VPN Airliner Software - Remote Access software

License pricing
Qty	Price/u (€)
1-24	275 €
25-49	230 €
50-99	200 €
100+	175 €
Contact TheGreenBow !

Update Option
1 Year	20 %
3 Years	45 %

Update Option for Maintenance

TheGreenBow

VPN Airliner

VPN Airliner is recommended by Boeing,
for Boeing 787 maintenance laptops with 'Wireless Option'.

Download

Purchase form

Package

Features

Support

Relase Note

TheGreenBow VPN Airliner Release note

Release 6.4

Feature: Support of Microsoft Signing for W10 drivers.
Feature: A notification let users know GINA mode will not work for tunnels defined on an USB key (USB mode).
Feature: When mounting several tunnels at the same time, PIN code is asked several times.
Feature: New design for the Connection Panel. This new design improves VPN Client user experience by simplifying the management of VPN connections. The New Connection Panel is fully configurable via a dedicated management window which enables to create, rename and sort VPN connections.
Feature: Add a verification of the gateway certificate subject (SSL)
Feature: Using WiFi networks sometimes requires a local authentication (via a captive portal). For users using the GINA Mode (VPN Connection before Windows logon), the VPN Client implements a new browsing window which allows the authentication on the captive portal before opening the tunnel.
Feature: New "/status" command line option allows to retrieve the status of a tunnel.
Feature: Support of IKEv2 Fragmentation (RFC 7383)
Feature: Always-on: automatically re-open tunnel when DPD timeout is detected (IKEv1 & IKEv2)
Feature: New certificate selection criteria: It is possible to configure a pattern to be found in the certificate subject.
Feature: Always-on: automatically re-open tunnel when remote network is no longer accessible (IKEv1 & IKEv2)
Feature: "No Split DNS": Ability to force the physical DNS server address to the value of the Virtual DNS Server address. This function solves communication slowness and confidentiality problems.
Feature: "No Split Tunneling": Ability to disable default route on physical interface for all in tunnel configurations
Feature: New "/closeall" command line option (close all tunnels)
Feature: New "/resetike" command line option
Feature: Mode Config / Mode CP: Support of Virtual network size sent by the gateway (by default /24 when not specified)
Feature: Option to check the gateway certificate CRL in addition to its signature.
Feature: Copy / paste of IKEv2 and SSL configurations
Feature: Support of UTF-8 character encoding for X-Auth password (requires a specific configuration)
Feature:(Partner Specific) DH default algorithm is set to "No DH".
Improvement: SSL VPN: Reception Socket buffer sizes are increased to accept traffic peaks
Improvement: Improvement of the automatic software activation when the subscription is going to expire.
Improvement: Improvement of the software activation mechanism if activation errors occure.
Improvement: Polish translation of the VPN Client completed.
Improvement: Various GUI improvement for OEM version (strings, product or trade name, etc.).
Improvement: Connection panel: truncations when the specified font doesn't exist.
Improvement: The PIN code is asked only once when several tunnels from a same phase1 are opened successively.
Improvement: All PKI options are now configurable in vpnsetup.ini (setup initialization) file and via the setup command line options. See the VPN Client Deployment Guide (VPN Premium only).
Improvement: TLS tunnel: TlsAuth option worked only with SHA1 Authentication algorithm. TlsAuth is now possible with all authentication algorithms (SHA256, SHA 512, etc.).
Improvement: TLS tunnel: TlsAuth option is also operational with key direction set to client or server.
Improvement: All opened tunnels are properly closed when Windows shutdowns quickly.
Improvement: New 6.4 parameters are backuped and restored during a software update.
Improvement: In accordance with the development of the new Connection Panel, the system tray menu has been simplified
Improvement: Ability to disable the function "automatic close the tunnel on USB extraction". This option keeps the tunnel open even if the USB drive is removed from the computer.
Improvement: Improvement when handling IKEv1 phase 1 renegotiations with Mode Config.
Improvement: Improvement of the IKE Auth rekeying (IKEv2)
Improvement: Enhancement of the management of IKEv2 gateway renegotiations
