Windows 7 64 bit VPN Client – ShrewSoft

Ok, so I couldn’t get Cisco’s VPN client to work for Windows 7 64 bit. So I went in search of another VPN solution that would be more compatible.

(UPDATE: I got ShrewSoft’s VPN Client working, so keep reading down below.)

I came across ShrewSoft’s VPN Client a while ago, but it originally blue screened my Windows 7 box, but it was a version that didn’t support Windows 7. However they have a new version that is out that is for Windows 7 64 bit. Actually they now have a release version on their download site but there is a beta of the next version (Update 3/05/2010)2.1.6-beta-6 that your may want to use (or a later version if you are reading this well after I wrote or updated it). See the comments on why.

I installed it and it requested a reboot so I rebooted, and the first good news is that I didn’t blue screen when my workstation booted up. Horray!!!

After installing, I tested undocking my laptop from its docking station and then docking my laptop, and again, no blue screens, so I think it is good to go. Now I just have to figure out how to configure it to connect here at work.

I like the license, they say:

The Shrew Soft Client for Windows is free for both commercial and private use. Please read below for complete license details. Click here…

Stay tuned for more testing….

Ok…I am back for more notes.

At work we are using a Cisco VPN solution, so it turns out that when my Cisco VPN would install on a 32 bit machine, it used a .pcf file. Well, guess what is awesome about ShrewSoft’s VPN Client? It can import a .pcf file.

I imported the .pcf file and I appear to connect, then disconnect. Not sure what is going on. I am at work, but I should be able to connect to the VPN while at work, at least that is what my IT staff said.

So hopefully it connects when I am at home.

Here is my log:

config loaded for site ‘MyConfig.pcf’
configuring client settings …
attached to key daemon …
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel …
network device configured
tunnel enabled
session terminated by gateway
tunnel disabled
detached from key daemon …

I will try to debug later…

All right I am back again and I am trying to debug. I found this post:
http://lists.shrew.net/pipermail/vpn-help/2009-October/002282.html

There is a program under Start | All Programs | Shrew Soft VPN Client called “Trace Utility” that is installed with the Shrew Soft VPN Client can be used for debugging. However, it wouldn’t work for me. The buttons weren’t enabled.

I had to right-click on the “Trace Utility” shortcut and choose “Run as administrator” then I was able to turn on debugging.

Positives for Shrew Soft VPN Client
– It has a debugging utility.
– It supports Windows 7 64 bit
– It imports cisco .pcf files.
– There is a lot of documentation.

Negatives for Shrew Soft VPN Client
– I don’t have it working yet
– There is not really any clear failure reason for a user.

So I will keep at it. I think I am about going to email the developer, but I sure don’t want to bug him.

Hopefully for some of you, it worked first time for you when you imported the .pcf file.

Got it working

Another positive. The developer has a mailing list, as you saw with one of my links above. I found this link:
http://lists.shrew.net/pipermail/vpn-help/2009-October/002275.html

The key piece of information I needed was this:

If it gets to the ‘tunnel enabled’ point, that means you completed phase1, Xauth and modecfg negotiations. Its probably a phase2 option. As I mentioned to others on the list, try playing with the PFS setting or enabling the cisco-udp NAT-T option.

In the tool, after importing my .pcf file, I only had to make one configuration change. I had to change the PFS setting to “group 2”. See this screen shot.

VPN Setting

So I have this working now.

I have to say that I am very impressed with Shrew Soft. It took me some time to figure it out, but it works. Now the only question time will tell is how stable it is. Expect an update in a week or two about whether I think the Shrew Soft VPN Client is stable.

The steps are easy for me to connect to my VPN at work. Now every VPN is different so I am sorry if these steps don’t work for you:

  1. Use the correct (and latest) version: 2.1.6-beta-6 or later
  2. Install Shrew Soft VPN Client
  3. Reboot.
  4. Import the .pcf file.
  5. Modify the configuration and change the PFS setting to “group 2”.
  6. Apply the configuration.
  7. Click connect.
  8. Enter your domain user and password and you will connect.

Success!!!!

Also, I exported my configuration as a Shrew Soft VPN Client export, which is a .VPN file. When I import it, I don’t have to make a configuration change like I did with the Cisco .pcf file.

