October 29, 2009

Windows 7 64 bit VPN Client – ShrewSoft

Filed under: Development,Open Source,Windows 7 — J. Abram barneck @ 10:21 pm
Tags: , , , ,

Ok, so I couldn’t get Cisco’s VPN client to work for Windows 7 64 bit. So I went in search of another VPN client.

(UPDATE: I got ShrewSoft’s VPN Client working, so keep reading down below.)

I came across ShrewSoft’s VPN Client a while ago, but it originally blue screened my Windows 7 box, but it was a version that didn’t support Windows 7. However they have a new version that is out that is for Windows 7 64 bit. Actually they now have a release version on their download site but there is a beta of the next version (Update 3/05/2010)2.1.6-beta-6 that your may want to use (or a later version if you are reading this well after I wrote or updated it). See the comments on why.

I installed it and it requested a reboot so I rebooted, and the first good news is that I didn’t blue screen when my workstation booted up. Horray!!!

After installing, I tested undocking my laptop from its docking station and then docking my laptop, and again, no blue screens, so I think it is good to go. Now I just have to figure out how to configure it to connect here at work.

I like the license, they say:

The Shrew Soft Client for Windows is free for both commercial and private use. Please read below for complete license details. Click here…

Stay tuned for more testing….

Ok…I am back for more notes.

At work we are using a Cisco VPN solution, so it turns out that when my Cisco VPN would install on a 32 bit machine, it used a .pcf file. Well, guess what is awesome about ShrewSoft’s VPN Client? It can import a .pcf file.

I imported the .pcf file and I appear to connect, then disconnect. Not sure what is going on. I am at work, but I should be able to connect to the VPN while at work, at least that is what my IT staff said.

So hopefully it connects when I am at home.

Here is my log:

config loaded for site ‘MyConfig.pcf’
configuring client settings …
attached to key daemon …
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel …
network device configured
tunnel enabled
session terminated by gateway
tunnel disabled
detached from key daemon …

I will try to debug later…

All right I am back again and I am trying to debug. I found this post:

There is a program under Start | All Programs | Shrew Soft VPN Client called “Trace Utility” that is installed with the Shrew Soft VPN Client can be used for debugging. However, it wouldn’t work for me. The buttons weren’t enabled.

I had to right-click on the “Trace Utility” shortcut and choose “Run as administrator” then I was able to turn on debugging.

Positives for Shrew Soft VPN Client
– It has a debugging utility.
– It supports Windows 7 64 bit
– It imports cisco .pcf files.
– There is a lot of documentation.

Negatives for Shrew Soft VPN Client
– I don’t have it working yet
– There is not really any clear failure reason for a user.

So I will keep at it. I think I am about going to email the developer, but I sure don’t want to bug him.

Hopefully for some of you, it worked first time for you when you imported the .pcf file.

Got it working

Another positive. The developer has a mailing list, as you saw with one of my links above. I found this link:

The key piece of information I needed was this:

If it gets to the ‘tunnel enabled’ point, that means you completed phase1, Xauth and modecfg negotiations. Its probably a phase2 option. As I mentioned to others on the list, try playing with the PFS setting or enabling the cisco-udp NAT-T option.

In the tool, after importing my .pcf file, I only had to make one configuration change. I had to change the PFS setting to “group 2”. See this screen shot.

VPN Setting

So I have this working now.

I have to say that I am very impressed with Shrew Soft. It took me some time to figure it out, but it works. Now the only question time will tell is how stable it is. Expect an update in a week or two about whether I think the Shrew Soft VPN Client is stable.

The steps are easy for me to connect to my VPN at work. Now every VPN is different so I am sorry if these steps don’t work for you:

  1. Use the correct (and latest) version: 2.1.6-beta-6 or later
  2. Install Shrew Soft VPN Client
  3. Reboot.
  4. Import the .pcf file.
  5. Modify the configuration and change the PFS setting to “group 2”.
  6. Apply the configuration.
  7. Click connect.
  8. Enter your domain user and password and you will connect.


Also, I exported my configuration as a Shrew Soft VPN Client export, which is a .VPN file. When I import it, I don’t have to make a configuration change like I did with the Cisco .pcf file.

Key words: cisco vpn window 7 64 bit



  1. Thank you. Changing to Group2 fixed the problem for me too.

    Comment by Chris — November 11, 2009 @ 5:29 pm | Reply

  2. Thanks for the info! Worked for me with the defaults (no need to change the PFS default).

    Comment by Doug — November 13, 2009 @ 4:17 pm | Reply

  3. Awesome, I had the same error, this worked for me!

    Many thanks.

