x64 VPN Client that supports IPSec (Shrewsoft)

[James]

So, we've been facing some "opposition" at work to moving to an x64 environment in general. People love the idea of more RAM to playwith, etc. but a lot of them are still stuck using certain tools.

One of these tools is the Cisco IPSec VPN Client. This client is 32-bit only, and will never be ported to x64. Cisco's current claim is that if you want x64 VPN connections, you need to use SSL or DTLS with their new AnyConnect client. Anyconnect is great, and it works well, but each ASA we have is licensed for only 2 SSL connections, but we have licenses for over 20 IPSec connections. With that in mind I've been researching the options for x64 VPN clients. Didn't find much until recently I cam across Shrewsoft's VPN client. It's an open source client, is compatible with all versions of Windows, and seems to support everything we'll be needing.

I don't know if it will work, or how well it will work, etc. I will find out when I start testing tonight. But considering that IPSec VPN connections are prevalent, I figured I would share what I found with all of you.

ShrewSoft VPN client

[Vindir]

Would it be an option to go ipsec and just set up some good old open source openvpn clients for everyone?

[James]

Would it be an option to go ipsec and just set up some good old open source openvpn clients for everyone?

I suppose so. But isn't OpenVPN SSL connection based only anyway?

*Edit: In house yes. In house we actually have the few of us on x64 OS's running the Cisco AnyConnect VPN client, using the SSL connections. Sadly, we do a lot of work for hire, and our customers tend not to update their software that often. That means needing to be able to connect to IPSec VPN's when needed.

[Vindir]

Yeah, dumb on my part, openswan is the ipsec one.

What's running on the serverside that you guys are trying to connect to? I was reading it as though you're looking for an end-to-end kind of solution originally. Openswan has info on their wiki for using the toolset to connect to different vendor's implementations and the native windows ipsec for xp sp2+ is always an option on the windows boxes. Sounds like you're looking for an actual purpose-built client though.

Any luck with shrewsoft so far?

[vertices]

Are these techs or users? At my company, we only VPN from VMs. It's so much easier all the way around.

[James]

Yeah, dumb on my part, openswan is the ipsec one.

What's running on the serverside that you guys are trying to connect to? I was reading it as though you're looking for an end-to-end kind of solution originally.

Any luck with shrewsoft so far?

Are these techs or users? At my company, we only VPN from VMs. It's so much easier all the way around.

They are programmers, so sort of techie, but prefer to have stuff that just works. Half of them currently run Mac's, so they actually have Windows XP VM's that they VPN in from.

As for the other end, most of our clients have Cisco VPN concentrators, very old ones. This means IPSec only, and it means they are loathe to change, as they invested very very large amounts of money into the Cisco solution.

So far no luck with Shrewsoft, but that's because I need to sit my work laptop down next to my home PC and go through the settings. Shrewsoft offers a plethora of options, which without knowing exactly what is needed for our Cisco Concentrator (the in house one I'm testing against), it makes it very hard to establish a connection.

I should know more tonight, part of my playing around with this software has been derailed by me playing around with Mass Effect 1 in an attempt to "finish" a save for ME2.