Key words: cisco vpn window 7 64 bit

116 Comments

  1. […] PDF File Name: Windows 7 64 bit vpn client – shrewsoft | rhyous PDF Source: www.rhyous.com Download PDF: Windows 7 64 bit vpn client – shrewsoft | rhyous […]

  2. […] PDF File Name: Windows 7 64 bit vpn client – shrewsoft | rhyous PDF Source: www.rhyous.com Download PDF: Windows 7 64 bit vpn client – shrewsoft | rhyous […]

  3. […] Windows 7 64 bit VPN Client – ShrewSoft | Rhyous – Stay tuned for more testing…. Ok…I am back for more notes. At work we are using a Cisco VPN solution, so it turns out that when my Cisco VPN would install on a 32 …… […]

  4. […] Windows 7 64 bit VPN Client – ShrewSoft | Rhyous – Ok, so I couldn’t get Cisco’s VPN client to work for Windows 7 64 bit. So I went in search of another VPN solution that would be more compatible…. […]

  5. Fantastic web site. Lots of helpful info here. I am sending
    it to several pals ans also sharing in delicious. And naturally, thank you for
    your sweat!

  6. homepage says:

    When you purchase services or goods online with Paypal, and the vendor steals your cash or sends you merchandise or software that does not meet your demands,
    then you can obtain your money back through Paypal in less than 24 hours.
    It makes sense to be cautious and take your time when jailbreaking so as
    to avoid any problems. As with anything popular, there are typically
    folks that make an effort to get users to install fake jailbreaking software and apps, which means you have t
    be careful nearly the apps you use for jailbreaking and be
    careful on the subject of the free apps you decide to download as
    well as install found on your iPhone.

  7. One site has a workaround to get Candy Crush on Kindle Fire HD, which requirers some side-loading of
    a third party app on the tablet. She brings years of experience as a small business consultant to helping prospective clients understand the ways in which a website may benefit them both personally and professionally.
    From there you can check ‘delete all’ to remove all unwanted e-mails.

  8. [...] Windows 7 64 bit VPN kliense. Ezzel viszont az volt a baj, hogy körülményes a beállítása és az eddigi próbálkozások sorra kudarcba fulladtak. De sikerült felkutatni a megoldást. Nem részletezném túlzottan, aki VPN klienst használ, [...]

  9. sunbysizpvt, Green coffee bean extract, xesnyBb, [url=http://samsunum.org/]Wholesale green coffee beans brazil[/url], fqJJctz, http://samsunum.org/ Green Coffee Bean, eMUtIJX.

  10. vincent mitchell says:

    I use version 2.1.7 and it works great with 1 exceprion. It locks out everyone from web access when I turn it on and then keeps the lockout when I release it from a wireless connection. Any clues would be helpful. I'm not entirely sure it not a router settings. I'm using wireless from a Verizon fios router. I don't think the same symptoms happen from wired connections.

  11. Val says:

    Yes, works for Windows 2008. very impressed. Just changed to group 2. No Cisco VPN clients working at the mo. this is so awesome

  12. Raph says:

    worked for me on windows 8. thanks you so much!

  13. Ara says:

    Have you ever considered writing an e-book or guest authoring
    on other blogs? I have a blog centered on the
    same ideas you discuss and would really like to have you share some stories/information.
    I know my subscribers would value your work. If you are
    even remotely interested, feel free to shoot me an e-mail.

  14. Jackson says:

    Hi,

    Im getting below error, please help me to fix this.
    attached to key daemon ...
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    pre-shared key configured
    bringing up tunnel ...
    negotiation timout occurred
    tunnel disabled
    detached from key daemon ...

    Thanks,

  15. Ab says:

    Have been using the Shrewsoft client (2.1.7) for a while on Windows 7 and Vista quite reliably - though it cant hadle the PC going to sleep (you need to restart the Shrewsoft services to get it going again).

    What I've recently found is that Win-7 64-BIT with Service Pack 1 it breaks it - no traffic leaves the PC. Upgrading to the latest Beta 2.2.0 cures the issue but this release does start to fragment the VPN packets on Phase 2 so if your firewall is set to block fragmented packets it will block the VPN - the cure is to allow fragmented packets on the firewall (if you have set to block those).

  16. Greg says:

    After struggling to get passed SA failures on Phase2, I was able to display the"statitics" from the system tray icon of my Cisco VPN connection(from a another PC) and correctly modify my HMAC and Transform Algorithm settings. Previously I used the Shrew VPN Trace utility, "SA tab" to check for 2 "mature" connections. If they say LARVAL and disappear, your phase 2 settings are wrong.

