Tuesday, April 22, 2008

IPSec compliant VPN client for Windows XP 64

I used to use the Netscreen Remote VPN Client for VPN access. But unfortunately, I had to add it to my growing list of programs that are not supported by Windows XP 64. (http://www.nscreensales.com/NetScreen_Remote_VPN_Client_10_user_lic_p/ns-r8a-010.htm)
VPN access was absolutely critical for me and so I spent quite some time trying different VPN clients that would work with our Netgear 5GT hardware. (The basic criteria is that the client must support IPSec).
After a lot of search and testing I found that "NCP Secure Entry Client" to be a good and easy to use IPSec compliant VPN client that also worked on my XP 64 machine. (link). NCP also bills its software as the first one to support XP 64 (link) and from all my searching - I think that it is a true statement.
As for setting up the client to work with my company's VPN server, once I had all the settings - the setup was easy and straight forward. The UI is a lot better than the NetScreen client and provides more information about the connection status. The only thing I dont like about it - is its price - which at $130 per license is a lot more than Netscreen's client ($100 for 10 seats).
And as for the information that you need to setup your VPN client - (this should be universal for all clients, but might change based on your server's setup as well as the client might reference the information using different names).
1. IP (or the name) of the VPN hardware. This is the address of the VPN hardware that you will connect to.
2. IKE Policy (phase 1): Authentication type, Encryption algorithm, Hash algorithm, DH group.
3. IPSec policy (phase 2): Protocol (probably ESP), Transform algorithm and authentication algorithm.
4. Exchange mode: Aggresive or main mode.
5. PFS group.
6. Advanced IPSec settings: Is compression turned on?, Does dead peer detection need to be disabled? and if UDP encapsulation has to be turned on and if so which port is to be used?
7. Local Identity information: Id type and ID.
8. Whether authentication is based on a pre-shared key or certificates? (and if pre-shared key - then what is the key)
9. If using XAuth, then you need the user name and password.
10. IP address assignment for the local machine. (This can be provided by DHCP over the VPN connection or staticly set by the admin and provided to you. Other options are also available)
11. Network addresses and subnet masks over which the VPN tunnel should be used.

No comments: