Académique Documents
Professionnel Documents
Culture Documents
User Guide
Contact: support@thegreenbow.com
Website: www.thegreenbow.com
All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or
mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the
written permission of the publisher.
Products that are referred to in this document may be either trademarks and/or registered trademarks of the
respective owners. The publisher and the author make no claim to these trademarks.
While every precaution has been taken in the preparation of this document, the publisher and the author assume no
responsibility for errors or omissions, or for damages resulting from the use of information contained in this document
or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be
liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or
indirectly by this document.
Table of Contents
Part VI Settings 29
1 Protect TheGreenBow
...................................................................................................................................
VPN Mobile Software with password 29
1 Console Windows
................................................................................................................................... 33
Part IX Contacts 37
Index 38
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
I
Introducing TheGreenBow VPN Mobile
Introducing TheGreenBow VPN Mobile 2
TheGreenBow VPN Mobile is an IPSec VPN Client software for Windows Mobile Operating
System that allows to establish secure connections over the Internet usually between a remote
worker and the Corporate Intranet. TheGreenBow VPN Mobile helps IT organization to extend the
Intranet to mobile workers whenever they have wireless (GSM, EGDE, 3G) or WiFi networks
available to them. IPSec is the most secure way to connect to the enterprise as it provides strong
user authentication, strong tunnel encryption with ability to cope with existing network and firewall
settings.
TheGreenBow VPN Mobile provides on Windows Mobile devices most of the features from the
TheGreenBow VPN Client version for PC, making deployment of mobile workers extremely easy
for IT managers. In fact, TheGreenBow allows a quite unique capability for IT managers to use the
exact same VPN Configuration on both PC and mobile version of the software.
TheGreenBow VPN Mobile is the result of many years of experience in network security and
Windows network driver development, as well as extensive research in related areas.
The VPN Mobile completes our range of network security products and like all our products is
extremely easy to use and to install.
TheGreenBow strategy is to support as many VPN gateway and appliance vendors as possible,
available right now on the market in order to offer a true multi vendor solution to our customers.
New IPSec VPN gateways or appliances are tested in our labs. The list of certified gateways is
available on our web site and is increasing daily, thus do not hesitate to regularly check for new
certified VPN gateways.
In case your VPN Gateway is not listed, please contact our TechSupport and we'll work with you to
certified it.
TheGreenBow supports several implementations of Linux IPSec VPN like StrongS/WAN and
FreeS/WAN. Therefore TheGreenBow VPN Mobile is compatible with most of the IPSec routers/
appliances based on those Linux implementations. We will support more Linux implementations in
the future. The list of supported Linux VPN appliance is available on our website.
Connection Mode Several wireless connection types like WiFi, GPRS, EDGE, 3G are
supported. A GSM/GPRS, EDGE, 3G connection is automatically
opened if already configured and if there is no WiFi network
available.
Allow IP Range networking.
Split tunneling (forbid non-encrypted connections as soon as a
tunnel is opened).
Tunnel persistence to maintain tunnel opened on unstable wireless
networks.
Tunneling Protocol Full IPSec/IKE support: Our IKE implementation is based on the
OpenBSD 3.1 implementation (ISAKMPD), thus providing best
compatibility with existing IPSec routers and gateways:
IKE aggressive mode, quick mode and main mode
Tunnel mode ESP, tunnel and transport
Change IKE port
Mode-Config: "Mode-Config" is an Internet Key Exchange
(IKE) extension that enables the IPSec VPN gateway to
provide LAN configuration to the remote user's machine (i.e.
VPN Mobile). Once the tunnel is opened with "Mode Config",
the end-user is able to address all servers on the remote
LAN network by using their network name (e.g. \\myserver
\marketing\budget) instead of their IP Address.
NAT Traversal NAT Traversal Draft 1 (enhanced), Draft 2 and 3 (full
implementation)
Including NAT_OA support
Including NAT keepalive
Including NAT T Aggressive Mode
Forced NAT-Traversal mode.
Encryption & Hash It provides AES 128/192/256 bits encryption, DES and 3-DES CBC
56/168 bits.
MD5-HMAC 128bits and SHA1-HMAC 160 bits.
User Authentication PreShared keying and X509 Certificates support. It is
compatible with most of the currently available IPSec
gateways
Flexible Certificate support (PEM, PKCS#12, ...) when
available within the VPN Configuration. Only PKCS#12
Certificates can be imported directly from the mobile device
user interface.
Support of Group 1, 2, 5 and 14 (i.e. 768, 1024, 1536 and
2048)
X-Auth
Dead Peer Detection (DPD) DPD is an Internet Key Exchange (IKE) extension (i.e. RFC3706)
for detecting a dead IKE peer.