Improvement: "Reset IKE" (from console window) starts IKE daemon if it's not already started
Improvement: Various software startup enhancements
Improvement: Improvements when handling a large list of remote networks for SSL connections
Improvement: Various improvements of messages displayed in the console.
Improvement: Systray icon is available after an explorer.exe restart
Improvement: Support of the suffix domain name (Cisco extension: UNITY_DEF_DOMAIN/28674) when received through Mode Config / Mode CP
Improvement: Various improvements in the subscription mode management (VPN Premium only)
Improvement: The GINA Mode correctly handles the subscription mode (VPN Premium only)
Improvement: Ability to open an IKEv2 VPN tunnel when the Mode CP is not enabled and the virtual IP address is not set.
Improvement: Ability to uninstall the software when it is protected with a password
Improvement: Improvement of the IKE service stability
Improvement: IKEv2 CP Mode: ability to specify a smaller remote network on client side
Improvement: Detection traffic in Mode CP now supported with IKEv2
Improvement: Various improvements in the GINA Mode
Improvement: Improvement of the OpenVPN file importation
Improvement: Improvement of the IPv6 management by IKEv2
Improvement: Ability to open automatically a tunnel in GINA Mode
Improvement: The PIN Code is required each time a tunnel is opened (or re-opened), even after a tunnel opening failure.
Improvement: Improvement of the smartcard management (VPN Premium only)
Improvement: Support of secondary Wins Server.
Improvement: Enhancement of the Configuration Panel Control Access security
Improvement: A VPN tunnel correctly closes if the physical interface disappears. (IKEv1)
Improvement: Warning displayed in the Console when an outdated certificate is used in an IKEv2 configuration.
Bugfix: Remote ID mismatch on "DER ASN1 DN" with the same ASCII string.
Bugfix: IKEV2: DPD handling: Tunnel was closing when one DPD message is lost.
Bugfix: IkeV2 child SA is not removed when tunnel is closed for DPD timeout reason.
Bugfix: Could not open tunnel with mixed SujectAltName containing an IP address.
Bugfix: IKEV1: Traffic check with pings doesn't work properly.
Bugfix: No traffic when virtual IP address ends with .255.
Bugfix: SSL VPN: When using TCP mode the tunnel may close unexpectedly.
Bugfix: Silent install is not silent on Windows Seven.
Bugfix: Bad renewal certificate used on the smart card.
Bugfix: IKE SA renegotiation failed with a Fortigate gateway
Bugfix: Error message "driver not signed" when installing VPN Client on Windows 10 with UEFI BIOS option Secure Boot Enabled.
Bugfix: IKEV2 EAP MultAuth tunnel closed after key renewal.
Bugfix: IKEV2 Multiple Auth: When changing an option in IKE SA Tab, certificate vanishes.
Bugfix: PIN code is asked everytime during Phase1 renewal.
Bugfix: Wrong PIN code error occurs during Phase1 renewal in some case.
Bugfix: Socket bind fails when executed too quickly after interface is up.
Bugfix: Bad xauth password leads to a VpnConf Crash.
Bugfix: Import of tunnels with DPD parameters may lead to tunnel instability.
Bugfix: Win10: TgbikeNg is not stopped on Shutdown.
Bugfix: Windows 10: When the user session is locked, the VPN GINA is not displayed.
Bugfix: Configuration with Virtual IP set to "::" doesn't work.
Bugfix: No virtual interface when virtual IP is not specified and remote network is a range of address
Bugfix: The Gateway Certificate CRL was checked despite this checking is disabled.
Bugfix: Crash Ike on specific UNITY_DEF_DOMAIN values sent by the gateway (Mode config / Mode CP).
Bugfix: Configuration Panel and Connection Panel synchronization improvement.
Bugfix: Correct management of the virtual interface MTU
Bugfix: The Configuration Panel and the Connection Panel might appear simultaneously.
Bugfix: Correction of the font in the activation window
Bugfix: Changing language led to address type duplication (in Child SA configuration)
Bugfix: Deleting a ChildSA among N led to the alert: "An invalid argument was encountered"
Bugfix: X-Auth Popup: Passwords containing ";" were not properly handled.
Bugfix: A SA was closed too early when the lifetime is set in Kbytes from the Gateway
Bugfix: Improvement of the certificate subject parsing
Bugfix: IKEv2: When Mode CP is enabled, after tunnel is up, remote network is not properly displayed in VPNConf.
Bugfix: Support of certificates containing multiple subjectaltnames (IKEv1)

