We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use.

Shrew Soft VPN Client for Windows

Shrew Soft VPN Client for Windows

Setting up and connecting to a VPN server doesn't have to be difficult, and Shrew Soft's VPN client is the perfect example of how easy it should be. The lightweight client software from Shrew Soft is a great option if you have a large pool of users who need remote VPN access, or if your existing Cisco client is unstable or erratic.

4.0 Excellent
Shrew Soft VPN - Shrew Soft VPN Client for Windows
4.0 Excellent

Bottom Line

Setting up and connecting to a VPN server doesn't have to be difficult, and Shrew Soft's VPN client is the perfect example of how easy it should be. The lightweight client software from Shrew Soft is a great option if you have a large pool of users who need remote VPN access, or if your existing Cisco client is unstable or erratic.
  • Pros

    • Easy to install and configure.
    • No expensive licenses.
    • Supports Windows and Linux.
    • Wide variety of commercial vendors supported.
  • Cons

    • No Mac client.
    • Lack of dedicated support may be a problem for some businesses.

Shrew Soft VPN Client (Free) is a freely available IPSEC client for Windows and Linux machines used to connect to a Virtual Private Network. Organizations are increasingly offering employees remote VPN access to protect their network, data, and applications from outside threats. However, many of the vendor client offerings can be expensive and difficult to install. The Shrew Soft VPN client takes the complexity out of the equation and makes establishing the VPN connection as simple as possible for the end-user.

Shrew Soft's VPN software is a true VPN client in that it connects to an existing VPN server, whether that's from the big giants such as Cisco or Juniper, or from smaller players such as Cisco's Linksys. If you already have a VPN server, then you should definitely consider Shrew Soft. If you don't have a VPN server handy—either as a stand-alone product or as a feature on a firewall or a router—you would be better served looking at one of the all-in-one VPN software such as our Editors' Choices Logmein Hamachi and Comodo Unite. With these products, you can create a VPN connection between individual endpoints and have secure connection on the fly.

Features

Shrew Soft's VPN client is capable of working with VPN servers from several major commercial vendors, including Cisco, Zyxel, and Juniper Networks. The software's website has instructions on configuring the software to work with Adtran NetVanta, Check Point NGx, Cisco ASA, Cisco IOS, Cisco PIX, DrayTek, Fortigate, Fritz!Box, Juniper SSG (with and without certificates), Lancom, Linksys, NetASQ, Netgear, Sidewinder 6.x, Sidewinder 7.x, Sonicwall, and ZyXEL Zywall. There are instructions on the Juniper Networks knowledgebase on configuring the client to work with SRX Services Gateway and ScreenOS firewalls, as well. It can handle Cisco VPN connections that rely on pre-shared keys or certificates (IPSec) or with AnyConnect (SSL VPN).

The client supports a variety of operating systems, including Windows 2000, Windows XP, Windows Vista, Windows 7, several Linux distributions, and OpenBSD. For organizations with a heterogeneous network, Shrew Soft's software allows them to standardize on one VPN client, regardless of the operating systems running.

The fact that Macs aren't supported is disappointing. Considering the increasing numbers of Macs in the workplace, having a single client for all platforms would make the software a much stronger competitor.

Some advanced features are supported, including Split Tunneling, Split DNS, Nat Traversal, IKE Fragmentation, Packet Pre Fragmentation, Dead Peer Detection, Hybrid XAuth and automatic client configuration.

Support

The Shrew Soft Website offers a thorough wiki with detailed setup instructions and screenshots on how to configure products from specific vendors. There are how-tos for open source gateways including OpenSWAN, StrongSWAN, m0n0wal, and pfSense.

One thing I like about Shrew Soft is the fact that it supports multiple VPN servers. In a scenario where a user needs to connect to multiple networks, and if they don't have the same type of server, that user would normally have to install client software for each connection. That can easily get messy and difficult, if the tools wind up conflicting with each other. With Shrew Soft, everything is configured easily under one tool, making it easy to switch back and forth.

Installation and Setup

Getting started is a breeze, as the user downloads the desired version for the operating system directly from the website. No registration required. After downloading and installing the software, users can launch Shrew Soft VPN Access Manager.