  17. Jim says:

    I agree with tchildy. I'm running Win7 Ultimate x64 (on a Macbook Pro using Boot Camp, no less) and with the 2.1.7 stable release it would work on wired connections but not wireless no matter what I changed, but the 2.2.0 beta release "just worked" with wireless, no problems at all.

  18. Grant says:

    Thank-you! I too only got to the tunnel enabled point... the phase 2 connection setting change did the trick for me!

  19. Andy says:

    Good Info here. I use Shrewsoft and it connects and seems to work fine. However the network connection on shows 10Mbps. How can I get it faster?

  20. joe says:

    Thanks tchildy! I got stuck at the same point: Shrewsoft VPN Client works like a charm to connect to our IPCop VPN-Gateway using IPSec from 32Bit Windows machines. But on Windows 7 / 64Bit it would only use the wired but not the wireless adapter. So I installed the latest beta which is 2.2.0-beta-2 right now. But for me now nothing works anymore. When connecting, Shrewsoft Client is not accepting the password that is needed to decrypt the PFCS12 Certificates. Any ideas?

  21. tchildy says:

    This site was very helpful, but http://www.shrew.net had the answer.
    My Problem: The Shrewsoft VPN client worked great for me on Win7 64bit when wired. When wireless it did not work. I tried the suggestion at the top of changing Group 2 (didn't help).
    Prem said "Disable "Microsoft Virtual WiFi Miniport Adapter". I couldn't find that adapter.

    Then I found the Shrew.net article at their support site. The wireless issue was a known problem with 2.1.7 at Prem said and he had the fix. Client 2.2.0 fixes this. 2.2.0 wasn't gold code yet, but I installed 2.2.0 beta 2 and everything is working for me...wired and wireless. Thanks guys for your help. I will be 'donating' to Shrew.net.

  22. Great man, I was already having an endless arguing with our Customers in mind to have them change their VPN policies, but changing the setting as described worked like a charm for me!

  23. Raj says:

    I have tried to import a .pcf file and i m trying to connect. The tunnel is enabled but established = 0. The trace utility shows the below error. Please help

    11/04/16 16:04:12 !! : peer violates RFC, transform number mismatch ( 1 != 13 )
    11/04/16 16:04:12 !! : invalid private netmask, defaulting to class c

  24. Lex says:

    It worked for me - note: I only had to update the ShrewSoft's VPN client - so *no* change in settings! Many thanks!

  25. Rajan says:

    Thanks, you saved my day, worked perfectly without any tweaking.

  26. Jay Tosan says:

    Fresh install of Windows 7 64 bit. I can connect using Shrewsoft Access Manager 2.1.7, but cannot do anything with the client site. I tried remote desktop to a server and it does not seem to find it. I tried pinging the server while connected on VPN with no luck. It is as though I can connect, but that's it. I don't have remote desktop capabilities and cannot ping machines with IP addresses since maybe the VPN DNS doesn't contain the server names. Worked fine until Windows 7 came into play. Arrgh! Any sssistance would be greatly appreciated.

    Thanks.
    J. T.

  27. tantmeux says:

    my friend can you help me how to set-up this shrewsoft?i don't know where to get this .pcf file and i also don't know what .pcf is.can you pls help me with this.i live here in saudi arabia and most of the sites are block.pls email me if you have something that can help me..thanks is advance..(tantmeux@yahoo.com)

    • rhyous says:

      You don't need a PCF file. A PCF file is a configuration file for a Cisco VPN client. If you already had a Cisco VPN client working on XP, you can export the PCF and ShrewSoft can use it to get the configuration needed.

      If you don't have a PCF file, and your VPN admin cannot get you one, then you need to talk to your VPN administrator to get the settings needed. If you cannot talk to your VPN administrator, then you are left guessing.

  28. Jeeva says:

    I got 2.1.7-stable release and installed on a brand new win7 64 bit professional. When I rebooted it, it shuts down my intel wi-fi connection. However my wireless connection was still available and I am able to browse without any issue.

    Started the access manager (vpn client), imported my cisco profile and hit connect. Surprise, it connected without any issue. (I was hoping to see atlease one issue, but it surprised me.)