    Comment by Jason — November 14, 2009 @ 10:33 am | Reply

  4. Thank you very much, worked for me, without changing to Group2… You rock my world! 😉

    Comment by Karsten — November 16, 2009 @ 1:24 pm | Reply

  5. The problem with the latest version of shrewsoft was that while it didn’t bluescreen during install, it caused my computer to bluescreen periodically afterwards.

    Comment by Erek — November 22, 2009 @ 10:00 am | Reply

  6. Erek,

    Sorry you had troubles. I have dozens of people at work using this and a thousands of people have hit this post and that is the first bad report. I wonder if there is something specific to your workstation, like a conflicting software or something. You may want to go to the developers site and maybe there is a way you can send them your details and blue screen info.

    Comment by rhyous — November 22, 2009 @ 1:23 pm | Reply

  7. I tried Group 2 but I can still only authenticate but do not have the ability to ping. Checking ipconfig it shows I have no gateway, however the odd thing is the cisco vpn 32bit on xp also shows no gateway. So this may be no indication of where the problem actually resides.

    Comment by Michael — November 23, 2009 @ 8:12 am | Reply

  8. works on windows 7 64bit to our university network. thanks for the useful post 🙂

    Comment by x — November 23, 2009 @ 3:03 pm | Reply

  9. Hey THX a lot,
    i was searching for this issue too. After lots of search i considered to use the integrated VPC with WINXP (which worked as well) to connect with my company.
    But your rocking information to change to Group2 worked for me great. Now i’m armed with VPN XXL 😉

    Comment by Peter — November 23, 2009 @ 5:34 pm | Reply

  10. Thanks- this was a great find! I only discovered after installing 64 bit Windows 7 that the Cisco VPN was incompatible (and the built-in VPN client didn’t work). This solved the problem in no time! And to think I was considering reinstalling with Win7 32 bit!

    Comment by Jeff — November 27, 2009 @ 11:23 am | Reply

  11. Anyone else getting BSODs when trying to install 2.1.5-rc4 on a fresh Win7 x64 installation?

    I’ve tried 3 times using native and compatibility settings and it always crashes when it tries to install the networking drivers.


    Comment by Brent — November 27, 2009 @ 10:23 pm | Reply

    • Well, email the author and ask him if he would like to debug. Since I have seen this work on so many Windows 7 64 bit workstations it is hard to not think it may only be something that occurs with your hardware or with a specific hardware driver you are loading or that is loaded by the install. Maybe the developer would love to see your dump file.

      Comment by rhyous — November 28, 2009 @ 9:07 pm | Reply

    • Read this:

      Comment by rhyous — November 28, 2009 @ 9:09 pm | Reply

  12. […] The original blog post on which this guide was based (and what made it work for me) Share this post! […]

    Pingback by Connecting to the Hogeschool Leiden VPN under 64 bit « Michiel van der Velde — December 3, 2009 @ 10:13 am | Reply

  13. I don’t have this problem, but after install (v2.1.5-rc-5) and reboot laptop (window 7 64 bit), I can connect to network but i can’t browser any website. I seem be DNS problem, anyone have the same this issue with me.

    Comment by phu.tang — December 3, 2009 @ 7:51 pm | Reply

  14. You’re the best!! It works flawlessly

    Comment by hikaricm — December 7, 2009 @ 5:49 am | Reply

  15. I happen to wireless connection (it work flawlessly with cable connection). While I turn off “ShrewSoft DNS Proxy Daemon” service, I can browser web but can’t connect VPN.
    This is a bug with wireless connection.

    Comment by phu.tang — December 7, 2009 @ 7:57 am | Reply

    • phu.tang – I have the same problem, wired connection it works perfectly, but on my laptop it will work until I reboot… then no web browsing until i stop dnsproxy and no vpn connections…

      (Win7 64bit)

      Comment by MikeP — December 13, 2009 @ 1:41 pm | Reply

    • Same with me… maybe a driver issue ?

      Comment by Karsten — December 17, 2009 @ 2:34 am | Reply

    • Same issue here. I had the same thought ad you phu.tang. Try to turn off the DNS proxy service but I do not see any ShrewSoft DNS Proxy Daemon in myservices.msc though :/
      how did you turn off the service ?

      Comment by CharlesB — February 3, 2010 @ 2:09 am | Reply

      • I don’t know what myservices.msc shows (maybe you are just missing a space) but services.msc shows me a list of services for ShrewSoft and the first one is the one. The services I show are these:

        ShrewSoft DNS Proxy Daemon
        ShrewSoft IKE Daemon
        ShrewSoft IPSEC Daemon

        Comment by rhyous — February 3, 2010 @ 9:14 am | Reply

    • I had the same issues with WIN7 64 bit, VPN used to work on wireless, but not anymore.

