Welcome to TheGreenBow online help center. Online help and FAQs are available to help you resolve any difficulties you encounter with our software.
All about VPN technology
-
What is a VPN?
A virtual private network (VPN) is a way to use a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization’s network. In the past, companies would have rented expensive systems of leased lines to build their VPN only they could use. A VPN provides the same capabilities at a much lower cost.
A VPN works by using the Internet while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP) or IPSec. In effect, private data, being encrypted at the sending end and decrypted at the receiving end, is sent through a “tunnel” that cannot be “entered” by any other data.
-
Why is IPsec strong?
Definition: IPsec (Internet Protocol Security) provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. The IPsec architecture is described in the RFC-2401 (www.ietf.org RFC-2401). IPsec has been selected to be embedded in IPv6. IPsec is strong because it was designed that way in order to replace older methods like PPTP.
IPsec is recognized as the most secure way to access the corporate network from the Internet, and here’s why:
- Strong encryption mechanisms like Encapsulated Security Payload (ESP) using AES with long key length (i.e. 256, 512)
- Strong user authentication using Certificates with long key lengths (i.e larger than 2048 bytes)
- Use of Internet Key Exchange (IKE) and ISAKMP to automatically exchange keys for mutual authentication.
- Protection against denial of service attacks: the IPsec protocol uses a sliding window. IP packets are numbered and accepted only if they fit into the window.
- Support for smart cards and USB tokens, enabling multifactor authentication (MFA).
-
Pre-shared key versus Certificates?
Computer authentication by IPSec is performed by using preshared keys or computer certificates. A pre-shared key identifies one party during Authentication Phase. Per definition, “Pre-shared” means you have to share it with another party before you can establish a secure VPN tunnel.
The strongest method of authentication is the use of a PKI and certificates. However, smaller organizations cannot afford the implementation of a PKI system and a well managed preshared key method can be easier and just as powerful.
TheGreenBow VPN Client supports both modes.
TheGreenBow VPN Client
-
Where can I download older TheGreenBow software versions?
If you need to download older versions of TheGreenBow VPN Client and the related documentations, please visit the dedicated webpage by clicking on the button below.
-
Which languages are supported
TheGreenBow VPN Client is now available in many languages (e.g. English, French, German, Portuguese, Spanish, …). Check our supported languages list, increasing daily, to find your language.
The language can be selected during software installation of the VPN Client.
-
Which are the compatible Gateways?
TheGreenBow VPN Client is compatible with all IPSec routers compliant to the existing standards (IKE & IPsec). Check our Certified VPN Products list, increasing daily, to find your VPN gateway.
If the equipment you are looking for is not contained in this list, please contact our tech support and we will work with you to certify it. We will need configuration file, log file from “Console” window and a screenshot of the router configuration page.
-
Which port is needed by TheGreenBow VPN Client?
UDP port 500 and UDP port 4500 must be open and ESP protocol (protocol number 50) must be allowed.
-
What is the VPN Configuration for test?
The test or demo VPN Configuration is designed by TheGreenBow Techsupport team. It enables to establish a secure connection to TheGreenBow remote gateway and demo server. This VPN configuration aims to enable users testing their VPN connection through their infrastructure. Note this VPN configuration is also embedded in the VPN Client software as the default VPN Configuration.
To perform the tests, download this VPN Configuration and import it into the VPN Client:
-
How to force all internet traffic into the tunnel?
It is possible to force all internet traffic into the VPN tunnel. Doing so, all internet traffic is routed from the remote gateway instead of the remote user network, the remote user network IP address is virtually hidden to visited websites as it is replaced with remote gateway IP address. Corporate network may apply some additional traffic scan to increase security.
The VPN Configuration is simple and requires 3 steps:
- Go to ‘Configuration Panel’ > ‘Parameters’ > select ‘Block non-ciphered connection’ to prohibit non-ciphered traffic from being routed to internet directly.
- Go to ‘Configuration Panel’ > ‘Phase2’ > select ‘Subnet Address’ as ‘Address Type’ and set both ‘Remote LAN’ and ‘Subet Mask’ to ‘0.0.0.0’, so that all traffic (to any IP address) will be routed to VPN tunnel. Note that ‘0.0.0.0’ means all traffic including traffic to your local network will be routed through the VPN tunnel.
- On the remote gateway, set the VPN tunnel in the same way as both configuration must be symetrical with local subnet de 0.0.0.0/0. Note: this is only applicable to IPsec VPN gateway, this step is not required for SSL VPN tunnels.
Note: Some VPN Gateway/Routers may not support this feature (i.e. hub&spoke: ‘0.0.0.0/0’). If supported, you’ll need to create a rule to authorize wan to wan traffic.
-
Do you provide an IPv6 VPN configuration for demo?
Yes. A test (or demo) VPN Configuration is VPN configuration designed by TheGreenBow Techsupport team to connect to our online IPsec VPN gateways and servers.
Those are always live and you can use it to test your network environments at any time. This test VPN Configuration is specific to our IPv6 ready IPsec VPN Client 6.0. Please note this configuration works only with the Windows VPN Client version 6.8 and earlier.