IMPORTANT
Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Appendices
Shortcuts
Connection Panel
Esc |
Closes the window. |
Ctrl+Enter |
Opens the Configuration Panel (main interface). |
Arrow keys |
The Up and Down arrow keys are used to select a VPN connection. |
Ctrl+O |
Opens the selected VPN connection. |
Ctrl+W |
Closes the selected VPN connection. |
Configuration Panel tree
F2 |
Used to edit the name of the selected. |
Del |
Deletes a selected phase, following confirmation by the user. If the actual configuration is selected (root of the tree), the software asks whether a full reset of the configuration should be performed. |
Ctrl+O |
Opens the corresponding VPN tunnel if a Child SA is selected. |
Ctrl+W |
Closes the corresponding VPN tunnel if a Child SA is selected. |
Ctrl+C |
Copies the selected phase to the clipboard. |
Ctrl+V |
Pastes (adds) the phase that has previously been copied to the clipboard. |
Ctrl+N |
If the VPN configuration is selected, creates a new IKE Auth. If an IKE Auth is selected, creates a Child SA. |
Ctrl+S |
Saves the VPN configuration. |
Configuration Panel
Ctrl+Enter |
Switches to the Connection Panel. |
Ctrl+D |
Opens the Console window with VPN traces. |
Ctrl+Alt+R |
Restarts the IKE service. |
Ctrl+Alt+T |
Enables trace mode (log generation). |
Ctrl+S |
Saves the VPN configuration. |
Administrator logs
ID Log define |
ID Log value |
Severity |
Log string |
---|---|---|---|
LOGID_STARTERINIT |
1001 |
Notice |
Starter service is started. |
LOGID_VPNCONFSTARTING |
2001 |
Notice |
GUI is starting. |
LOGID_VPNCONFSTOPPED |
2002 |
Notice |
GUI has closed. |
LOGID_TGBIKESTARTED |
3001 |
Notice |
IKE has started (status %d). |
LOGID_TGBIKESTOPPED |
3002 |
Notice |
IKE has stopped. |
LOGID_TUNNELOPEN |
3004 |
Info |
Tunnel %s is asked to open. |
LOGID_VPNCONFCRASHED |
2003 |
Notice |
GUI crashed (state %d). |
LOGID_TGBIKECRASHED |
3003 |
Notice |
IKE crashed (state %d). |
LOGID_STARTERSTOP |
1002 |
Notice |
Starter service is stopped. |
LOGID_RESETIKE |
2007 |
Warning |
IKE is asked to reset. |
LOGID_VPNCONFSTARTED |
2008 |
Notice |
GUI has started from user %s. |
LOGID_VPNCONFSTOPPING |
2009 |
Notice |
GUI is stopping from user %s. |
LOGID_VPNCONFLOADERROR |
2010 |
Error |
Configuration couldn’t load (reason: %s). |
LOGID_VPNCONFOPENTUNNEL |
2011 |
Info |
GUI opens tunnel (source: %s). |
LOGID_VPNCONFCLOSETUNNEL |
2012 |
Info |
GUI closes tunnel (source: %s). |
LOGID_VPNCONFSAVE |
2013 |
Notice |
New configuration is saved. |
LOGID_VPNCONFIMPORT |
2014 |
Info |
%s has been imported. |
LOGID_VPNCONFIMPORTERR |
2015 |
Error |
%s could not be imported (status %d). |
LOGID_VPNCONFEXPORT |
2016 |
Info |
%s has been exported. |
LOGID_TOKENINSERT |
2017 |
Info |
Token %s has been inserted. |
LOGID_TOKENEXTRACT |
2018 |
Info |
Token %s has been extracted. |
LOGID_USBINSERT |
2019 |
Info |
USB Key has been inserted. |
LOGID_USBEXTRACT |
2020 |
Info |
USB Key has been extracted. |
LOGID_INSTALLATION |
2021 |
Info |
VPN running for the 1st time. |
LOGID_UPDATE |
2022 |
Info |
VPN software has been updated to version %s. |
LOGID_VERSION |
2023 |
Info |
VPN Version is %s. |
LOGID_GINASTARTED |
4001 |
Notice |
GINA has started. |
LOGID_GINASTOPPING |
4002 |
Notice |
GINA is stopping. |
LOGID_GINAOPENTUNNEL |
4003 |
Info |
GINA opens tunnel (source: %s). |
LOGID_GINACLOSETUNNEL |
4004 |
Info |
GINA closes tunnel (source: %s). |
LOGID_TUNNELAUTH_OK |
3005 |
Info |
Tunnel authentication Ok (%s). |
LOGID_TUNNELTRAFIC_OK |
3006 |
Info |
Tunnel %s Ok |
LOGID_TUNNELAUTH_NOK |
3007 |
Error |
Tunnel authentication failed (reason %d). |
LOGID_TUNNELTRAFIC_NOK |
3008 |
Error |
Tunnel %s failed (reason %d). |
LOGID_AUTHREKEYING |
3009 |
Info |
Tunnel %s initiated rekey (source %d). |
LOGID_AUTHREKEYED |
3010 |
Info |
Tunnel %s rekeyed. |
LOGID_TUNNELREKEYING |