      First disabling the “Shrew soft dns proxy daemon” allowed my wireless connection to see internet and the following fixed the VPN via wireless internet:

      go to control panel/network and internet/network connections

      Disable “Microsoft Virtual WiFi Miniport Adapter” in the list of and you will be able to connect VPN via wirelss. I think this was automatically installed by Microsoft update process recently when my VPN via wireless stopped working.

      Hopefully this fixes your problem as well 🙂

      Comment by Prem — March 18, 2010 @ 12:13 am | Reply

  16. Any way to make it remember my login/password the way the cisco client does?

    Comment by Jeff — December 9, 2009 @ 6:26 am | Reply

    • Not that I have seen. You should email the author with your request, it would be pretty easy to implement.

      Comment by rhyous — December 9, 2009 @ 7:23 am | Reply

  17. Hey this worked for me on my version of windows 7 (64 bit) OS without much effort. The latest release 2.1.5-release on 5th Dec 09 has the PFS setting also in place, all I did was install, reboot, import pcf and connect. Thanks a ton since My Cisco client wasn’t working either.

    Comment by Kamalraj — December 10, 2009 @ 1:39 am | Reply

    • Thanks, I just made a post about the new release…

      Comment by rhyous — December 10, 2009 @ 9:13 pm | Reply

    • Hi everyone, I am using windows 7 64 bit Home Premium. I installed 2.1.5-release and imported .pcf file (this file was found in a directory where I tried to install cisco vpn client but ended without success). But while importing it says that the configuration uses RSA authentication method and so I need to add a certificate manually to complete the configuration. Where can I get the certificate for this ????

      Comment by Satheesh — February 16, 2010 @ 11:50 am | Reply

  18. Hi,

    Im getting below error, please help me to fix this.
    attached to key daemon …
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    pre-shared key configured
    bringing up tunnel …
    negotiation timout occurred
    tunnel disabled
    detached from key daemon …


    Comment by selva — December 11, 2009 @ 7:45 pm | Reply

  19. Thx alot,
    you can also import the Cisco *.pcf files – and it works perfectly.

    Comment by Michel — December 16, 2009 @ 5:06 am | Reply

  20. Thanks a lot! This was an incredibly helpful post, just wish it was the top google result for related queries. Way to stick it to Cisco for not providing it’s customers with more options/better support! Great job!

    Comment by Thankful User — December 31, 2009 @ 12:03 pm | Reply

  21. For those who are still having issues connecting to Cisco VPN gateways, you may find this post helpful. However, please use the 2.1.6 beta 3 release as it contains a fix for a bug that crept into the beta 2 release.


    Comment by Matthew Grooms — January 6, 2010 @ 5:15 pm | Reply

    • Thanks, I updated the article to point to this version.

      Comment by rhyous — January 6, 2010 @ 8:31 pm | Reply

  22. Great! The Cisco client doesn’t work in Win7 for some unknown reasons and using this client and importing the .pcf file solved the problem perfectly.

    Comment by Swifters — January 8, 2010 @ 12:57 am | Reply

  23. On Win7 x64 under 2.1.5 release, Shrew has connected to the majority of my PCF files I was utilizing.

    However, connections to Cisco’s VPN (the company itself, which I assume uses their own top-of-the-line VPN gateway products) was failing after initial successful connection. I was immediately getting “session terminated by gateway” as detailed here. The timing pointed to a Phase2 issue but switching the Phase2 PFS setting did nothing.

    Upgraded to 2.1.6-beta-3 release, and switched off Client | Enable Dead Peer Detection, and it is now is connecting fine.

    Comment by mumu — January 11, 2010 @ 12:49 pm | Reply

  24. I’m using the beta 2.1.6-beta-3 but I’m still getting the “session terminated by gateway” error…

    I have no experience in this area and was wondering what I should try and if anyone can assist me?

    Thanks in advance

    Comment by Steve — January 13, 2010 @ 8:59 am | Reply

  25. I did the steps provided on this site. I even tried all other steps taken by other users. Still, I can’t get passed this error:
    config loaded for site ‘AT&T Home VPN Fairfield CA.pcf’
    configuring client settings …
    attached to key daemon …
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    local id configured
    pre-shared key configured
    bringing up tunnel …
    network device configured
    tunnel enabled
    session terminated by gateway
    tunnel disabled
    detached from key daemon …

    Comment by Troy — January 19, 2010 @ 6:13 pm | Reply

  26. Great Post. Helped me a lot. I had the same wireless issue, but using 2.1.6 Beta 3 and i can connect. all works seamlessly with the pcf file.