Release 6.3

Feature: Ability to hide the activation window which normally appears at the end of a subscription period
Feature: Windows 10 full compatibility
Feature: New Token interoperability with Feitian epass2003 and gemalto/axalto .net
Feature: Compatibility with Fortinet Fortigate IKEv2. TheGreenBow VPN Client is the only VPN Client which can be used to open an IKEv2 tunnel with a Fortigate gateway.
Feature: New Ercom CryptoSmart Micro SD support for IKEv1, IKEv2 and SSL
Feature: New Xiring Pinpad support for IKEv2 and SSL.
Feature: After a 1st installation, a tip is displayed over the taskbar icon in order to show the user how to use the VPN Client.
Feature: Logs can now be enabled from the Console.
Improvement: DPD mechanism improvement
Improvement: Ercom smartcard management improved with SSL
Improvement: Improvement of the .ovpn files conversion (OpenVPN configuration)
Improvement: Security of the tunnel opening is improved : when the gateway CA is unknown, the tunnel doesn't open.
Improvement: IKEv1 - DPD mechanism improvement: tunnel correctly closes on DPD failure and gateway renegotiation, DPD keeps on on network disconnection, DPD timers management is tuned.
Improvement: When a VPN Configuration is created with the Wizard, the default parameters are: DH Group = Auto and Aggressive Mode = TRUE (set)
Improvement: smartcard management improvement
Improvement: Debug/Trace mode can be activated from any window/panel of the VPN Client (Configuration panel, connection panel or Console).
Improvement: Compatibility between tunnel configured with VPN 5.5 and tunnel configured with VPN 6.2
Improvement: Integration of security update for OpenSSL (CVE-2015-0204, FREAK vulnerability fix)
Improvement: Windows IKEEXT cohabitation is correctly managed on Windows 8 / Windows 6.1 upgrade
Improvement: tunnel opening or closing process is stopped on IKE reset
Bug fixing: SSL error "TLS handshake failure: No CA" fixed by improving the management of CA check.
Bug fixing: IKEv1 erratic freeze fixed
Bug fixing: Systray popup message for SSL tunnel fixed
Bug fixing: Compatibility with 3rd party software such as firewall, anti-malware or antivirus
Bug fixing: BSOD/Conflict with 3rd party software
Bug fixing: log files names are correctly updated on date changing.
Bug fixing: Launched in silent mode, the setup ended with a crash if a password greater than 15 characters was set in the command line. This bug is fixed.
Bug fixing: For a 2-DNS tunnel, the management of the second DNS is fixed.

Known issues: List of known issues for this release.

Within VPN Configuration with two VPN Tunnels with the same virtual IP address, only the DNS/WINS server address of the first VPN tunnel is used. Workaround: use 2 different virtual IP addresses if DNS/WINS server addresses must be different for each VPN tunnel.
The traffic indicator in the Connection Panel doesn't work properly with IKEv2 VPN tunnels.
Traffic detection is not working properly with Config Payload mode enabled (i.e. equivalent to Config Mode in IKEv1).
Configuration error when having several IkeV2 or SSL tunnels using a Gemalto Smartcard in PKCS11 Mode
Virtual interface errors are not detected for IkeV2 and SSL tunnels

Release 6.2

Feature: Support of nested tunnels between different protocols
Feature: New Configuration Wizards for IKEv2 and SSL tunnels
Feature: Support of the Ingenico "Leo" Pinpad
Feature: Possibility of certificate injection via a command line option (online certificate injection)
Feature: Support of Freebox compatibility
Feature: Automatic importation and translation mechanism for OpenVPN (.ovpn) and Cisco (.pcf) files
Feature: Smartcard roaming support for IKEv2.
Feature: Handle IKEV2 multi-proposals in order to simplify tunnel setup.
Feature: [SSL] Support of TCP mode for the transport.
Feature: [IKEv2] Automatic switch to PKCS#11 when middleware doesn't work in CSP mode.
Improvement: IKE tunnel closes more quickly on network disconnection.
Improvement: During a software update, the software activation can be processed within a VPN tunnel.
Improvement: Possibility to create a VPN configuration with multiple auth + EAP + certificate.
Improvement: (IKEv1) Phase1 closes (and can be re-open) as soon as the tunnel is closed by the gateway.
Improvement: VPN Client can open tunnels even if the Internet connection appears after it starts.
Improvement: (IKEv2) Local and Remote ID now display explicit "E-mail" instead "ID_RFC822_ADDRESS".
Improvement: Better certificate's management.
Improvement: Dynamic display of Config Payload informations for IKEV2/IPV6.
Improvement: [IKEv2] Support of several Child SA per Initial SA.
Improvement: Improvement of token access speed.
Improvement: [IKEv1] When the PIN code entry is canceled, the tunnel opening process is aborted.
Improvement: Allow to use a self-signed Root Certificate from Windows Certificate Store.
Improvement: USB Mode Confirmation popup only appears when required.
Bug fixing: (IKEv1) "Initial contact" is not sent anymore upon tunnel renegociation.
Bug fixing: Correct management of certificates containing an OID in the subject.
Bug fixing: Tunnel opening on traffic detection might not work after a restart of the VPN Client software.
Bug fixing: Cannot open an IKEv1 tunnel when switching from a network to another while VPN Client is running (on a workstation with two NICs)
Bug fixing: DPD still working when "split tunneling" is enabled.
Bug fixing: [IKEv1] "Automatic" mode works for Phase1 encryption when gateway reports AES.
Bug fixing: Modification of IKE port and NAT port (IKEv1 parameters) is fixed.
Bug fixing: Improvement of Token removal detection.
Bug fixing: [IKEv2] Import certificate with "DC" RDN from Windows Store fixed.
Bug fixing: [IKEv2] VPN tunnel properly opens when Certificate received from the VPN gateway is the same as the user Certificate.
Bug fixing: [IKEv2] VPN tunnel properly opens when no Remote Id has been specified in the VPN Client.
Bug fixing: Windows firewall configuration correctly restored on uninstall.
Bug fixing: [IKEv2] Compatibility with Gemalto PKCS#11 middleware.
Bug fixing: VPNConf synchro issue when using USB Mode and autostart tunnel.
Bug fixing: [DualToken] Fix on multiple partition token (automatic extraction detection).

