Overview

While trying to set up the Shrew Soft VPN client in Windows or Linux environment, the tunnel connection cannot be established because the Kerio Control server is not answering.

This article provides information on how to configure a Windows Shrew VPN client (Standard Edition) with Kerio Control.

Important: we do NOT recommend using Shrew VPN client as certain security associations might be failing. Please use the native Windows IPsec or Kerio VPN client instead to ensure the security requirements are met.

Solution

1. Once Shrew VPN client is installed, click Add to initiate configuration.
2. Enter a Kerio Control IP address or hostname details. Select "Use an existing adapter and current address" in Adapter mode settings.
   
3. Leave Client and Name Resolution tabs as it is (default config).
4. In the Authentication tab, change the Authentication Method to Mutual PSK.
   
   Remote Identity subtab
   
5. In the Credentials subtab, specify the Pre-shared Key from Kerio Control VPN server settings.
   
6. Inside the Phase 1 tab, change the mode to Main (instead of Aggressive).
   
7. Inside the Phase 2 tab, change PFS Exchange to Auto.
   
8. In the Policy tab, uncheck "Obtain Topology Automatically or Tunnel All" option and specify the Kerio Control Trusted/Local interface settings.
   
9. Click OK to skip the Main mode and PSK warning.
   

Testing

Click Connect to verify the connection. The status will be "Tunnel enabled" and "Connected" and all the Security Associations should be passed.

Important Considerations

The Kerio Control IKEv1 should be used.

For Shrew Soft VPN client configuration on Linux, please refer to the Shrew README file in the source installation directory.