Windows XP client – ShrewSoft VPN Client

ShrewSoft VPN Client is a free software. It was made to ensure interoperability between IPsec-tools (racoon) and Microsoft Windows. The focus of this chapter is not exploring all its possibilities, but setting it up as a client in roadwarrior scenario. After it's installed and ran, a window as shown in picture opens. The new connection can be added here.

Main window of the ShrewSoft VPN Client tool

On the first tab of the configuration window are network preferences. IP address of VPN gateway should be inserted, as well as other options shown in picture.

Network options of the ShrewSoft VPN Client tool

On the second tab of the configuration window are options to manually set internal IP address of the client. This should be set to be obtained automatically, as shown in picture.

Client options of the ShrewSoft VPN Client tool

First authentication tab configures the clients identity as shown on picture, and the authentication method is set to Hybrid RSA + XAuth.

First authentication tab of the ShrewSoft VPN Client tool

The second authentication tab configures the gateway identity in a same way as clients identity above. The third authentication tab configures path of the used root certificate, as shown in picture.

Third authentication tab of the ShrewSoft VPN Client tool

The fourth tab configures IKE first phase options. These should be set as shown in picture to correspond to the options set on racoon roadwarrior client.

IKE first phase options of the ShrewSoft VPN Client tool

The fifth tab defines IKE second phase options. These should be set as shown in picture, to also correspond to the options set on racoon roadwarrior client.

IKE second phase options of the ShrewSoft VPN Client tool

Finally, the last tab defines the needed SPs. The simplest is to add the needed local network 192.168.112.0 with 255.255.255.0 net mask, as shown on picture.

SP policy configuration of the ShrewSoft VPN Client tool

After configuration, the connection is established by clicking the Connect button after inserting necessary user name and password. The connection is then established, as it can be seen by traffic recording explained in the previous chapter. It should be mentioned that this doesn't apply to all the traffic because the needed routes are not set up in the Windows environment. For that purpose, the Windows console tools (ipconfig and route) are available.