Known issues: List of known issues for this release.

Within VPN Configuration with two VPN Tunnels with the same virtual IP address, only the DNS/WINS server address of the first VPN tunnel is used. Workaround: use 2 different virtual IP addresses if DNS/WINS server addresses must be different for each VPN tunnel.
The traffic indicator in the Connection Panel doesn't work properly with IKEv2 VPN tunnels.
Traffic detection is not working properly with Config Payload mode enabled (i.e. equivalent to Config Mode in IKEv1).

Release 6.1

Feature: Prevent broadcast transfers to remote network.
Feature: IP address can change during renegotiation with VPN tunnel using IKEv2.
Feature: TheGreenBow IPsec VPN Client becomes TheGreenBow VPN Client as it supports IPsec and SSL.
Feature: Support of IPv4 and IPv6 simultaneously
o Ability to handle heterogeneous IPv4 and IPv6 networks on the LAN and WAN sides, either on corporate or user home networks. The feature 'Auto' (for IPv4/IPv6) enables to support those complex environments with IPsec (IKEv1/v2) or SSL VPN tunnels.
o Ability to detect IPv4 or IPv6 network automatically for both IPsec and SSL VPN tunnels.
o Ability to send IPv4 and IPv6 within the same tunnel.
Feature: Support of IPsec and SSL simultaneously
o Ability to open multiple SSL VPN tunnels with any VPN gateways supporting OpenVPN.
o Introduction of two new user authentication mechanisms specific to SSL i.e. Mode TLS-Auth and Extra Login/Password.
o Auto adaptive capabilities to adapt to the SSL gateway settings automatically, assuming the gateway support multi proposal mechanism. The IT manager can disable this feature and force his own settings.
o Ability to define a redundant SSL gateway in case of unavailability of the primary SSL gateway.
o Ability to open SSL VPN tunnel on detection of traffic to the remote network.
o Ability to start automation via scripts before/after tunnel opens or closes.
o Ability to start a desktop sharing session with a machine on remote network in one click.
o Ability to add traffic compression.
o Inherits all IPsec encryption and hash algorithms from TheGreenBow VPN Client (e.g. SHA1, SHA2, ..).
Feature: Support of IPsec with IKEv1 and IKEv2 simultaneously
o Ability to open IKEv1 and IKEv2 VPN tunnels simultaneously.
o Ability to define a redundant gateway in case of unavailability of the primary gateway.
o IKEv2 introduces a new user authentication mechanism called EAP similar to X-Auth. The new user authentication mechanism EAP can be combined with Certificate (i.e. select multiple Auth support in your VPN tunnel configuration > 'IKEv2 Auth' > 'IKE SA' tab. EAP replaces X-Auth when using IKEv2 VPN tunnel.
o Auto adaptive capabilities to adapt to the gateway settings automatically, assuming the gateway support multi proposal mechanism. The IT manager can disable this feature and force his own settings.
Feature: Supported OS: Windows Server 2003 32-bit, Server 2008 32/64-bit, Server 2012 32/64-bit, Vista 32/64-bit, Seven 32/64-bit, Windows 8/8.1 32/64-bit. TheGreenBow VPN Client 6.0 and further do not support Windows XP.
Feature: Supported languages (25 languages). Arabic, Chinese simplified, Czech, Danish, Dutch, English, Farsi, Finnish, French, German, Greek, Hindi, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai and Turkish.
Improvement: Support of TLS connection without user certificate.
Improvement: Support of all 3 addressing modes i.e. host, subnet and IP address range with IKEv2 VPN tunnels.
Improvement: Certificate Authority (CA) might or might not be specified when importing a P12 certificate within an IKEv2 VPN tunnel configuration.
Improvement: IKEv2 VPN tunnel supports an empty Remote ID and it is considered as 'Accept any ID from remote' as it does in IKEv1 VPN tunnels.
Improvement: Various text strings and user interface improvements.
Improvement: VPN tunnel opens faster when using a certificate on a PKCS#11 Smartcard or Token.
Improvement: All settings in the 'Security' tab are set to 'Auto' mode when creating a new SSL VPN tunnel.
Improvement: VPN tunnel IKEv2 and IPV6, replace mask with prefix length in the Child SA.
Improvement: New menu strings to create a Phase1 and Phase2 consistent between IKEv1 and IKEv2 now called 'New VPN Gateway' and 'New VPN Connection' accordingly.
Improvement: All logs are now tagged by protocol (i.e. IPsec vs SSL) with a new 'Facility' field.
Improvement: Ability to select a specific network interface by its name (i.e. as displayed in 'Control Panel' > 'Network and Internet' > 'Network Connections') instead of an IP address.
Improvement: All traces from console are now available in a text file with other logs when Trace/Debug mode is activated (i.e. Ctrl+Alt+D).
Improvement: Several improvements on the reliability.
Improvement: Names of virtual interface has been changed to be more meaningful (i.e. as displayed in the 'Control Panel' > 'Network and Internet' > 'Network Connections').
Bug fixing: Import or export VPN Configuration to or from a mapped drive fails.
Bug fixing: Packets with a payload smaller than 24 bytes are dropped in IPv6 VPN tunnel, causing issues for FTP.
Bug fixing: Incoming packets ending with .255 on port 4500 are not handled properly.
Bug fixing: 'TSocket message data type 0 could not be sent' error message preventing an IKEv1 VPN tunnel to open using an IPv6 IP address.
Bug fixing: VPN tunnel fails to open due to unknown OID from the Certificate (i.e. Object Identifier). Need to add 'GN' label for OID (i.e. Given Name).
Bug fixing: Pre Shared Key can be saved with shortcut 'Crtl+S' without checking against the 'Confirm' field.
Bug fixing: Error "disagreement on PFS" when configured with 'Auto' for PFS in IKEv1 Phase2 (gateway specific).
Bug fixing: MiniPort driver uninstallation failure (i.e. error x023c) might occur when multiple upgrades from old releases.