    The cool thing is, it connected with the Cisco RSA VPN gateway with my softtoken with out any issue. (The IBM fingerprint access manager saved this authentication in its profile as well).

    Now, I can get to my office system much faster than XPMode based cisco vpn client.

    My only other question is, 'How to make the shrewsoft client as a windows taskbar icon like cisco client does?' I think, I should read the shrewsoft faq to figure this out.

    Thanks

  29. IPSeccer says:

    Using V2.1.7 and importing Cisco PCF works fine for me.
    Under Win7 x64 cable Connection is ok, but via WLAN cant create tunnel.
    Any suggestions?

  30. Duke says:

    Check that the ShrewSoft IPSEC Daemon Service is started.

  31. Joelene says:

    I came across a link to your site from Toms hardware I believe it was. I was looking into VPN's. However I'm a complete noob at least with this software in particular.. and it seems like all others are not free. I am running windows 7 64bit.. so I figure the best person to ask might be you since you got this working. Now don't laugh... Once you install ShrewSoft’s VPN Client ... what do you do?
    Okay I realize there are installed components, access manager and the trace component. I was trying to play around with the manager and was baffled as to what I use as a host or IP... I'm assuming you have something like a proxy server it connects to? This is something you need to obtain (how? where? uhhh...)... or does this software create a list for you? Well, none the less I didn't get it working but I was very curious if it is possible. I am just a home user, so this isn't business related. I haven't really played with software like this enough to know what I am doing or what I need before using it may be useful. Any thoughts or help would be appreciated. 🙂 Maybe is a home user dummy's guide.

    P.S. I used to be fairly competent at one point.. at least managed to run red hat Linux back when I was 12 and how I have no freaking clue about anything these days.. go figure.

  32. DABS says:

    Hello

    i am using the version Version 2.1.6 i made the change that you recomend in PFS exchange --> phase2 but i receive the follow error i am using Windows 7 Home premium 64 bits

    config loaded for site 'australia-sydney-nsnvpn1.pcf'
    configuring client settings ...
    attached to key daemon ...
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    local id configured
    pre-shared key configured
    bringing up tunnel ...
    network device configured
    tunnel enabled
    session terminated by gateway
    tunnel disabled
    detached from key daemon ...

    thanks a lot for your help

  33. Martin says:

    i have installed 2.1.5 , imported my pcf and can connect to my work but I can't browse my network anyone else have this occurred?

  34. Liz says:

    running windows 7 64-bit. Downloaded 2.1.5, imported pcf file used with my cisco vpn client... others at work connecting thru the same vpn gateway have been able to successfully connect with no changes to their pcf options. However, i get connected and then get the "session terminated by gateway tunnel disabled detached from key daemon" message. tried changing the phase 2 PFS exchange to "group 2" as suggested in other posts, but session still terminated. downloaded the 2.1.6 beta version as some have said corrected the problem, but got same result. any other suggestions? does it make sense that co-workers are able to use their cisco pcf file which is identical to mine and have success?

  35. Jeff says:

    sorry...i'm using 2.1.6 beta 8

  36. Jeff says:

    Downloaded 2.1.5 beta 8, followed the steps, but it wouldn't get past the "session terminated by gateway" error. After seeing that some had success with disabling the "Phase 2" PFS setting, that also worked for me. I was able to stay connected and map network drives. My only issue now is that I cannot connect to a secured remote desktop through this VPN connection. I work for a Hospital and our software is through an ASP which is locked down to allow only connections from certain IP addresses. I've never had issues before when I used to connect from a 32 bit system with Cisco's VPN client. Anyone have any suggestions?

    Thanks

  37. Kevin says:

    Default settings (auto for PFS) works for me. Thanks.

  38. Johnny says:

    Thanks a lot! You saved me a lot of time and frustration. In case anyone is interested I got mine working by changing the PFS setting to “disabled″

  39. Dan says:

    Thanks, the PFS Exchange setting fixed this for me as well!

  40. Parag says:

    OS: Windows Server 2008 R2 64 bit.
    I had the 2.1.5 release build and it worked fine until I tried it with a RSA soft token. Found this article and tried the 2.1.6-beta-8 stable dev build, based on some comments above. Voila! Thank you all!

