Stormshield Network VPN Client 6.40 build 004

Features, improvements and fixes since release 6.30

Features

  • New design for the Connection Panel. This new design improves VPN Client user experience by simplifying the management of VPN connections. The New Connection Panel is fully configurable via a dedicated management window which enables to create, rename and sort VPN connections.

  • Add a verification of the gateway certificate subject (SSL).

  • Using WiFi networks sometimes requires a local authentication (via a captive portal). For users using the GINA Mode (VPN Connection before Windows logon), the VPN Client implements a new browsing window which allows the authentication on the captive portal before opening the tunnel.

  • New "/status" command line option allows to retrieve the status of a tunnel.

  • Support of IKEv2 Fragmentation (RFC 7383).

  • Always-on: automatically re-open tunnel when DPD timeout is detected (IKEv1 & IKEv2).

  • New certificate selection criteria: It is possible to configure a pattern to be found in the certificate subject.

  • Always-on: automatically re-open tunnel when remote network is no longer accessible (IKEv1 & IKEv2).

  • "No Split DNS": Ability to force the physical DNS server address to the value of the Virtual DNS Server address. This function solves communication slowness and confidentiality problems.

  • "No Split Tunneling": Ability to disable default route on physical interface for all in tunnel configurations.

  • New "/closeall" command line option (close all tunnels).

  • New "/resetike" command line option.

  • Mode Config / Mode CP: Support of Virtual network size sent by the gateway (by default /24 when not specified).

  • Option to check the gateway certificate CRL in addition to its signature.

  • Copy / paste of IKEv2 and SSL configurations.

  • New customization of VPN Client.

Improvements

  • New parameters are backuped and restored during a software update.
  • In accordance with the development of the new Connection Panel, the system tray menu has been simplified.

  • Ability to disable the function "automatic close the tunnel on USB extraction". This option keeps the tunnel open even if the USB drive is removed from the computer.

  • Improvement when handling IKEv1 phase 1 renegotiations with Mode Config.

  • Improvement of the IKE Auth rekeying (IKEv2).

  • Enhancement of the management of IKEv2 gateway renegotiations.

  • "Reset IKE" (from console window) starts IKE daemon if it's not already started.

  • Various software startup enhancements.

  • Improvements when handling a large list of remote networks for SSL connections.

  • Various improvements of messages displayed in the console.

  • Systray icon is available after an explorer.exe restart.

  • Ability to open an IKEv2 VPN tunnel when the Mode CP is not enabled and the virtual IP address is not set.

  • Ability to uninstall the software when it is protected with a password.

  • Improvement of the function "automatic tunnel opening on token insertion", with token owning several certificates with different subjects.

  • Improvement of the IKE service stability.

  • IKEv2 CP Mode: ability to specify a smaller remote network on client side.

  • Detection traffic in Mode CP now supported with IKEv2.

  • Various improvements in the GINA Mode.

  • Improvement of the OpenVPN file importation.

  • Improvement of the IPv6 management by IKEv2.

  • Ability to open automatically a tunnel in GINA Mode.

  • The PIN Code is required each time a tunnel is opened (or re-opened), even after a tunnel opening failure.

  • Support of secondary Wins Server.

  • Enhancement of the Configuration Panel Control Access security.

  • A VPN tunnel correctly closes if the physical interface disappears. (IKEv1).

  • Warning displayed in the Console when an outdated certificate is used in an IKEv2 configuration.

  • Update German

Bug Fixing

  • Configuration Panel and Connection Panel synchronization improvement.

  • Correct management of the virtual interface MTU.

  • The Configuration Panel and the Connection Panel might appear simultaneously.

  • Correction of the font in the activation window.

  • Changing language led to address type duplication (in Child SA configuration).

  • Deleting a ChildSA among N led to the alert: "An invalid argument was encountered".

  • Support of UTF-8 character encoding for X-Auth password (requires a specific configuration).

  • X-Auth Popup: Passwords containing ";" were not properly handled.

  • A SA was closed too early when the lifetime is set in Kbytes from the Gateway.

  • Improvement of the certificate subject parsing.

  • IKEv2: When Mode CP is enabled, after tunnel is up, remote network is not properly displayed in VPNConf.

  • Support of certificates containing multiple subjectaltnames (IKEv1).

  • Wrong word on popup message.
  • Missing word "confirm" on IKE V2 settings.