Release 5.5

Feature: Support of Gemalto IDPrime .NET USB Token.
Feature: Support of Windows 8.1 32/64-bit.
Feature: Support of Windows 8 32/64-bit.
Feature: Gina Mode supported on Windows Vista 32/64-bit, Windows 7 32/64-bit and Windows 8 32/64-bit.
Feature: Support of new Token ePass3003.
Feature: Added a password confirmation field when exporting a VPN Configuration.
Feature: ESP anti-replay service supported i.e. RFC 2401/4303.
Feature: Added several command lines (and setup init file) to better choose Certificates from Token or SmartCard in VPN Configuration. They are called PKI Options. For more details, look at our deployment guide on our website. 'KeyUsage' allows limiting access only to 'Authentication' certificates from the Token or SmartCard. 'SmartCardRoaming' allows setting the rule used to fetch a Certificate from the Token or SmartCard. 'Pkcs11Only' allows limiting access only to 'PKCS#11' certificates from the Token or SmartCard. 'NoCaCertReq' allows using Certificate with different Certificate Authority the VPN Gateway is using. 'PKICheck' Force the VPN Client to check the Certificate Root Authority when receiving a Certification from the VPN gateway.
Feature: The PKI Options are also manageable through the user interface via a new tab in the 'Tools' > 'Options...' window.
Feature: Exclusion of DHCP protocol from network filter to allow DHCP mechanism when network configuration forces everything in tunnel (0.0.0.0/0.0.0.0).
Feature: Algorithms SHA2 is supported to sign with a CSP smart card.
Feature: Korean and Farsi are now embedded as new languages, bringing to 25 the total number of languages.
Feature: Ability to open the current User Certificate Store when selecting a Certificate in the configuration Panel, instead of the local machine Certificate Store.
Feature: Gemalto .NET with CSP middleware supported on Windows Vista & Seven.
Feature: Enable auto import of VPN configuration if a specific configuration file name is available in the installation folder.
Improvement: Russian, Chinese language strings updated.
Improvement: New order to move the focus from one field to another with the tab key in the Configuration Panel > IPsec Phase 2 tab.
Improvement: Do not display systray popup on Phase1/Phase2 renegotiation.
Improvement: Extended the size of SmartCard PIN code field to be able to enter longer PIN code.
Improvement: Ability to activate the software on Windows machine where system folders like MyDocuments or ProgramData might or might not be available.
Improvement: Ability to connect to Wifi hotspot with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask 0.0.0.0).
Improvement: The 'Lock Access to Config Panel' password popup doesn't have focus.
Improvement: Ctrl+Alt+T is now the shortcut for Trace mode.
Improvement: Support of Cisco ASA special Config Mode behavior with a new option in the Global Parameters panel.
Improvement: Minor cosmetic.
Bug fixing: VPN tunnel fails to open when using a Certificate with a subjectAltName containing several Relative Distinguished Names (RDN).
Bug fixing: VPN tunnel fails to open as Windows Firewall blocks traffic when port 500/4500 only are opened, and using a large Certificate (>1500).
Bug fixing: VPN tunnel fails to open when IKE message from the VPN gateway has been fragmented using a large certificate and those fragmented packets arrived in reverse sequence.
Bug fixing: VPN tunnel is not closing automatically when a Gemalto IDPrime .NET Token configured in the VPN Configuration is unplugged.
Bug fixing: Unable to open tunnel when configuring 8 VPN tunnels with virtual IP address all set to 0.0.0.0.
Bug fixing: The command line option --smartcardroaming is not working properly when set to values 4 or 5 (i.e. Select first smartcard reader found) and several smartcard readers are plugged in at the same time.
Bug fixing: Once tunnel opened using Mode-Config, WINS value might be overwritten by DNS value.
Bug fixing: Unselect PKICheck might not be taken into account in some circumstances.
Bug fixing: A specific and large number of tunnel Phase 1 may crash the VPN Client in some circumstances.
Bug fixing: BSOD when Windows is coming back from sleep mode (Windows XP only).
Bug fixing: Finnish and Danish language typo in the Software Activation window.