    Thanks for the post. You are a life-saver (or should that be maker-easier 😉 )


    Comment by ColJay — January 21, 2010 @ 1:04 pm | Reply

  27. I’m using the beta 2.1.6-beta-3, and import profile, did not change anything, it works! I will spned need more time to test the liability.
    Thanks a lot , it save my 64bit win7, otherwise I will continue use windows xp because VPN.

    Comment by haidongl — January 21, 2010 @ 9:32 pm | Reply

  28. I found an incompatibility with VMWare Workstation Guests that you all should know about:

    There is a simple fix/workaround so no worries. I haven’t really tested what happens when using VPN with the solution applied but time will tell.

    Comment by rhyous — February 1, 2010 @ 9:53 am | Reply

  29. For the “Session terminated by gateway” issue, try setting PFS Exchange in phase2 settings to disabled. Worked for my after trying many different things. I got the clue from here…http://lists.shrew.net/pipermail/vpn-help/2009-August/002138.html

    Comment by Adam — February 1, 2010 @ 4:39 pm | Reply

  30. On Windows 7 64-bit, I had the same issue but Phase 2 settings did not fix it. 2.1.6-beta-4 client did! Left all Phase 2 settings as defaults and it worked without any immediate disconnect.

    Thank you for a great product and continually improving it.

    Comment by Dr.Dred — February 10, 2010 @ 10:13 am | Reply

  31. Thank you Dr Dred for your comment. I was also not successful with any of the suggestions. Tried 2.1.6-beta-4 after reading your comment and it just worked after importing my pcf file – no tweaking of settings required.

    Comment by Angela — February 14, 2010 @ 8:48 am | Reply

  32. Thank you!

    Comment by Jekaterina — February 15, 2010 @ 8:51 am | Reply

  33. Hi everyone, I am using windows 7 64 bit Home Premium. I installed 2.1.5-release, rebooted the system and imported the .pcf file (this file was found in a directory where I tried to install cisco vpn client but ended without success). But while importing it says that the configuration uses RSA authentication method and so I need to add a certificate manually to complete the configuration. Where can I get the security certificate for this ????

    Comment by Satheesh — February 16, 2010 @ 11:51 am | Reply

  34. Hi all,

    I have just got Shrew Soft to work with my windows 7 64-bit system (professional) on a Asus Notebook UL20A and thought I’d comment as it seens like many others are having similar problems to me. (Please note I’m working at the limits of my IT knowledge here and may not describe everything correctly, feel free to ask more questions.)

    I got the Shrew Soft v 2.1.5 from my workplace as they use Cisco normally but this doesn’t support windows 64 bit. (Apparently, in a workplace of thousands, no-one has yet used 64 bit !!! but the incompetence of our IT support for another day). Installation ran smoothly, I imported the Cisco .pcf file ok. Although I could apparently connect to the VPN system, it would drop out quickly afterwards, also I couldn’t map my workplace network drives (I was running a separate logon script for this).

    At work, using my laptop to connect to the wireless network there, then connecting to VPN with Shrew Soft and running the logon script worked, although i noticed it dropped out quickly.

    I use internet wirelessly at home (DLink router) and as I could make VPN work at my workplace, I thought my home internet setup was the problem. But I had Cisco VPN running on an older laptop with windows XP (32 bit) and VPN worked perfectly, with the same internet setup (and same internet security program).

    After much tinkering (turned off internet security, windows firewall already off, opening ports on the router, changing PFS setting to ‘group 2’ as rhyous did above) still no luck making the Shrew Soft /logon script thing work.

    But I just downloaded and installed the latest beta Shrew Soft version (2.1.6 beta 4) and works perfectly. 15 min later I am still connected.

    I don’t understand the difference between the versions but it works, and this has made my day!

    Thanks all on this page for your suggestions, it has made me persevere and now it works!

    Comment by DrBoo — February 17, 2010 @ 1:57 pm | Reply

  35. You just saved my day – thx.

    Comment by Jasper — February 18, 2010 @ 12:27 pm | Reply

  36. Thanks a lot!!! I had ShrewSoft installed on my PC before, but just couldn’t get it going; switching to “group 2” also solved my problem!

    Best regards from Germany,


    Comment by Sascha — February 21, 2010 @ 3:34 am | Reply

  37. has anyone found a solution for no internet after reboot? windows 7, 32 bit and i have tested 2.1.5 and 2.1.6 beta 4. i can only connect to internet after rebot by turning off the Shrew Soft Lightweight filter in wireless connection properties.
    this is the same issue i believe as post 15.
    i really need to get a vpn client to work with 7 and this is the closest one i have found other than this little wireless glitch

    Comment by Spener — February 23, 2010 @ 7:13 am | Reply

  38. Thanks a lot for your help,
    I could connect to customer vpn with version 2.1.6 beta 4

    Best regards from Vietnam

    Comment by Minh — February 28, 2010 @ 8:08 am | Reply

  39. Here is the contents of a response from one of the Developers to an email I sent to ShrewSoft’s mailing list:


    I just posted 2.1.6 beta 6 on the download page. While investigating the suspend resume problems, I noticed some other issues that are now
    corrected. This includes a bug that prevented the daemons from handling
    device handle error conditions gracefully. In particular, when the
    filter driver unloaded, device handles were not being closed correctly.
    This prevented the drivers from unloading unless you closed all apps and services manually. Even worse, the ike daemon would enter a high
    utilization loop consuming 100% CPU and never re-open its handle. These
    issues have now been resolved.