If the IT department has a Cisco .pcf VPN configuration file already available, the process is even easier. All the user has to do is save the .pcf file somewhere on the local computer, and then go to the VPN Access Manager's File menu to import the file. Once the file has been imported, an icon with the file name will appear on the screen. Click on it once and hit connect to establish a VPN tunnel.

If the .pcf file has an encrypted password, some versions of Shrew Soft VPN may not be able to access that information. You will then need to obtain the required information from the IT department and replace the encrypted password.

Adding a New Connection

Clicking on the Add button on the toolbar opens up the configuration screen to create new VPN connections. For the most part, configuration is straightforward by adding the remote hostname or IP address of the VPN server. The local host address method should be set by default to "Use an existing adapter and current address." Network Address Translation Traversal should be enabled and WINS and DNS name resolution settings defined. The authentication and credential options allow users to enter the username/password combination, server certificates, or pre-shared keys.

If you are using a pre-shared key, select the Mutual PSK+XAuth authentication method under the Authentication tab. This is where you would enter the information you would normally find under the "Group Authentication" section in Cisco's VPN client. The group authentication name from the Cisco client goes under the "Key Identifier" identification type on Shrew Soft. The pre-shared password is located under the Authentication menu's Credentials tab.

Once the connection is configured and saved, the user can just select Connect to reach out to the VPN server. If the client connects successfully, the connect button will change to disconnect and the status window reads, "tunnel enabled."

At the very least, users just need the following information to get started: IPSEC gateway name, IPSEC ID (also known as group ID), IPSEC secret (also known as group password), remote access personal username (xauth username), and remote access personal password (xauth password). If something doesn't work, then it's time to fiddle with some of the default options. Depending on the server configuration, some users may not be able to connect unless they change the NAT Traversal option for "force rfc."

Most users should have no problems with just the default options.

Comfortable With Free?

For businesses concerned about the price tag, the fact that Shrew Soft VPN is free will be appealing. However, it's important to consider that free may wind up being costly if the company is not comfortable with freely available products or worried about long-term support.

Whether or not to use Shrew Soft's VPN may very well depend on the organization's willingness to forego dedicated support or regular maintenance. In the case of Shrew Soft, the most recent version is client 2.1.7, which was released in the fall of 2010. It was a maintenance release and fixed various bugs but did not introduce any new features. Some organizations may be nervous about the prospect of widely deploying a product that is not visibly under active development or support. Others may be comfortable enough with relying on a plethora of user support forums online and mailing list to solve any issues that may arise.

There are a lot of sites on the Web with helpful configuration and trouble-shooting tips for Shrew Soft. Even the vendor support forums, such as Juniper's knowledgebase, also have threads devoted to getting the free client to work. Shrew Soft offers extensive documentation on its site, and there is also a mailing list.

To make sure I never forget, and that I always connect securely, I actually use a start-up script. In a text file in Notepad, I saved the following commands (without 'lines'):

cd 'path-to-Shrew-Soft-VPN-directory'

start ipsecc.exe -r 'configuration' -u 'user' -p 'password' -a

Whenever I want to turn on VPN, I run the file (I keep it on my desktop) and it opens up the client, connects, and disappears, without my needing to manually launch the connection.

VPN for the Masses

I usually have the official VPN client installed on company hardware, but if I ever wanted to use my personal laptop or computer to access work resources, I was out of luck. Shrew Soft's VPN client actually makes this possible because I can download it and install it without causing any conflicts. The company is not on the hook for paying the license fees for these additional computers, and I am securely connecting to my corporate resources regardless of wherever I am. Shrew Soft's VPN software is a win-win for everyone.

As VPN clients go, Shrew Soft VPN is the way to go if you just need to connect your users with an existing VPN deployment without worrying about licensing or installation. The fact that it also supports multiple vendors is why it's our Editors' Choice. If you don't have a VPN server running, then check out our all-in-one VPN tools for businesses, such as our Editors' Choices Logmein Hamachi and Comodo Unite.

More Networking Software Reviews:

Vonage Business
Viber (for Android)
Ryver
WhatsApp Messenger (for iPhone)
McAfee Family Protection 2.0
more

Best VPN Picks

Further Reading

About Fahmida Y. Rashid