Log console All phase messages are logged for testing or staging purposes
allowing to easily narrow the view on specific aspects.
Same VPN Config for both Now, IT Managers can deploy the same VPN Configuration file to all
PCs and Mobile Devices remote workers wether they have PCs or Mobile Devices such as
Pocket PC or Smartphones. This makes it easy to deploy large
number of remote users.
Licensing Lifetime, Temporary, Release based Licensing are available.
Our offer is specially designed to target OEM clients and System Integrators. We provide a fully
functional VPN Client solution to complete existing offers. Our VPN Mobile can be re-branded.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
II
Installing TheGreenBow VPN Mobile
Installing TheGreenBow VPN Mobile 5
1. Desktop to Device
TheGreenBow VPN Mobile installation is a classic Windows installation followed by a
synchronization with the mobile device via one of the following software:
ActiveSynch 4.5 or older on Windows XP.
Windows Mobile device center on Windows Vista.
The Windows Mobile you are using must be in the OS supported list and your computer must be
connected to your mobile device. You can also look at the list of mobile devices (PocketPC,..) we,
or our partners, have tested on the certified mobile devices webpage. If TheGreenBow VPN Mobile
works well with your PocketPC or SmartPhone and it is not on this list, let us know.
Launch TheGreenBow VPN Mobile on your computer, the installation will start.
Click 'Next'. The VPN Mobile software will be uploaded and installed onto the mobile device.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Installing TheGreenBow VPN Mobile 6
Here is what you should see on both your computer and your mobile device:
On the computer using ActiveSynch.. On the Mobile Device..
Note : If the VPN Mobile software is already installed on the Mobile Device, the user is asked to
confirm the software update.
Once done, you should get a confirmation message from Windows Mobile such as:
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Installing TheGreenBow VPN Mobile 7
2. Web to Device
Not supported.
After reset, you can start TheGreenBow VPN Mobile and an icon will appear on right end side of
the mobile device 'Today' screen. TheGreenBow VPN Mobile is set to start when Windows Mobile
starts. This can be reversed via Window Mobile settings.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Installing TheGreenBow VPN Mobile 8
The software installation has created a new directory 'TheGreenBow' under 'My Document'
containing a default VPN Configuration file i.e. 'tgbtest.tgb' that users can use to test the VPN
Mobile software immediately. This default VPN Configuration allows to open a tunnel with one of
TheGreenBow online VPN gateways.
To use your own VPN Configuration see section 'Upload a VPN Configuration'.
TheGreenBow VPN Mobile can be un-installed at anytime. TheGreenBow VPN Mobile un-
installation is a classic Windows un-installation followed by a synchronization with the mobile
device.
Your computer must be connected to your mobile device. Select TheGreenBow VPN Mobile un-
installation in the TheGreenBow application folder on your computer. Windows Mobile Device
Center (Vista) or ActiveSynch (here below for Windows XP) will synchronize with your mobile
device.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Installing TheGreenBow VPN Mobile 9
Uninstallation can be performed on the mobile device itself as well. Just go to Windows Mobile
"Settings" then "System" then select "Remove program".
It is possible to use TheGreenBow VPN Mobile during the evaluation period (i.e. limited to 30
days). When the VPN Mobile is on "Evaluation" mode, the activation tab appears in the VPN
Mobile. Users can activate the VPN Mobile at anytime during evaluation period.
Once evaluation period expires, 'Configuration' tab, 'Settings' tab and 'Console' tab are no longer
available and the VPN Mobile software is disabled.
For use beyond the evaluation period, TheGreenBow VPN Mobile software must be activated. The
Software Activation is a simple process which requires a License Number.
Open the VPN Client software, select the 'Activation' tab and enter your Software License Number
and click on 'Activate'.
The VPN Mobile will automatically connect to TheGreenBow software activation server to activate
the VPN Mobile Software. The Software Activation process will end with a successful Activation
message.
Once the software activation is done, the 'Activation' tab disappears.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Installing TheGreenBow VPN Mobile 10
Errors may occurred during the activation process. Each activation error is briefly explained on the
activation window. The link "More information about this error" below the progress bar provides
online full explanations and recommendations on how to proceed next.
Most of errors encountered may be fixed by carefully checking the following points:
Note: If you didn't succeed to activate the software despite the previous
recommendations, it is always possible to manually activate the software
on our website: http://www.thegreenbow.com/activation/osa_manual.html.
This enables users to immediately fully activate the software.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
III
Quick HowTo's
Quick HowTo's 12
3 Quick HowTo's
There are several ways to open a tunnel (once the VPN configuration has been imported):
Once tunnel is open, the systray menu will change to allow the user to close the tunnel:
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Quick HowTo's 13
2. Single click on the SystemTray icon > Click on 'Configuration' > Select on 'Console' tab and
click on 'Open'.