3011 |
Info |
Tunnel %s initiated rekey (source %d). |
LOGID_TUNNELREKEYED |
3012 |
Info |
Tunnel %s rekeyed. |
LOGID_PINCODE |
3013 |
Notice/Error |
Pin code is entered (status %d). |
LOGID_DRIVERNOK |
3014 |
Critical |
Driver could not be loaded (status %d). |
LOGID_IKEEXT_STOP |
1003 |
Warning |
IKEEXT service is stopped. |
LOGID_IKEEXT_RESTART |
1004 |
Notice |
IKEEXT service is restarted. |
LOGID_IKEEXT_ERROR |
1005 |
Critical |
IKEEXT could not be stopped (status %d). |
SYSTEMLOGID_VIRTIFOK |
3015 |
Info |
Virtual interface created successfully (instance %d). |
SYSTEMLOGID_VIRTIFNOK |
3016 |
Error |
Virtual interface could not be created (error %d). |
LOGID_TUNNELCLOSED |
3017 |
Notice |
%s tunnel successfully closed (%d min). |
LOGID_TUNNELCLOSED_ERR |
3018 |
Error |
%s tunnel closed unexpectedly (%d). |
LOGID_CERTERROR |
3019 |
Error |
Error %d when handling certificate %s. |
TrustedConnect Panel diagnostics
The TrustedConnect Panel informs the user of any issues that may have occurred while establishing the VPN connection by displaying an error code.
These error codes, their diagnosis and possible solutions are detailed below. This list allows administrators to find possible answers to any issues that users may encounter and report.
Code |
Diagnosis |
Solution |
---|---|---|
0 |
VPN configuration issue VPN connection not found in configuration |
|
1 |
Issue with a certificate The VPN configuration uses a certificate whose private key cannot be found. |
|
3 |
Configuration issue The message No proposal chosen has been received during an IKE exchange: the cryptographic algorithm suite configured for the IKE_SA_INIT sequence does not match the one configured on the gateway. |
|
4 |
Configuration issue The message “No proposal chosen” has been received during an IKE exchange: the cryptographic algorithm suite of the ESP protocol does not match the one configured on the gateway. |
|
5 |
Cannot access gateway The gateway address (“Remote Router Address”) specified in the VPN configuration is not reachable. If it is an IP address, it cannot be found or cannot be reached. If it is a DNS address it may be inaccessible, indefinite, or cannot be resolved. |
|
6 |
Configuration issue The message Remote ID other than expected has been received. This means that the value of the Remote ID does not match the value expected by the remote VPN gateway. |
|
7 |
Gateway certificate Checking the certificate chain of the certificate received from the VPN gateway is enabled. The gateway certificate chain could not be validated. |
|
9 |
No response from gateway The VPN Client has abandoned the connection, most often after several connection attempts. |
|
10 |
Authentication issue The gateway has declined the user’s authentication credentials. |
|
13 |
Configuration issue An error occurred while establishing the VPN connection. Establishing the VPN connection has been abandoned. |
|
14 |
Network configuration An error occurred while creating the virtual interface used for the VPN connection. |
|
15 |
Network configuration The virtual IP address assigned during the VPN connection already exists on one of the workstation’s interfaces. |
|
16 |
Network configuration An error occurred while creating the virtual interface used for the VPN connection. |
|
24 |
Configuration issue The gateway did not accept the cryptographic algorithm suite provided by the VPN Client. |
|
25 |
Configuration issue The gateway did not accept the remote network configured in the VPN Client or the virtual IP address provided by the VPN Client. |
|
26 |
Configuration issue The VPN client provides its own traffic selectors, while the gateway is configured to provide them. |
|
27 |
Gateway error The gateway reported an error not supported by the VPN Client. |
|
28 |
Login/password error The gateway has rejected the EAP authentication while establishing the VPN connection. |