  41. Gabi Voicu says:

    I have downloaded version 2.1.5 of Srewsoft VPN client and trying to coonect from home - win XP to work where recentlu updated my pc to win 7 64-bit. I have used before Cisco client that i have uninstalled now. I'm getting this error message
    .....
    local id configured
    pre-shared key configured
    bringing up tunnel...
    gateway is not responding
    tunnel disabled
    detached from key daemon
    .............

  42. deepak says:

    how to enable group authentication here ?
    i am using nortel and in my win 7 its not working.
    Can u please guide me what all settings i need to do.

  43. brightsea2001 says:

    My group is Group A and my log says the same to other cases:

    session terminated by gateway
    tunnel disabled
    detached from key daemon …

    I've changed all group in phase 2.
    Many thanks for your kind help, guys.

  44. Fed says:

    I have tried multiple previous versions as well as the latest 2.1.6-beta-7 version and I still get a timeout. I also fiddled with PFS Exchange, but no success. I am on a local WiFi and I am able to connect to my VPN, I get a welcome message, but after 3-5 seconds I get disconnected with the following messages:
    session terminated by gateway
    tunnel disabled
    detached from key daemon ...
    Any help would be highly appreciated, please.

  45. esther says:

    47.I have installed the 2.1.7 beta 7 but connecting through wireless (internet works, vpn doesn’t) doesn’t work i still get a timeout. When i use my wired network i have no problem. Any suggestions?

  46. esther says:

    I have installed the 2.1.7 beta 7 but connecting through wireless (internet works, vpn doesn't) doesn't work i still get a timeout. When i use my wired network i have no problem. Any suggestions?

  47. Stephan says:

    I have a windows 7 64 bit just tried 2.1.6 beta 7 and still get blue screen on instal and first attempt to uninstall. I have admin privileges. Get message on uninstall "interface pointer to vfh possible cause incrrect function" and "correspond inf file in the drive store could not be found" Any ideas?

  48. kk says:

    Cisco IPSec VPN Client - 5.0.7 BETA - Win7 64-bit support

    Start64!Cisco has a beta version of the IPSec VPN Client out, version 5.0.7 BETA (vpnclient-winx64-msi-5.0.07.0240-k9-BETA.exe) available for download. It appears they got the message about the need for a 64-bit version of the IPSec client for Windows 7! It is available for download on CCO but requires a valid CCO login and current contract to get the code.

    Thanks to www.start64.com -- http://www.start64.com/index.php?option=com_content&task=view&id=4320&Itemid=55

  49. Chris says:

    The Group2 change worked for me as well. Thanks for putting in the effort and publishing.

    I have to throw the shrew guys a few bucks as well.

  50. Carlos says:

    Great work! Thank you for your time in putting this together. I imported the pcf file and it worked straight away.

    Cheers,

    Carlos

  51. ieinadex says:

    I'm running Windows 7 Enterprise x64. I just wanted to let everyone know that I had the same problems as rhyous. I also downloaded 2.1.6-beta-7. I tried my connection again and it connected without the "session terminated by gateway" message. However, I could not ping any of the servers on the network. I changed "Phase 2 - PFS Exchange" option to "Disabled" and everything is working perfectly now. This is the only alternative (in my opinion) to the cisco client for Windows 7 x64.

  52. Shahzad Ansari says:

    Hi Rhyous:

    I was fowarded a link to your site this morning. I had given up on vpn on x64 from my vista x64 days (because of cisco nsane decision of not continuing to support the product on x64) and currently use a Sun Virtualbox vm running cisco VPN Client and share its connection with the Windows 7 x64 Ultimate.

    At first I followed your directions with the beta7 build and they didn't work for me (everything installed fine but couldn't connect). My company uses group authentication setting in the client so after I changed the Authentication as follows:

    . Modify the *.pcf with the following settings:
    - change Authentication - Authentication Method to Mutual PSK

    After that I was able to successfully connect 🙂 haven't tested it thoroghly but it seems to be working so far.

    Thought I would share this with anyone else having the same problem.

  53. Sigg3 says:

    Cheers for the tutorial. I'll be testing this at my work for our 64-bit clients..

