Windows VPN Client Configuration for ESG510 using Shrew VPN Client

Although windows has a built in VPN client it frequently is not working due to updates you can use the free shrew soft VPN client with the ESG510.

9.3 VPN Client using Shrew VPN Client on Windows 10 as an example

  • This is an example of how the Shrew VPN client should be configured on a Windows 10 PC in order to launch a Client VPN connection to ESG.
  • The screenshots in this slide and the next slides walk you through the configuration parameters on the Shrew VPN Client.
  • Since my ESG WAN IP is not static, I have enabled the DDNS feature on ESG for hostname “ntkevinshao.ddns.net”, so ESG will report to ddns.net DNS server to use its Primary WAN Public IP for ntkevinshao.ddns.net DNS resolution. Therefore, I can input ntkevinshao.ddns.net in the Host Name or IP Address field without having to care what my ESG’s current WAN public IP is.

If you uncheck Obtain Topology Automatically or Tunnel All and specify Remote Network Resource manually, then Split Tunneling is used and only traffic with destinations matching the subnet(s) specified in Remote Network Resource are forwarded thru IPsec VPN tunnel.

From the screenshot below, you can see client has got a 10.10.11.1 /24 IP address, default route is not changed but a static route to 192.168.66.0 /24 with next hop set to IPsec tunnel 10.10.11.1 is added because we had configured split tunneling in Shrew VPN client.

Cross Country Site To Site VPN testing with the ESG510 and Client VPN testing with IOS

I have been testing the new EnGenius security gateway it is setup as my main Internet router in Connecticut and I have site to site VPN configured with another ESG510 in California. The configuration is mostly automatic both gateways are registered to the EnGenius cloud so no WAN IP addresses are needed and NAT traversal is automatic.

You can choose which networks are allowed access form the far side of t he VPN. Once enabled I was able to access the gateway and access point on the remote side via my local web browser.

Next I enabled client VPN the only configuration necessary is to choose a subnet for the VPN clients and to set the pre shared key.

Lastly I configured the IOS client with my WAN IP and was instantly connected to the ESG510 VPN.

More information on the ESG510 security gateway and router here