3. Tunnel opens automatically on traffic. This feature allows the tunnel to open automatically when
traffic to the corporate network is detected. Corporate network addresses are defined in the
Phase2 of the VPN configuration (i.e. 'remote LAN address). If the network is unavailable or
gateway does not respond VPN Mobile tries to re-open the tunnel 4 times.
In case no connection is possible either because it has been configured or the selected wireless
network is not available, the user is informed via the following popup window:
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Quick HowTo's 14
Wireless networks are less stable and require features to maintain the persistence of VPN tunnels
so remote users can count on stable VPN tunnels regardless. In VPN Mobile, both failures of the
remote gateway and the current wireless network used can be detected to make sure the tunnel is
always on when physically possible.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Quick HowTo's 15
3. Moving out of the office from WiFi to GSM/GPRS, EDGE or 3G wireless network
If there is no more WiFi network available or if WiFi just failed because the user comes out of his
office building, a GSM/GPRS, EDGE or 3G connection is automatically opened, if already
configured/enabled, and VPN tunnel is up immediately as the VPN Mobile has detected the
network change instantaneously. Corporate network is still available without user noticing network
change.
4. Moving back into the office from GSM/GPRS, EDGE or 3G wireless network to WiFi
As soon as the GSM/GPRS, EDGE or 3G connection is lost, and the WiFi connection is enabled,
the VPN Mobile will try to reopen VPN tunnel immediatly without user noticing. WiFi network might
not be available right away therefore several attempts are made till the VPN tunnel opens again.
Tunnel Persistence makes easier VPN software for mobile users regardless of standards and
technologies used by the wireless providers or the visited wireless networks.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Quick HowTo's 16
The first step would be to upload your VPN Configuration onto the Mobile Device like any other
files. It is possible to use the exact same VPN Configuration file you are using with the PC version
of TheGreenBow VPN Client. However, in case several VPN tunnels have been configured in the
VPN Configuration, only the first VPN tunnel configured will be uploaded into the TheGreenBow
VPN Mobile.
Note: The VPN Configuration shall not protected with a password prior to import.
Step1: Single click on the SystemTray icon > click on 'Configuration' > click on 'Load'.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Quick HowTo's 17
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
IV
Navigating the User Interface
Navigating the User Interface 19
The VPN Mobile user interface can be launched via a single click on application icon in system
tray. Once launched, the VPN Mobile software shows an icon in the system tray that indicates
whether a tunnel is opened or not, using color code.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Navigating the User Interface 20
Blue icon: no VPN tunnel is opened. Green icon: at least one VPN tunnel is opened.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Navigating the User Interface 21
Portrait and Landscape modes are both supported. However, some panels may not display
properly when switching from one mode to another. In case mode change is required, then please
stop and restart VPN Mobile software.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
V
VPN Configuration
VPN Configuration 23
5 VPN Configuration
The same VPN Configuration can be deployed on TheGreenBow VPN Client for PC and
TheGreenBow VPN Mobile for Windows Mobile based devices.
IT Managers can use TheGreenBow VPN Client for PC to create VPN Configurations and import
them onto the mobile devices.
Step1: Launch TheGreenBow VPN Client for PC and open the Configuration Panel.
Step2: Setup all VPN parameters, click 'Save&Apply' and export your VPN Configuration as a '.tgb'
file (see also TheGreenBow VPN Client User Guide on our website)
Step3: Upload your VPN Configuration on the Mobile device.
In case you are not using TheGreenBow VPN Client for PC already, you can download
TheGreenBow VPN Configurator software available on our website.
Step1: Launch TheGreenBow VPN Configurator for PC and open the Configuration Panel.
Step2: Setup all VPN parameters, click 'Save&Apply' and export your VPN Configuration as a '.tgb'
file (see also TheGreenBow VPN Client User Guide on our website)
Step3: Upload your VPN Configuration on the Mobile device.
Here is how to upload your VPN Configuration onto the Mobile Device:
Connect your mobile device to your PC. A new drive is created under 'My Computer', thanks to
ActiveSynch software.
Drag&drop your VPN Configuration file from the computer onto the drive of the mobile device
under 'MyDocument' using Windows Explorer.
From the mobile device, import the VPN Configuration into TheGreenBow VPN Mobile.
Note: It is possible to use the exact same VPN Configuration file you are using with the PC version
of TheGreenBow VPN Client. However, the VPN Client can manage only one tunnel. In case
several VPN tunnels have been configured in the VPN Configuration, only the first VPN tunnel
configured will be uploaded into the TheGreenBow VPN Mobile.