    • rhyous says:

      Just thought I would mention that ShrewSoft is now on our official W7 64 bit corporate image in my company. We feel it is enterprise quality and enterprise stable. We had two issues and both have been resolved by mailing to developers mailing list and reporting the issues. The fixes were made in as timely a manner as if we had paid for support.
      http://www.shrewsoft.com/support

  54. rhyous says:

    Here is the contents of a response from one of the Developers to an email I sent to ShrewSoft's mailing list:

    ...
    All,

    I just posted 2.1.6 beta 6 on the download page. While investigating the suspend resume problems, I noticed some other issues that are now
    corrected. This includes a bug that prevented the daemons from handling
    device handle error conditions gracefully. In particular, when the
    filter driver unloaded, device handles were not being closed correctly.
    This prevented the drivers from unloading unless you closed all apps and services manually. Even worse, the ike daemon would enter a high
    utilization loop consuming 100% CPU and never re-open its handle. These
    issues have now been resolved.

    The other notable change was for the filter drivers to avoid problems
    related to the Transparent DNS Proxy Daemon. The Shrew Soft client can
    now be installed on the host computer along with VMWare or VirtualBox,
    and no longer interferes with guest VM's DNS traffic. This should make
    quite a few people happy since its a very commonly reported issue.
    ....

    Thanks again to the ShrewSoft developers for a timely resolution to the VMWare issue listed here:
    http://rhyous.com/2010/02/01/shrewsoft-vpn-proxy-services-blocks-dns-requests-for-vmware-workstation-guests/

  55. Minh says:

    Thanks a lot for your help,
    I could connect to customer vpn with version 2.1.6 beta 4

    Best regards from Vietnam
    Minh

  56. Spener says:

    has anyone found a solution for no internet after reboot? windows 7, 32 bit and i have tested 2.1.5 and 2.1.6 beta 4. i can only connect to internet after rebot by turning off the Shrew Soft Lightweight filter in wireless connection properties.
    this is the same issue i believe as post 15.
    i really need to get a vpn client to work with 7 and this is the closest one i have found other than this little wireless glitch

  57. Sascha says:

    Thanks a lot!!! I had ShrewSoft installed on my PC before, but just couldn't get it going; switching to "group 2" also solved my problem!

    Best regards from Germany,

    Sascha

  58. Jasper says:

    You just saved my day - thx.

  59. DrBoo says:

    Hi all,

    I have just got Shrew Soft to work with my windows 7 64-bit system (professional) on a Asus Notebook UL20A and thought I'd comment as it seens like many others are having similar problems to me. (Please note I'm working at the limits of my IT knowledge here and may not describe everything correctly, feel free to ask more questions.)

    I got the Shrew Soft v 2.1.5 from my workplace as they use Cisco normally but this doesn't support windows 64 bit. (Apparently, in a workplace of thousands, no-one has yet used 64 bit !!! but the incompetence of our IT support for another day). Installation ran smoothly, I imported the Cisco .pcf file ok. Although I could apparently connect to the VPN system, it would drop out quickly afterwards, also I couldn't map my workplace network drives (I was running a separate logon script for this).

    At work, using my laptop to connect to the wireless network there, then connecting to VPN with Shrew Soft and running the logon script worked, although i noticed it dropped out quickly.

    I use internet wirelessly at home (DLink router) and as I could make VPN work at my workplace, I thought my home internet setup was the problem. But I had Cisco VPN running on an older laptop with windows XP (32 bit) and VPN worked perfectly, with the same internet setup (and same internet security program).

    After much tinkering (turned off internet security, windows firewall already off, opening ports on the router, changing PFS setting to 'group 2' as rhyous did above) still no luck making the Shrew Soft /logon script thing work.

    But I just downloaded and installed the latest beta Shrew Soft version (2.1.6 beta 4) and works perfectly. 15 min later I am still connected.

    I don't understand the difference between the versions but it works, and this has made my day!

    Thanks all on this page for your suggestions, it has made me persevere and now it works!

  60. Satheesh says:

    Hi everyone, I am using windows 7 64 bit Home Premium. I installed 2.1.5-release, rebooted the system and imported the .pcf file (this file was found in a directory where I tried to install cisco vpn client but ended without success). But while importing it says that the configuration uses RSA authentication method and so I need to add a certificate manually to complete the configuration. Where can I get the security certificate for this ????

  61. Angela says:

    Thank you Dr Dred for your comment. I was also not successful with any of the suggestions. Tried 2.1.6-beta-4 after reading your comment and it just worked after importing my pcf file - no tweaking of settings required.