    The other notable change was for the filter drivers to avoid problems
    related to the Transparent DNS Proxy Daemon. The Shrew Soft client can
    now be installed on the host computer along with VMWare or VirtualBox,
    and no longer interferes with guest VM’s DNS traffic. This should make
    quite a few people happy since its a very commonly reported issue.

    Thanks again to the ShrewSoft developers for a timely resolution to the VMWare issue listed here:

    Comment by rhyous — March 5, 2010 @ 7:47 am | Reply

  40. Cheers for the tutorial. I’ll be testing this at my work for our 64-bit clients..

    Comment by Sigg3 — March 12, 2010 @ 3:24 am | Reply

    • Just thought I would mention that ShrewSoft is now on our official W7 64 bit corporate image in my company. We feel it is enterprise quality and enterprise stable. We had two issues and both have been resolved by mailing to developers mailing list and reporting the issues. The fixes were made in as timely a manner as if we had paid for support.

      Comment by rhyous — March 12, 2010 @ 1:35 pm | Reply

  41. Hi Rhyous:

    I was fowarded a link to your site this morning. I had given up on vpn on x64 from my vista x64 days (because of cisco nsane decision of not continuing to support the product on x64) and currently use a Sun Virtualbox vm running cisco VPN Client and share its connection with the Windows 7 x64 Ultimate.

    At first I followed your directions with the beta7 build and they didn’t work for me (everything installed fine but couldn’t connect). My company uses group authentication setting in the client so after I changed the Authentication as follows:

    . Modify the *.pcf with the following settings:
    – change Authentication – Authentication Method to Mutual PSK

    After that I was able to successfully connect 🙂 haven’t tested it thoroghly but it seems to be working so far.

    Thought I would share this with anyone else having the same problem.

    Comment by Shahzad Ansari — March 16, 2010 @ 10:54 am | Reply

    • Thanks works perfectly! 🙂

      Comment by dani — October 15, 2010 @ 1:18 am | Reply

  42. I’m running Windows 7 Enterprise x64. I just wanted to let everyone know that I had the same problems as rhyous. I also downloaded 2.1.6-beta-7. I tried my connection again and it connected without the “session terminated by gateway” message. However, I could not ping any of the servers on the network. I changed “Phase 2 – PFS Exchange” option to “Disabled” and everything is working perfectly now. This is the only alternative (in my opinion) to the cisco client for Windows 7 x64.

    Comment by ieinadex — March 18, 2010 @ 6:26 am | Reply

  43. Great work! Thank you for your time in putting this together. I imported the pcf file and it worked straight away.



    Comment by Carlos — March 22, 2010 @ 2:17 am | Reply

  44. The Group2 change worked for me as well. Thanks for putting in the effort and publishing.

    I have to throw the shrew guys a few bucks as well.

    Comment by Chris — March 25, 2010 @ 7:03 am | Reply

  45. Cisco IPSec VPN Client – 5.0.7 BETA – Win7 64-bit support

    Start64!Cisco has a beta version of the IPSec VPN Client out, version 5.0.7 BETA (vpnclient-winx64-msi- available for download. It appears they got the message about the need for a 64-bit version of the IPSec client for Windows 7! It is available for download on CCO but requires a valid CCO login and current contract to get the code.

    Thanks to http://www.start64.comhttp://www.start64.com/index.php?option=com_content&task=view&id=4320&Itemid=55

    Comment by kk — March 25, 2010 @ 8:41 pm | Reply

    • Well, they have already missed the boat for us. We have ShrewSoft VPN in our image and it is stable and working. We are not going to make a change to a beta.

      Comment by rhyous — March 26, 2010 @ 7:39 am | Reply

  46. I have a windows 7 64 bit just tried 2.1.6 beta 7 and still get blue screen on instal and first attempt to uninstall. I have admin privileges. Get message on uninstall “interface pointer to vfh possible cause incrrect function” and “correspond inf file in the drive store could not be found” Any ideas?

