Company  |  Products  |  Services  |  News  |  Partners  |  Support

IPSec VPN Client Management Tools

Home > Products > VPN Client > Download > Tools



Using Certificates

The goal of this section is to explain how to generate Certificates, convert Certificates to PEM format and import Certificates into TheGreenBow IPSec VPN Client.

Certificate User Guide

For users who want to use Certificates, we especially provide a User Guide which details the procedure to generate and use certificates with our IPSec VPN Client.

Certificate User Guide

Certificate generation tool

It is necessary to use a third party Certification Authority to be able to generate X509 Certificates and to open a VPN tunnel securely. There are many options to generate Certificates like using Microsoft Certificates server (i.e. Microsoft Certificate Service) available under Windows 2000-2003 Server, OpenSSL or some VPN Router themselves.

Certificate Script

IPSec VPN Client command line


Stop the IPSec VPN Client

TheGreenBow IPSec VPN Client can be stopped at any time with the command line option: "/stop"

Example: " vpnconf.exe /stop "

This functionality allows the IPSec VPN Client to be called within a script, opening the IPSec VPN Client as the network connection is starting, closing the IPSec VPN Client as the connection ends.
Note: If one or several tunnels are active, they are correctly closed.



Open and Close VPN connections

TheGreenBow IPSec VPN Client can be open and close VPN connections at any time with the command line options: "/open", "/close"

  • /open:[NamePhase1-NamePhase2]
    This option enables to open a VPN tunnel.
    Example: vpnconf.exe /open :Corporate-gateway1
  • /close:[NamePhase1-NamePhase2]
    This option enables to close a VPN tunnel.
    Example: vpnconf.exe /close :"Home gateway-cnx1" (double quote required because name contains a space character).


Import a VPN Configuration

TheGreenBow IPSec VPN Client can import a specific VPN configuration file using the command line options: "/import:" or "/importonce:"

Example: " vpnconf.exe /importonce:"C:\My documents\config.tgb" "

  • /import: may be used whether the IPSec VPN Client is running or not. When the IPSec VPN Client is already running, it imports dynamically the new VPN configuration and automatically applies it (i.e. restarts the IKE service). If the IPSec VPN Client is not running, it is launched with the new VPN configuration.

    The "/import" option can be used to open a tunnel with a double-clic on a "tgb" file (also called the "dial-up" mode): This allows for example to open a tunnel with a double-clic on a 'tgb' file from the desktop, or to deploy a configuration by email.
  • /importonce: allows to import a VPN configuration file without running the IPsec VPN Client. This command is especially useful in installation scripts: it allows to run a silent installation and to import a VPN configuration automatically.
  • /replace: enables to replace the current configuration by a new VPN Configuration. This feature is available in software release 4.1 and older, and may be used instead of the /importonce option to import a VPN configuration file without running the VPN Client.
  • /add: Import a new VPN Configuration into an existing VPN Configuration and merge both into a single VPN Configuration. This command line may be used either if the VPN Client is running or not. This command doesn't start the VPN Client if it is not running already.
Since the release 3.1 of TheGreenBow IPSec VPN Client, certificates can be embedded within a configuration file to be imported. For more details, see the IPSec VPN Client User Guide.



Export a VPN Configuration

TheGreenBow IPSec VPN Client can export a specific IPSec VPN configuration file using the command line options: "/export:" or "/exportonce:"

Example: " vpnconf.exe /export:"C:\My documents\export.tgb " "

  • /export: may be used whether the IPSec VPN Client is running or not. When the IPSec VPN Client is already running, it exports dynamically the VPN configuration. If the IPSec VPN Client is not running, it is launched after having exported the configuration.
  • /exportonce: allows to export a VPN configuration file without running the IPSec VPN Client. This command is especially useful in installation scripts: it allows to run a silent uninstallation and to export a VPN configuration automatically.
All 6 arguments "import", "importonce", "export", "exportonce", "replace" and "add" are exclusives and cannot be used together.




IPSec VPN Client Deployment tools

Embedded VPN Configuration

A specific VPN Configuration file can be embedded within the VPN Setup. This VPN Configuration will be automatically imported at the first time the software is run. This feature enables to embed pre-configured VPN configuration and to deploy "customized" setups to end-users.

See our Deployment Guide for details about how to embed a VPN Configuration in a VPN setup.

VPN Setup Options

The VPN Setup handles several command line options. These options are used to customized the Software installation and must be preceded by 2 dashes.
  • --start=[1(default)|2]
    Enables to define the way the software will start:
    - 1: the software will automatically starts after Windows logon. For opening VPN tunnel before logon, please have look the 'Gina Mode' in the IPSec VPN Client User Guide
    - 2: the software will start only when it is run by the end-user.
  • --guidefs=[full(default)|user|hidden]
    Enables to define the way the software will be displayed to the end-user:
    - full: Configuration Panel
    - user: Connection Panel
    - hidden: No GUI can be displayed by the end-user.
      He only can open/close tunnels via the systray menu.
  • --menuitem=[00-31(default)]
    Enables to specify the items of the systray menu, the value is a bitfield, where each bit defines a menuitem:
    - 1: Quit
    - 2: Connection Panel
    - 4: Console
    - 8: Save & Apply
    - 16: Configuration Panel
    Example: menuitem=5 will configure a systray menu with Quit + Console.
    Note 1: the tunnels are always shown in the systray menu, and can always be opened and closed from this systray menu.
    Note 2: 'Menuitem' and 'guidefs=hidden'.
    By default, guidefs=hidden set the systray menu to Quit + Console.
    But 'menuitem' takes precedent over 'guidefs'. It means the following options: "--guidefs=hidden --menuitem=1" will set a systray menu with only the 'Quit' item.
  • --license=[license_number]
    Enables to embed the license number of the software.
  • --password=[password]
    Enables to control the access to the VPN Configuration Panel with a password.
    The end-user will be asked for the password:
    - when he clicks or double-clicks on the VPN systray icon
    - when he wants to switch from the Connection Panel to the Config. Panel.
  • --activmail=[mail@company.com]
    Enables to define the email to which the software activation confirmation will be sent. Thus, it enables IT Managers to check each software activation on a single email address. When this email is pre-configured, it cannot be modified by end-users.
  • --autoactiv, --noactiv, --lang
    See also our Deployment Guide for details about these setup options.
 
 
TheGreenBow, CryptoMailer are trademarks
© 2000-2010 TheGreenBow. All rights reserved.