    • Mauro says:

      Thank you for the guide. Quick question thguoh, currently i have setup RRAS on server 2008 R2 and have configured a policy to allow domain users. People are able to vpn in over PPTP just fine. Will i be able to use this guide to have a secure vpn? The goal is to get off of pptp becaue its unsecure. Will this guide work for me as a secure vpn alternative?thank you for your time,Saif

  62. Dr.Dred says:

    On Windows 7 64-bit, I had the same issue but Phase 2 settings did not fix it. 2.1.6-beta-4 client did! Left all Phase 2 settings as defaults and it worked without any immediate disconnect.

    Thank you for a great product and continually improving it.

  63. Adam says:

    For the "Session terminated by gateway" issue, try setting PFS Exchange in phase2 settings to disabled. Worked for my after trying many different things. I got the clue from here...http://lists.shrew.net/pipermail/vpn-help/2009-August/002138.html

  64. rhyous says:

    I found an incompatibility with VMWare Workstation Guests that you all should know about:
    http://rhyous.com/2010/02/01/shrewsoft-vpn-proxy-services-blocks-dns-requests-for-vmware-workstation-guests/

    There is a simple fix/workaround so no worries. I haven't really tested what happens when using VPN with the solution applied but time will tell.

  65. haidongl says:

    I’m using the beta 2.1.6-beta-3, and import profile, did not change anything, it works! I will spned need more time to test the liability.
    Thanks a lot , it save my 64bit win7, otherwise I will continue use windows xp because VPN.

  66. ColJay says:

    Great Post. Helped me a lot. I had the same wireless issue, but using 2.1.6 Beta 3 and i can connect. all works seamlessly with the pcf file.

    Thanks for the post. You are a life-saver (or should that be maker-easier 😉 )

    Col

  67. Troy says:

    I did the steps provided on this site. I even tried all other steps taken by other users. Still, I can't get passed this error:
    config loaded for site 'AT&T Home VPN Fairfield CA.pcf'
    configuring client settings ...
    attached to key daemon ...
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    local id configured
    pre-shared key configured
    bringing up tunnel ...
    network device configured
    tunnel enabled
    session terminated by gateway
    tunnel disabled
    detached from key daemon ...

  68. Steve says:

    I'm using the beta 2.1.6-beta-3 but I'm still getting the "session terminated by gateway" error...

    I have no experience in this area and was wondering what I should try and if anyone can assist me?

    Thanks in advance

  69. mumu says:

    On Win7 x64 under 2.1.5 release, Shrew has connected to the majority of my PCF files I was utilizing.

    However, connections to Cisco's VPN (the company itself, which I assume uses their own top-of-the-line VPN gateway products) was failing after initial successful connection. I was immediately getting "session terminated by gateway" as detailed here. The timing pointed to a Phase2 issue but switching the Phase2 PFS setting did nothing.

    Upgraded to 2.1.6-beta-3 release, and switched off Client | Enable Dead Peer Detection, and it is now is connecting fine.

  70. Swifters says:

    Great! The Cisco client doesn't work in Win7 for some unknown reasons and using this client and importing the .pcf file solved the problem perfectly.

  71. For those who are still having issues connecting to Cisco VPN gateways, you may find this post helpful. However, please use the 2.1.6 beta 3 release as it contains a fix for a bug that crept into the beta 2 release.

    http://lists.shrew.net/pipermail/vpn-help/2009-December/002572.html

  72. Thankful User says:

    Thanks a lot! This was an incredibly helpful post, just wish it was the top google result for related queries. Way to stick it to Cisco for not providing it's customers with more options/better support! Great job!

  73. Michel says:

    Thx alot,
    you can also import the Cisco *.pcf files - and it works perfectly.
    Cheers

  74. selva says:

    Hi,

    Im getting below error, please help me to fix this.
    attached to key daemon ...
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    pre-shared key configured
    bringing up tunnel ...
    negotiation timout occurred
    tunnel disabled
    detached from key daemon ...

    Thanks,
    Selva

  75. Kamalraj says:

    Hey this worked for me on my version of windows 7 (64 bit) OS without much effort. The latest release 2.1.5-release on 5th Dec 09 has the PFS setting also in place, all I did was install, reboot, import pcf and connect. Thanks a ton since My Cisco client wasn't working either.

    • rhyous says:

      Thanks, I just made a post about the new release...