Bug fixing: VPN tunnel might not open when another IPSec service is enabled on the machine, as port 500 and/or 4500 are used.
Bug fixing: VPN tunnel re-connection fails with some gateways because INITIAL-CONTACT was not sent.
Bug fixing: Debug log generation fails if software installation folder is changed by user during install.
Bug fixing: Phase1 Renegotiation fails when initiated by a StrongSwan gateway type.
Bug fixing: Silent uninstallation doesn't launch upgrade.
Bug fixing: The VPN Client cannot open a tunnel when using a Certificate with Unicode or UTF8 characters like Japanese characters.
Bug fixing: PKCS#11 middleware used instead of CSP middleware when SmartCardRoaming Option is set to either 2, 3, 4 or 5.
Bug fixing: No wrong PIN code popup when using Smart Card with CSP middleware.
Bug fixing: Alternate DNS/WINS are not applied if tunnel open when enabling 'Auto open this tunnel on traffic detection'.
Bug fixing: In Gina mode and 'Open tunnel' with Alternate DNS/WINS, the DNS/WINS are applied to Local Interface instead of Virtual Interface.
Bug fixing: Packet fragmentation not properly performed when modifying MTU size (some values) on Windows XP.
Bug fixing: Software upgrade fails when using silent mode '/S'.
Bug fixing: Impossible to open with certificate when user does not have admin right.
Bug fixing: VPN Client not responding after received Key renewal from router.
Bug fixing: Wrong Finnish translation in Software Activation window.
Bug fixing: No tunnel when using SHA2 algorithm and Windows Certificate Store.
Bug fixing: Another tunnel does not open properly after unplugging a smartcard with some smartcard models.
Bug fixing: Crash IKE in some network circumstances when coming out of sleep mode, or when tunnel fails to open on 'Wrong Remote Address' followed by 'Save' VPN Configuration.
Bug fixing: Remote Config feature creates logs in the wrong directory.
Bug fixing: Activation not properly working in some circumstances like multiple user levels on the same machine.
Bug fixing: Accept the Section ID in VPN Configuration file coming from the VPN Gateway when virtual IP address is set to 0.0.0.0.
Bug fixing: Support VPN configuration coming from the VPN gateway containing '-' in the tunnel names and also when using configuration with certificates.
Bug fixing: IKE crash when Phase name is too long. Phase names now limited to 49 chars.
Bug fixing: The feature VPN 'Peer to Peer' might fail when there is a router with NAT-T in between, in some network configuration.
Bug fixing: VPN tunnel might not open when configured with a Certificate selected from the User Certificate Store.
Bug fixing: The VPN tunnel opens properly but no traffic goes through when using X-Auth based configuration and VPN Client address is 0.0.0.0.
Bug fixing: VPN Client stops responding for a while after received Key Renewal from the VPN Router in some VPN Configuration circumstances.
Bug fixing: IP address renewal with DHCP server does not working properly with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask 0.0.0.0).
Bug fixing: Import of VPN Configuration not working properly when the Certificate has a local ID type DER_ASN1_DN_ID containing a subject with chars like spaces and '/'.
Bug fixing: 'Phase2' > 'Advanced' > 'Alternate Server' > IP addresses cannot be reset to 0.0.0.0.

Known issues for release 5.5

Known Issues: VPN tunnel might fail to open after upgrade from Windows 8 to Windows 8.1 with the following error message in the Console 'Default exchange_establish: transport "udp" for peer 'P1-P2' could not be created'. A work around would be to disable the Windows service IKEEXT thought 'Control panel' > 'Administrative Tools' > 'Services', or re-install the software. No issue if software installation on Windows 8.1.
Known Issues: Several Certificates with same Subject added to the Windows Certificate Store might prevent a tunnel to open in some circumstances.
Known Issues: The VPN Client might be able to open tunnel under RDP sessions in some circumstances.
Known Issues: Windows might not recognize setup software signature when installing the software for the first time although signature is provided, Windows Vista only.
Known Issues: The VPN Client virtual network interface appears in 'Unidentfied network' list in Windows Control Panel (Network).

