mGuard Secure VPN Client
Secure VPN connections to the mGuard Secure
Ecosystem for desktop, laptop or tablet PCs running
on Windows operating systems 10, 8.x and 7
Easy. Secure. Reliable.
The mGuard Secure VPN Client for Windows is a major component of the mGuard Secure Ecosystem. Available as a software application for connecting PCs to a virtual private network (VPN), the client makes remote resources of other networks available in a highly secure and transparent way as if the user was connected directly to that "private" network. Thus, a VPN extends a private network across a public network, such as the Internet.
The virtual private networks used are based on the reliable IPsec security protocol which guarantees the confidentiality, authenticity and integrity of all information and data transmitted between the VPN client and the mGuard Secure Ecosystem.
Designed as a one-click solution, this IPsec client software automatically selects the best possible communication medium, controls internet connectivity and initiates the setup of a VPN tunnel. A centrally defined parameter lock prevents intentional or accidental configuration setting changes by users.
Ideal for road warriors, service staff and teleworker, the VPN client supports both and stationary use cases. The mGuard Secure VPN client is compatible with all mGuard VPN Appliances, mGuard Secure Clouds and mGuard Virtual Appliances: the mGuard Secure Ecosystem.
Test it
- Download a free 30-days trial version of the mGuard Secure VPN Client // version 10.x
Buy it
- Buy a full version of the mGuard Secure VPN Client // version 10.x online
Activate it
- Activate your mGuard Secure VPN Client
Update it
- Current version: 10.02
- An update can be done as follows: Start mGuard Secure VPN Client, click on ′Help > Search for Updates > Search now′
- Release Notes mGuard Secure VPN Client v10.02
Technical Details
OS Support:
Windows (32-bit): Windows 10, 8.x and Windows 7
Windows (64-bit): Windows 10, 8.x and Windows 7
Virtual Private Networking:
IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption:
Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); hash algorithms: SHA-256, SHA-384, SHA-512, MD5, DH group 1,2,5,14-18
FIPS:
The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
- DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
- Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
- Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES
Authentication Process:
IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; Mode Configuration for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready
Authentication Standards:
X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates;
CSP for use of user certificates in Windows certificate store PIN policy;
PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP
Networking:
LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network, Broadband from Windows 7) support
VPN Path Finder:
Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible (Requirements: Path Finder enabled VPN gateway, available from mGuard Firmware 8.3)
RFC Compatibility:
RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP security architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, Mode Configuration, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP
mGuard Secure VPN Client FAQ
- F: When installing the mGuard Secure VPN Client, the installation routine sometimes aborts without an error message.
- A: First of all install mGuard Secure VPN Client version 10.02 or higher which should solve these problems.
While installing the mGuard Secure VPN Client on Windows, it can lead to problems when other Windows filter drivers are involved. In particular, virus scanners and local firewalls from Kaspersky, Symantec and Trend Micro can be mentioned here. But also other VPN-Clients auch as Cisco and Shrew Soft or network sniffer like Wireshark often prevent a successful installation. These software packages should be optionally uninstalled before installing the mGuard Secure VPN client. After a successful installation of the VPN client they can be reinstalled.
- F: In rare circumstances uninstalling the mGuard Secure VPN Client does not work.
-
A: While uninstalling the mGuard Secure VPN Client on Windows, it can lead to problems when other Windows filter drivers are involved. In particular, virus scanners and local firewalls from Kaspersky, Symantec and Trend Micro can be mentioned here. But also other VPN-Clients auch as Cisco and Shrew Soft or network sniffer like Wireshark often prevent a successful installation.
It helps to set the mGuard Secure VPN Client into the ′Change mode′ as follows:
- Open Programs and Features by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
- Select the program ′mGuard Secure VPN Client′, and then click Change or Repair.
- Follow the instructions to uninstall.
Easy. Secure. Reliable.
The mGuard Secure VPN Client for Windows is a major component of the mGuard Secure Ecosystem. Available as a software application for connecting PCs to a virtual private network (VPN), the client makes remote resources of other networks available in a highly secure and transparent way as if the user was connected directly to that "private" network. Thus, a VPN extends a private network across a public network, such as the Internet.
The virtual private networks used are based on the reliable IPsec security protocol which guarantees the confidentiality, authenticity and integrity of all information and data transmitted between the VPN client and the mGuard Secure Ecosystem.
Designed as a one-click solution, this IPsec client software automatically selects the best possible communication medium, controls internet connectivity and initiates the setup of a VPN tunnel. A centrally defined parameter lock prevents intentional or accidental configuration setting changes by users.
Ideal for road warriors, service staff and teleworker, the VPN client supports both and stationary use cases. The mGuard Secure VPN client is compatible with all mGuard VPN Appliances, mGuard Secure Clouds and mGuard Virtual Appliances: the mGuard Secure Ecosystem.
Test it
- Download a free 30-days trial version of the mGuard Secure VPN Client // version 10.x
Buy it
- Buy a full version of the mGuard Secure VPN Client // version 10.x online
Activate it
- Activate your mGuard Secure VPN Client
Update it
- Current version: 10.02
- An update can be done as follows: Start mGuard Secure VPN Client, click on ′Help > Search for Updates > Search now′
- Release Notes mGuard Secure VPN Client v10.02
Technical Details
OS Support:
Windows (32-bit): Windows 10, 8.x and Windows 7
Windows (64-bit): Windows 10, 8.x and Windows 7
Virtual Private Networking:
IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption:
Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); hash algorithms: SHA-256, SHA-384, SHA-512, MD5, DH group 1,2,5,14-18
FIPS:
The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
- DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
- Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
- Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES
Authentication Process:
IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; Mode Configuration for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready
Authentication Standards:
X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates;
CSP for use of user certificates in Windows certificate store PIN policy;
PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP
Networking:
LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network, Broadband from Windows 7) support
VPN Path Finder:
Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible (Requirements: Path Finder enabled VPN gateway, available from mGuard Firmware 8.3)
RFC Compatibility:
RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP security architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, Mode Configuration, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP
mGuard Secure VPN Client FAQ
- F: When installing the mGuard Secure VPN Client, the installation routine sometimes aborts without an error message.
- A: First of all install mGuard Secure VPN Client version 10.02 or higher which should solve these problems.
While installing the mGuard Secure VPN Client on Windows, it can lead to problems when other Windows filter drivers are involved. In particular, virus scanners and local firewalls from Kaspersky, Symantec and Trend Micro can be mentioned here. But also other VPN-Clients auch as Cisco and Shrew Soft or network sniffer like Wireshark often prevent a successful installation. These software packages should be optionally uninstalled before installing the mGuard Secure VPN client. After a successful installation of the VPN client they can be reinstalled.
- F: In rare circumstances uninstalling the mGuard Secure VPN Client does not work.
-
A: While uninstalling the mGuard Secure VPN Client on Windows, it can lead to problems when other Windows filter drivers are involved. In particular, virus scanners and local firewalls from Kaspersky, Symantec and Trend Micro can be mentioned here. But also other VPN-Clients auch as Cisco and Shrew Soft or network sniffer like Wireshark often prevent a successful installation.
It helps to set the mGuard Secure VPN Client into the ′Change mode′ as follows:
- Open Programs and Features by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
- Select the program ′mGuard Secure VPN Client′, and then click Change or Repair.
- Follow the instructions to uninstall.