    Comment by Stephan — March 26, 2010 @ 12:03 pm | Reply

  47. I have installed the 2.1.7 beta 7 but connecting through wireless (internet works, vpn doesn’t) doesn’t work i still get a timeout. When i use my wired network i have no problem. Any suggestions?

    Comment by esther — April 4, 2010 @ 1:25 am | Reply

  48. 47.I have installed the 2.1.7 beta 7 but connecting through wireless (internet works, vpn doesn’t) doesn’t work i still get a timeout. When i use my wired network i have no problem. Any suggestions?

    Comment by esther — April 4, 2010 @ 1:26 am | Reply

  49. I have tried multiple previous versions as well as the latest 2.1.6-beta-7 version and I still get a timeout. I also fiddled with PFS Exchange, but no success. I am on a local WiFi and I am able to connect to my VPN, I get a welcome message, but after 3-5 seconds I get disconnected with the following messages:
    session terminated by gateway
    tunnel disabled
    detached from key daemon …
    Any help would be highly appreciated, please.

    Comment by Fed — April 20, 2010 @ 12:27 am | Reply

    • Try the Cisco 64 bit beta that is now available ( better way late than never ).

      It works just peachy! You need a login at Cisco site to get this download.

      Comment by John Hurley — May 21, 2010 @ 4:08 pm | Reply

  50. My group is Group A and my log says the same to other cases:

    session terminated by gateway
    tunnel disabled
    detached from key daemon …

    I’ve changed all group in phase 2.
    Many thanks for your kind help, guys.

    Comment by brightsea2001 — April 25, 2010 @ 2:21 am | Reply

  51. how to enable group authentication here ?
    i am using nortel and in my win 7 its not working.
    Can u please guide me what all settings i need to do.

    Comment by deepak — May 15, 2010 @ 1:16 am | Reply

  52. I have downloaded version 2.1.5 of Srewsoft VPN client and trying to coonect from home – win XP to work where recentlu updated my pc to win 7 64-bit. I have used before Cisco client that i have uninstalled now. I’m getting this error message
    local id configured
    pre-shared key configured
    bringing up tunnel…
    gateway is not responding
    tunnel disabled
    detached from key daemon

    Comment by Gabi Voicu — May 28, 2010 @ 6:50 am | Reply

  53. OS: Windows Server 2008 R2 64 bit.
    I had the 2.1.5 release build and it worked fine until I tried it with a RSA soft token. Found this article and tried the 2.1.6-beta-8 stable dev build, based on some comments above. Voila! Thank you all!

    Comment by Parag — June 3, 2010 @ 3:12 pm | Reply

  54. Thanks, the PFS Exchange setting fixed this for me as well!

    Comment by Dan — June 4, 2010 @ 11:26 am | Reply

  55. Thanks a lot! You saved me a lot of time and frustration. In case anyone is interested I got mine working by changing the PFS setting to “disabled″

    Comment by Johnny — June 5, 2010 @ 10:43 am | Reply

  56. Default settings (auto for PFS) works for me. Thanks.

    Comment by Kevin — June 7, 2010 @ 11:57 am | Reply

  57. Downloaded 2.1.5 beta 8, followed the steps, but it wouldn’t get past the “session terminated by gateway” error. After seeing that some had success with disabling the “Phase 2” PFS setting, that also worked for me. I was able to stay connected and map network drives. My only issue now is that I cannot connect to a secured remote desktop through this VPN connection. I work for a Hospital and our software is through an ASP which is locked down to allow only connections from certain IP addresses. I’ve never had issues before when I used to connect from a 32 bit system with Cisco’s VPN client. Anyone have any suggestions?


    Comment by Jeff — June 12, 2010 @ 9:27 am | Reply

  58. sorry…i’m using 2.1.6 beta 8

    Comment by Jeff — June 12, 2010 @ 9:28 am | Reply

  59. running windows 7 64-bit. Downloaded 2.1.5, imported pcf file used with my cisco vpn client… others at work connecting thru the same vpn gateway have been able to successfully connect with no changes to their pcf options. However, i get connected and then get the “session terminated by gateway tunnel disabled detached from key daemon” message. tried changing the phase 2 PFS exchange to “group 2” as suggested in other posts, but session still terminated. downloaded the 2.1.6 beta version as some have said corrected the problem, but got same result. any other suggestions? does it make sense that co-workers are able to use their cisco pcf file which is identical to mine and have success?

    Comment by Liz — June 18, 2010 @ 8:16 pm | Reply

  60. i have installed 2.1.5 , imported my pcf and can connect to my work but I can’t browse my network anyone else have this occurred?

