SN VPN Client Standard 6.86.015

Important information

Exclusive support for Windows 11 and Windows 10 64-bit on Intel processors

This version of the SN VPN Client Standard is optimized for Windows 11 and Windows 10 64-bit and can only be installed on these Operating Systems. Version 6.64 of the SN VPN Client Standard is still available and supports Windows 10 32-bit, Windows 7 and Windows 8 (32/64-bit) on Intel processors.

Encrypted configuration files

VPN configuration files that have been encrypted using versions of the SN VPN Client Standard prior to 6.86 cannot be imported into the Configuration Panel.

During a software update, the installer will convert the existing configuration before it automatically imports the file into the Configuration Panel.

Gateway certificate check

By default, the gateway certificate will be checked each time a tunnel is opened.

It may be necessary to import the complete chain of certification authorities (CAs) to authenticate the gateway, either into the Windows Store or into the VPN configuration file. You can change this default behavior, though we do not recommend doing so (Options menu > PKI Options).

End of support for vulnerable algorithms

For security reasons, this version no longer supports the following algorithms: DES, 3DES, MD-5, SHA-1, DH 1-2, DH 5. If a previous configuration contains one of these algorithms, the installer will convert them to "auto" (automatic negotiation with the gateway).

If the gateway only supports this type of algorithm, you will not be able to establish a connection with this version of the SN VPN Client Standard.

Features, improvements, vulnerabilities, fixes since release 6.64 build 003

Features

  • New MSI installer which supports updates of previous versions, including recovery of license, VPN security policy and installation parameters,

  • Optimized for Windows 11 and Windows 10 on Intel 64-bit processors,

  • Authentication of the gateway's certificate,

  • Support for RFC 4754 - methode 9: EC-DSA on secp256r1 elliptic curve with SHA-256,

  • Support for RFC 4754 - method 10: EC-DSA on secp384r1 elliptic curve with SHA-384,

  • Support for RFC 4754 - method 11: EC-DSA on secp521r1 elliptic curve with SHA-512,

  • Support for RFC 7427 - method 14: Digital Signature Authentication RSA,

  • Support for RFC 6023 - Initiation IKE Childless,

  • Support for RFC 4304 - Extended Sequence Number (ESN),

  • Support for CNG (Microsoft Crypto API: Next Generation),

  • Support for Lz4 compression,

  • VPN security policy access restricted to Windows administrator (specific password no longer needed).

Improvements

  • Removal of vulnerable algorithms: DES, 3DES, MD-5, SHA-1, DH 1-2, DH5,

  • Removal of deprecated Microsoft API CSP support for tokens/smartcards in IKEv2,

  • Stronger protection of VPN configuration using SHA-2,

  • Updated OpenSSL to version 1.1.1l,

  • After connected to a redundant gateway, the next time the tunnel is opened, the SN VPN Client Standard tries to switch back to the main gateway.

Bug Fixing

  • Tunnel now closes when smartcard reader is pulled out,
  • Corrected an issue that sometimes created sockets on port 500/4500 when not required.