Release 5.17 build 001 (May. 2012)

Improvement: Clarification of the rules to select which Certificates to take into account when available via Token, Smartcard Reader.
Improvement: Speed up display of systray menu when 100+ VPN tunnels configured.
Improvement: Log file name format changed to include date/time. This allows smaller file size when sending logs to techsupport.
Bug fixing: VPN tunnel send Certificate Request with DN from a specific Certificate Authority only. However some VPN Gateway might use other CA.
Bug fixing: VPN Client can now send INITIAL-CONTACT message during IKE negotiation.
Bug fixing: Console stops displaying logs after clicking on menu Tools > Reset IKE.
Bug fixing: Some 3G USB drives from Orange (e.g. 3G Business Everywhere) are changing routing settings preventing VPN traffic to go through especially when configuring the VPN Client to force all traffic in VPN tunnel.
Bug fixing: A second VPN Client popup show up when coming back from sleep prior to Windows login if Gina mode (i.e. opening VPN tunnel before Windows logon) has been configured.
Bug fixing: Wrong IKE timestamp format in console.
Bug fixing: VPN tunnel might not re-open properly when using 3G connexion especially if a new IP address is re-assigned by the mobile network.
Bug fixing: When a tunnel is using Config Mode, Phase 2 renegotiation does not use the settings sent by the gateway, but the parameters from the configuration file, therefore preventing from opening the VPN tunnel.
Bug fixing: VPN tunnel might not open properly when using PKCS#11 Certificate and multiple certificate with the same subject on a single smart card.
Bug fixing: VPN tunnel might not open properly when importing a VPN Configuration containing a smart card. The message "conf_x509_subject_set: error while using PKCS#11 middleware" displays.
Bug fixing: Payload CERT_REQ not send properly in some circumstances.
Bug fixing: VPN tunnel might not open properly when coming back from windows sleep mode.
Bug fixing: VPN tunnel configured with IP Address Range might not open properly.
Bug fixing: DNS/WINS addresses might not be restored properly when using Gina Mode (i.e. opening VPN tunnel before Windows logon).
Bug fixing: DNS/WINS addresses might not be configured properly when VPN Client Address (remote IP address is configured to 0.0.0.0).
Bug fixing: Computer freeze in rare case of VPN Configuration using Certificates i.e. Windows Seven 64-bit on some Dell machines.
Bug fixing: Traffic remains blocked when "Disable Split Tunneling" is selected and the VPN Client IP address (i.e. remote IP address of the computer) selected already exists on the computer.
Bug fixing: Traffic might be slower when all traffic forced into tunnel (remote mask is 0.0.0.0) and using IE or Firefox.
Bug fixing: The tunnel might not open properly, when the remote gateway is sending a large Certificate (e.g. key size of 2048-bit).
Bug fixing: MTU modification might not be taken in account (Windows XP 32-bit only).
Bug fixing: VPN tunnel doesn't open with 'Error 307' when the remote network mask contains specific values (e.g. 255.255.254.0, 255.255.252.0,...).
Bug fixing: No smartcard PIN code popup when a special sequence of events occurs, like plugging in the smartcard, then VPN tunnel fails to open (e.g. router not responding), then plugging in again the smartcard.
Bug fixing: VPN Configuration Wizard does not start when software starts and VPN Configuration is empty.

Known issues: here is the list of known issues in this release. This replaces previous list of known issues for this major release. We are doing our utmost to fix them asap.

Known issue: No Gina (aka. Open tunnel before Windows logon) on Windows 64-bit (Vista and Seven). Gina connection panel (before Windows logon) may appear with 5-8sec delay on Windows XP.
Known issue: Wireshark must be installed after the VPN Client software to be able to scan its interfaces.
Known issue: Exporting a VPN configuration to a mapped drive is not possible. No error message but the file is not exported. A work around would be to export to the local disk, and then copy to the mapped drive.
Known issue: VPN tunnel might not open properly after this software upgrade when using Certificates from some Tokens or Smart Cards in some specific circumstances (i.e. Certificate subject). Walk around would be to force the selection of the Certificate in the Configuration Panel. You can do this by going to Phase1, select Pre-Shared Key then save, and select again your Certificate from Token before saving.

Release 5.10 build 009 RC1 (Nov. 2011)