    Comment by Martin — June 25, 2010 @ 4:59 pm | Reply

  61. Hello

    i am using the version Version 2.1.6 i made the change that you recomend in PFS exchange –> phase2 but i receive the follow error i am using Windows 7 Home premium 64 bits

    config loaded for site ‘australia-sydney-nsnvpn1.pcf’
    configuring client settings …
    attached to key daemon …
    peer configured
    iskamp proposal configured
    esp proposal configured
    client configured
    local id configured
    pre-shared key configured
    bringing up tunnel …
    network device configured
    tunnel enabled
    session terminated by gateway
    tunnel disabled
    detached from key daemon …

    thanks a lot for your help

    Comment by DABS — June 27, 2010 @ 9:00 am | Reply

  62. I came across a link to your site from Toms hardware I believe it was. I was looking into VPN’s. However I’m a complete noob at least with this software in particular.. and it seems like all others are not free. I am running windows 7 64bit.. so I figure the best person to ask might be you since you got this working. Now don’t laugh… Once you install ShrewSoft’s VPN Client … what do you do?
    Okay I realize there are installed components, access manager and the trace component. I was trying to play around with the manager and was baffled as to what I use as a host or IP… I’m assuming you have something like a proxy server it connects to? This is something you need to obtain (how? where? uhhh…)… or does this software create a list for you? Well, none the less I didn’t get it working but I was very curious if it is possible. I am just a home user, so this isn’t business related. I haven’t really played with software like this enough to know what I am doing or what I need before using it may be useful. Any thoughts or help would be appreciated. 🙂 Maybe is a home user dummy’s guide.

    P.S. I used to be fairly competent at one point.. at least managed to run red hat Linux back when I was 12 and how I have no freaking clue about anything these days.. go figure.

    Comment by Joelene — July 26, 2010 @ 11:17 pm | Reply

  63. Check that the ShrewSoft IPSEC Daemon Service is started.

    Comment by Duke — August 26, 2010 @ 7:38 am | Reply

  64. Using V2.1.7 and importing Cisco PCF works fine for me.
    Under Win7 x64 cable Connection is ok, but via WLAN cant create tunnel.
    Any suggestions?

    Comment by IPSeccer — November 4, 2010 @ 7:57 am | Reply

    • Email you hardware/os and info to the shrew soft mailing list.

      Comment by rhyous — November 4, 2010 @ 3:16 pm | Reply

  65. I got 2.1.7-stable release and installed on a brand new win7 64 bit professional. When I rebooted it, it shuts down my intel wi-fi connection. However my wireless connection was still available and I am able to browse without any issue.

    Started the access manager (vpn client), imported my cisco profile and hit connect. Surprise, it connected without any issue. (I was hoping to see atlease one issue, but it surprised me.)

    The cool thing is, it connected with the Cisco RSA VPN gateway with my softtoken with out any issue. (The IBM fingerprint access manager saved this authentication in its profile as well).

    Now, I can get to my office system much faster than XPMode based cisco vpn client.

    My only other question is, ‘How to make the shrewsoft client as a windows taskbar icon like cisco client does?’ I think, I should read the shrewsoft faq to figure this out.


    Comment by Jeeva — November 21, 2010 @ 12:23 pm | Reply

  66. my friend can you help me how to set-up this shrewsoft?i don’t know where to get this .pcf file and i also don’t know what .pcf is.can you pls help me with this.i live here in saudi arabia and most of the sites are block.pls email me if you have something that can help me..thanks is advance..(tantmeux@yahoo.com)

    Comment by tantmeux — December 16, 2010 @ 12:53 am | Reply

    • You don’t need a PCF file. A PCF file is a configuration file for a Cisco VPN client. If you already had a Cisco VPN client working on XP, you can export the PCF and ShrewSoft can use it to get the configuration needed.

      If you don’t have a PCF file, and your VPN admin cannot get you one, then you need to talk to your VPN administrator to get the settings needed. If you cannot talk to your VPN administrator, then you are left guessing.

      Comment by rhyous — December 16, 2010 @ 7:47 am | Reply

  67. Thanks for the tip! Went straight to Shrewsoft’s site, and their latest version worked a charm as an alternative to Cisco software.

    Comment by Kevin Powe — January 13, 2011 @ 8:54 pm | Reply

  68. Fresh install of Windows 7 64 bit. I can connect using Shrewsoft Access Manager 2.1.7, but cannot do anything with the client site. I tried remote desktop to a server and it does not seem to find it. I tried pinging the server while connected on VPN with no luck. It is as though I can connect, but that’s it. I don’t have remote desktop capabilities and cannot ping machines with IP addresses since maybe the VPN DNS doesn’t contain the server names. Worked fine until Windows 7 came into play. Arrgh! Any sssistance would be greatly appreciated.

