables to embed the license number of the software.
• password=[password]
  Enables to control the access to the VPN Configuration Panel with a password.
  The end-user will be asked for the password:
  - when he clicks or double-clicks on the VPN systray icon
  - when he wants to switch from the Connection Panel to the Config. Panel.
• activmail=[mail@company.com]
  Enables to define the email to which the software activation confirmation will be sent. Thus, it enables IT Managers to check each software activation on a single email address. When this email is pre-configured, it cannot be modified by end-users.

See also our Deployment Guide for details about these setup options.