    • Satheesh says:

      Hi everyone, I am using windows 7 64 bit Home Premium. I installed 2.1.5-release and imported .pcf file (this file was found in a directory where I tried to install cisco vpn client but ended without success). But while importing it says that the configuration uses RSA authentication method and so I need to add a certificate manually to complete the configuration. Where can I get the certificate for this ????

  76. Jeff says:

    Any way to make it remember my login/password the way the cisco client does?

  77. phu.tang says:

    I happen to wireless connection (it work flawlessly with cable connection). While I turn off "ShrewSoft DNS Proxy Daemon" service, I can browser web but can't connect VPN.
    This is a bug with wireless connection.

    • MikeP says:

      phu.tang - I have the same problem, wired connection it works perfectly, but on my laptop it will work until I reboot... then no web browsing until i stop dnsproxy and no vpn connections...

      (Win7 64bit)

    • Karsten says:

      Same with me... maybe a driver issue ?

    • CharlesB says:

      Same issue here. I had the same thought ad you phu.tang. Try to turn off the DNS proxy service but I do not see any ShrewSoft DNS Proxy Daemon in myservices.msc though :/
      how did you turn off the service ?

      • rhyous says:

        I don't know what myservices.msc shows (maybe you are just missing a space) but services.msc shows me a list of services for ShrewSoft and the first one is the one. The services I show are these:

        ShrewSoft DNS Proxy Daemon
        ShrewSoft IKE Daemon
        ShrewSoft IPSEC Daemon

    • Prem says:

      I had the same issues with WIN7 64 bit, VPN used to work on wireless, but not anymore.

      First disabling the "Shrew soft dns proxy daemon" allowed my wireless connection to see internet and the following fixed the VPN via wireless internet:

      go to control panel/network and internet/network connections

      Disable "Microsoft Virtual WiFi Miniport Adapter" in the list of and you will be able to connect VPN via wirelss. I think this was automatically installed by Microsoft update process recently when my VPN via wireless stopped working.

      Hopefully this fixes your problem as well 🙂

  78. hikaricm says:

    You're the best!! It works flawlessly

  79. phu.tang says:

    I don't have this problem, but after install (v2.1.5-rc-5) and reboot laptop (window 7 64 bit), I can connect to network but i can't browser any website. I seem be DNS problem, anyone have the same this issue with me.

  80. [...] The original blog post on which this guide was based (and what made it work for me) Share this post! [...]

  81. Brent says:

    Anyone else getting BSODs when trying to install 2.1.5-rc4 on a fresh Win7 x64 installation?

    I've tried 3 times using native and compatibility settings and it always crashes when it tries to install the networking drivers.

    Suggestions?

  82. Jeff says:

    Thanks- this was a great find! I only discovered after installing 64 bit Windows 7 that the Cisco VPN was incompatible (and the built-in VPN client didn't work). This solved the problem in no time! And to think I was considering reinstalling with Win7 32 bit!

  83. Peter says:

    Hey THX a lot,
    i was searching for this issue too. After lots of search i considered to use the integrated VPC with WINXP (which worked as well) to connect with my company.
    But your rocking information to change to Group2 worked for me great. Now i'm armed with VPN XXL 😉

  84. x says:

    works on windows 7 64bit to our university network. thanks for the useful post 🙂

  85. Michael says:

    I tried Group 2 but I can still only authenticate but do not have the ability to ping. Checking ipconfig it shows I have no gateway, however the odd thing is the cisco vpn 32bit on xp also shows no gateway. So this may be no indication of where the problem actually resides.

  86. rhyous says:

    Erek,

    Sorry you had troubles. I have dozens of people at work using this and a thousands of people have hit this post and that is the first bad report. I wonder if there is something specific to your workstation, like a conflicting software or something. You may want to go to the developers site and maybe there is a way you can send them your details and blue screen info.

  87. Erek says:

    The problem with the latest version of shrewsoft was that while it didn't bluescreen during install, it caused my computer to bluescreen periodically afterwards.

  88. Karsten says:

    Thank you very much, worked for me, without changing to Group2... You rock my world! 😉

  89. Jason says:

    Awesome, I had the same error, this worked for me!

    Many thanks.

  90. Doug says:

    Thanks for the info! Worked for me with the defaults (no need to change the PFS default).

  91. Chris says:

    Thank you. Changing to Group2 fixed the problem for me too.

Leave a Reply

How to post code in comments?