Once uploaded onto the mobile device, the VPN Configuration needs to be imported in
TheGreenBow VPN Mobile. Here are the steps:
Step1: Single tap on the SystemTray icon > tap on 'Configuration' > tap on 'Load'.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
VPN Configuration 24
Step2: Select the right folder to find your VPN Configuration and double click on your VPN
Configuration.
Once imported in TheGreenBow VPN Mobile the VPN Configuration can be modified.
Click on 'Apply' to make sure modifications have been taken into account.
It is possible to import a Certificate into the TheGreenBow VPN Mobile for strong user
authentication. In this software release only PKCS#12 Certificates can be imported directly from
the mobile device.
Step1: Single click on the systray icon > go to Configuration tab > click on 'Certificate Import..' as
followed:
Step2: Select the right folder and the required Certificate in the list:
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
VPN Configuration 26
X-Auth is a great capability to add more security for remote users. It is possible to define the login
and password of an X-Auth IPSec negotiation. If "X-Auth popup" has been selected while building
the VPN Configuration, a popup window asking for a login and a password will appear each time
an authentication is required to open a tunnel with the remote gateway. The end-user has few
seconds to enter its login and password before X-Auth authentication fails.
Note: This time out can be configured in the VPN Configuration but it is not taken into account
within the VPN Mobile.
In case 'Don't ask again' is selected, the login and password won't be asked each time it is
required to open a tunnel. After the VPN Mobile restarts, the login and password for X-Auth
authentication will be asked again.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
VPN Configuration 27
The VPN Mobile Setup embeds a Default VPN Configuration and this default VPN Configuration is
loaded right after software installation. This Default VPN Configuration enables to open a tunnel to
our TheGreenBow Demo Server.
It is particularly useful to check if a tunnel can be opened from the mobile device to an operational
remote gateway for test – and eventually for debug – purpose.
This VPN configuration file i.e. 'tgbtest.tgb' is saved in a new directory 'TheGreenBow' under 'My
Document' created during software installation.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
VI
Settings
Settings 29
6 Settings
TheGreenBow VPN Mobile Software is installed WITHOUT password. Please make sure a
password is setup as soon as possible after installation.
To setup a password, click on the systray icon > go to 'Settings' tab and select 'Protected by
Password'.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Settings 30
Password can always been changed later on by going back to 'Settings' tab. Once 'Protected by
Password' is selected, the user will be asked to enter is password whenever he tries either to open
a tunnel from systray menu or to open Configuration tabs:
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Settings 31
Note: the password is not stored as soon as this feature is disabled, and it must re-entered again
to enable the protection.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
VII
Console and Logs
Console and Logs 33
The 'Console' tab displays the VPN IPSec messaging. This tools can be used to analyze VPN
tunnel behavior which is particularly useful to IT managers in setting up their networks.
Button Description
Clear Clear console window content.
Save Save all logs in a file 'vpnlog.txt' under 'MyDocuments\TheGreenBow.
Open/Close Open or Close tunnel.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
VIII
Software Localization
Software Localization 35
8 Software Localization
The localization (L10N) of the VPN Mobile is now possible, even by a third party company.
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Part
IX
Contacts
Contacts 37
9 Contacts
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
38 Index
Index -L-
-A- Linux appliance compatibility
Localization
2
35
Activation 9, 10 Log file 33
Activation errors 10
-M-
-C- Modify a VPN Configuration 24
Certificate 25 Multi Gateway Compatibility 2
Certificate import 24, 25
Change a VPN Configuration
Change Pre-Shared key
24
24 -N-
Console 33 Navigating user interface 19
Create a VPN Configuration 23
-D- -O-
OEM Partners 3
Default VPN Configuration 7, 27 Open tunnel 12
-E- -P-
Evaluation period 9 PKCS#12 Certificate 25
Pre-Shared key 24
Feature list 2
-S-
-G- Sales contact
Settings
37
29
Gateway Address 24 Software Activation 9
Support contact 37
Supported Languages 2, 35
-H- Supported Operating Systems 2
System tray icon 19
How to install ? 5, 7
HowTo create a VPN Configuration 23
HowTo import Certificates
HowTo open a tunnel
25
12
-T-
HowTo protect access with password 29 Test VPN Configuration 27
HowTo save log file 33 TheGreenBow VPN Configurator 23
HowTo troubleshoot VPN 15 Tunnel persistence 14
HowTo upload a VPN Configuration 23
-U-
-I- Uninstall 8
IKE/IPSec Logs 33 Upload a VPN Configuration 23
Import Certificates 25 User Authentication 24, 25, 26
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Index 39
-W-
What's the TheGreenBow VPN Mobile for 2
?
-X-
X-Auth 26
TheGreenBow VPN Mobile 2.0 - User Guide Property of TheGreenBow© - Sistech SA 2000-2008
Secure, Strong, Simple.
TheGreenBow Security Software