Feature: Ability to support SIP/VoIP traffic in VPN Tunnel (Window Vista and Seven).
Feature: Ability to open a Windows RDP session in one click from systray menu. This allows the user to open a remote desktop sharing with any machine on the remote network. Multiple desktop sharing sessions per VPN tunnel can be defined, and the right VPN tunnel opens automatically when a desktop sharing session is requested.
Feature: Ability to execute a silent un-installation when the software was installed with silent installation configuration.
Feature: Ability to set a specific MTU per IPSEC tunnels.
Feature: Added a checkbox to run the IPSec VPN Client after software installation.
Improvement: Ability to install the software without rebooting Windows operating system.
Improvement: Ability to disable the systray popup window that shows up when opening or closing VPN tunnel.
Improvement: Ability to close all tunnels in one click. New menu item in the Configuration Panel.
Improvement: Show a little USB Icon in Configuration Panel whenever an USB drive is plugged in and the software is in USB Mode (i.e. expecting the USB drive to hold the VPN configuration).
Improvement: Each VPN tunnel Phase1 & Phase2 names now appear in the systray menu.
Improvement: All VPN tunnel names are sorted by alphabetical order in the systray menu.
Improvement: The stability of the IP address change detection has been significantly improved.
Improvement: The stability of the DNS/WINS management has been significantly improved.
Improvement: The time to quit has been significantly improved.
Improvement: The management of Token insertion and extraction has been significantly improved. Upon insertion or extraction, all VPN tunnels are opened or closed accordingly.
Improvement: Ctrl+Alt+D starts the debug logs, and now also add an icon with a link to the log folder.
Improvement: IKE logs are now timestamps with daily span to reduce log files sent to techsupport.
Improvement: More help added for Hybrid Mode. Hybrid Mode requires a Certificate and X-Auth to be set to function properly.
Improvement: Warning info when using an USB drive VPN configuration in case the USB drive was not supposed to be plugged in.
Improvement: A 'Don't warn me anymore' checkbox added in warning popup when the VPN Client address belongs to the remote network configured in 'Remote LAN Address'.
Improvement: 'Block non-ciphered connections' has been replaced by 'Disable Split tunneling'.
Improvement: Support of Token containing multiple certificates with the same certificate subject.
Improvement: Added Certificate validity date check before opening a tunnel. If multiple Certificates, the VPN Client only uses the Certificate with a valid date. If no certificate with valid date can be found, the tunnel does not open, and an error message 'no suitable certificate' displays in the console.
Bug fixing: All VPN tunnel Phase2 do not close when unplugging the smartcard used to authenticate.
Bug fixing: VPN tunnel cannot be opened coming back from Windows Sleep mode.
Bug fixing: Too many errors shown in systray popup window when opening VPN tunnel in some network circumstances.
Bug fixing: Once in USB Mode, the sub-menu 'Move to USB drive' is still enabled.
Bug fixing: OSAport not supported in vpnconf.ini.
Bug fixing: Error message when launching help using 'F1'.
Bug fixing: Software crashes when entering into the USB Mode for the first time in some Windows configurations.
Bug fixing: All leds are green although the IPSec VPN Client is 'giving up' after several attempts to open a VPN tunnel.
Bug fixing: Export of a VPN Configuration can be empty in USB Mode (i.e. VPN configuration has been moved to the USB drive).
Bug fixing: A message 'INVALID COOKIE' received while the VPN tunnel is open might make the systray popup window to show up with orange led instead of green.
Bug fixing: A special icon is displayed in the Configuration Panel tree when 'Auto open on traffic detection' is selected.
Bug fixing: The char '\' should not be allowed in PreShared Key confirmation field.
Bug fixing: Remote LAN address and subnet field are empty after importing a configuration with 'Remote LAN Address' and 'subnet' 0.0.0.0/0.
Bug fixing: Manual activation fails with an Activation error message: 0 in some circumstances.
Bug fixing: Software crashes when numerous clicks on 'Apply' button.
Bug fixing: Tunnel with certificates cannot be opened when using Phase 1 ID with FQDN.
Bug fixing: Setup command option "--GuiDefs" not working properly.
Bug fixing: Silent installation not working properly when used with options "--license", "--activmail", "--noactiv", "--autoactiv", "--guidefs".
Bug fixing: Software crashes when copy&paste an existing VPN tunnel, and then trying to delete it in Configuration Panel.
Bug fixing: Wrong activation code file might be used if multiple users try to activate the IPsec VPN Client on the same machine.
Bug fixing: TgbIke crash when using with smartcard while debug logs are activated and a connection error occurs.

Known issues: here is the list of known issues in this release. This replaces previous list of known issues for this major release. We are doing our utmost to fix them asap.

Known issue: After a Windows session lock/unlock, it may be impossible to open a tunnel, save or apply configuration. A work around is to restart the VPN Client software.
Known issue: No Gina (aka. Open tunnel before Windows logon) on Windows 64-bit (Vista and Seven). Gina connection panel (before Windows logon) may appear with 5-8sec delay on Windows XP. The Gina connection panel does not display when computer is 'locked' on Windows Seven only.
Known issue: After a Windows session logoff/logon with Gina, Internet connection might be impossible due ti DNS/WINS address not restored properly. Switching from one user to another may cause the IPSec VPN client not to function properly. A work around is to restart the VPN Client software.
Known issue: System error when coming back from Windows sleep mode. A work around is to restart the VPN Client software.
Known issue: Wireshark must be installed after the VPN Client software to be able to scan its interfaces.4.
Known issue: Exporting a VPN configuration to a mapped drive is not possible. No error message but the file is not exported. A work around would be to export to the local disk, and then copy to the mapped drive.