|
30 |
Smart card or token error Cannot access the certificate stored the on the smart card or token. |
|
31 |
Captive portal authentication timeout expired No session has been opened on the captive portal. The workstation therefore has no internet connectivity. |
|
100 |
Cannot load the VPN configuration No VPN connection has been found in the configuration file. |
|
101 |
GINA configuration error A tunnel is active before logon, but has not been configured to be used by the TrustedConnect Panel. |
|
102 |
IKE initialization error An error occurred while initializing the IKE daemon. |
|
103 |
DNS error A DNS name could not be resolved in the set of rules for the filtering mode. |
|
200 |
Software activation The software is not activated and the trial period has expired. |
|
Technical characteristics of SN VPN Client Exclusive
General
Windows version |
Windows 11 64-bit |
Languages |
Arabic, Chinese (simplified), Czech, Danish, Dutch, English, Farsi, Finnish, French, German, Greek, Hindi, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, Thai, Turkish |
Operating mode
Invisible mode |
Automatically open tunnel when traffic is detected Control access to VPN configurations Hide part or all the interfaces |
USB mode |
No more VPN configurations stored on the workstation Open tunnel when a USB drive configured for VPN is inserted Automatically close tunnel when a USB drive configured for VPN is removed |
Gina |
Open a tunnel before Windows logon using: GINA/Credential providers on Windows 10 |
Scripts |
Run configurable scripts when opening or closing a VPN tunnel |
Remote Desktop Sharing |
Open a remote computer with a single click via RDP and VPN tunnel |
TrustedConnect Panel |
Automatically open tunnel with Always-On and trusted network detection (TND) |
Connection/Tunnel
Connection mode |
Peer-to-gateway |
Networks |
IPv4 and IPv6 |
Protocols |
IPsec/IKEv2 SSL/OpenVPN |
Tunneling modes |
Main mode and Aggressive mode |
Mode Config/Mode CP |
Automatically retrieve network parameters from VPN gateway |
Cryptography
Encryption, Key group, Hash (IKEv2) |
Symmetric: AES CBC/CTR/GCM 128/192/256 bits Diffie-Hellman: DH14 (MODP 2048), DH15 (MODP 3072), DH16 (MODP 4096), DH17 (MODP 6144), DH18 (MODP 8192), DH19 (ECP 256), DH20 (ECP 384), DH21 (ECP 521), DH 28 (BrainpoolP256r1) Hash: SHA-256, SHA-384, SHA-512 |
TLS security suites (OpenVPN) |
TLS 1.2—Medium TLS 1.2—High TLS 1.3:
|
Encryption, Hash (OpenVPN) |
Symmetric: AES-128-CBC, AES-192-CBC and AES-256-CBC Hash: SHA-224, SHA-256, SHA-384 and SHA-512 |
User authentication |
Administrator: Protect access to the VPN configurations User:
|
Certificate authentication |
|
PKI |
|
Miscellaneous
NAT/NAT-Traversal |
NAT-Traversal Draft 1 (enhanced), Draft 2, Draft 3 and RFC 3947, IP address emulation, includes support for: NAT_OA, NAT keepalive, NAT-T aggressive mode, NAT-T in forced, automatic or disabled mode |
DPD |
RFC3706. Detection of inactive IKE endpoints. |
Redundant gateway |
Redundant gateway management, automatically selected when DPD is triggered (inactive gateway) |
Administration
Deployment |
Silent installation using Microsoft Installer (MSI) |
VPN configuration management |
Import and export options for VPN configurations Secure import/export using passwords, encryption, and integrity control |
Automation |
Ability to open, close, and monitor a tunnel using command lines (batch and scripts) Ability to start and quit the software using batches |
Logs and traces |
IKE/IPsec and SSL/OpenVPN log console and trace mode can be enabled Administrator logs: local file, Windows Event Log, syslog server |
Upgrades |
Check for available updates from within the software |
License and activation |
Licenses available on a subscription basis, manual/automatic/silent activation |