    J. T.

    Comment by Jay Tosan — January 17, 2011 @ 10:07 pm | Reply

    • same to me, tracked down to the Default gateway which is, in stead of the same as my IP number.
      somebody fixed this already??
      I’, using the latest release (2.1.7).

      Comment by Gerrit — February 14, 2011 @ 6:50 am | Reply

    • I had the same problem and got the remote desktop working by disabling NAT Traversal under Shrewsoft VPN Access Manager -> Options -> Client -> Firewall Options. I was using 2.2.0 beta-1 version of Shrewsoft.


      Comment by Sam — February 19, 2011 @ 8:58 am | Reply

  69. Thanks, you saved my day, worked perfectly without any tweaking.

    Comment by Rajan — February 1, 2011 @ 4:29 pm | Reply

  70. It worked for me – note: I only had to update the ShrewSoft’s VPN client – so *no* change in settings! Many thanks!

    Comment by Lex — February 16, 2011 @ 12:58 am | Reply

  71. I have tried to import a .pcf file and i m trying to connect. The tunnel is enabled but established = 0. The trace utility shows the below error. Please help

    11/04/16 16:04:12 !! : peer violates RFC, transform number mismatch ( 1 != 13 )
    11/04/16 16:04:12 !! : invalid private netmask, defaulting to class c

    Comment by Raj — April 16, 2011 @ 4:40 am | Reply

  72. Great man, I was already having an endless arguing with our Customers in mind to have them change their VPN policies, but changing the setting as described worked like a charm for me!

    Comment by Tobias Twardon — July 13, 2011 @ 12:59 am | Reply

  73. This site was very helpful, but http://www.shrew.net had the answer.
    My Problem: The Shrewsoft VPN client worked great for me on Win7 64bit when wired. When wireless it did not work. I tried the suggestion at the top of changing Group 2 (didn’t help).
    Prem said “Disable “Microsoft Virtual WiFi Miniport Adapter”. I couldn’t find that adapter.

    Then I found the Shrew.net article at their support site. The wireless issue was a known problem with 2.1.7 at Prem said and he had the fix. Client 2.2.0 fixes this. 2.2.0 wasn’t gold code yet, but I installed 2.2.0 beta 2 and everything is working for me…wired and wireless. Thanks guys for your help. I will be ‘donating’ to Shrew.net.

    Comment by tchildy — August 16, 2011 @ 9:24 pm | Reply

  74. Thanks tchildy! I got stuck at the same point: Shrewsoft VPN Client works like a charm to connect to our IPCop VPN-Gateway using IPSec from 32Bit Windows machines. But on Windows 7 / 64Bit it would only use the wired but not the wireless adapter. So I installed the latest beta which is 2.2.0-beta-2 right now. But for me now nothing works anymore. When connecting, Shrewsoft Client is not accepting the password that is needed to decrypt the PFCS12 Certificates. Any ideas?

    Comment by joe — September 1, 2011 @ 2:04 am | Reply

  75. Good Info here. I use Shrewsoft and it connects and seems to work fine. However the network connection on shows 10Mbps. How can I get it faster?

    Comment by Andy — November 3, 2011 @ 12:11 pm | Reply

  76. Thank-you! I too only got to the tunnel enabled point… the phase 2 connection setting change did the trick for me!

    Comment by Grant — November 15, 2011 @ 1:16 pm | Reply

  77. I agree with tchildy. I’m running Win7 Ultimate x64 (on a Macbook Pro using Boot Camp, no less) and with the 2.1.7 stable release it would work on wired connections but not wireless no matter what I changed, but the 2.2.0 beta release “just worked” with wireless, no problems at all.

    Comment by Jim — January 4, 2012 @ 7:15 pm | Reply

  78. After struggling to get passed SA failures on Phase2, I was able to display the”statitics” from the system tray icon of my Cisco VPN connection(from a another PC) and correctly modify my HMAC and Transform Algorithm settings. Previously I used the Shrew VPN Trace utility, “SA tab” to check for 2 “mature” connections. If they say LARVAL and disappear, your phase 2 settings are wrong.

    Comment by Greg — January 11, 2012 @ 8:48 pm | Reply

  79. Have been using the Shrewsoft client (2.1.7) for a while on Windows 7 and Vista quite reliably – though it cant hadle the PC going to sleep (you need to restart the Shrewsoft services to get it going again).

    What I’ve recently found is that Win-7 64-BIT with Service Pack 1 it breaks it – no traffic leaves the PC. Upgrading to the latest Beta 2.2.0 cures the issue but this release does start to fragment the VPN packets on Phase 2 so if your firewall is set to block fragmented packets it will block the VPN – the cure is to allow fragmented packets on the firewall (if you have set to block those).

    Comment by Ab — March 24, 2012 @ 1:36 pm | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: