Client VPN Certifié Critères Communs EAL3+

Pour un déploiement en environnement sensible

Le Client VPN Certifié TheGreenBow est le premier Client VPN au monde à obtenir la Certification Critères Communs EAL3+, la Qualification au niveau standard et les agréments Diffusion Restreinte OTAN et UE.

TheGreenBow VPN Client Certifié Critères Communs EAL3+, qualifié Niveau Standard, agrément DR OTAN & UE

La Certification et la Qualification garantissent la fiabilité et la robustesse du logiciel, ainsi que le haut niveau de confiance dans sa mise en oeuvre et son utilisation.

De plus, la Certification valide la qualité des processus de l'entreprise et apporte au VPN Certifié la garantie d'un suivi et d'une qualité de production pérennes.

Le Client VPN Certifié est ainsi particulièrement adapté à la sécurisation de la mobilité et des communications confidentielles au sein des Grandes Organisations, OIV et Administrations. TheGreenBow est plus que jamais le partenaire de choix dans la constitution de solutions de sécurité en environnement critique et sensible.

Le Client VPN Certifié TheGreenBow est commercialisé sous forme d'abonnement annuel. N'hésitez pas à nous contacter pour tout complément d'information.

ANSSIANSSI Certification Reference for TheGreenBow VPN Client
NATONATO / NIAPC Catalog Reference for TheGreenBow VPN Client

Client VPN Certifié

Version :
30 jours d'évaluation gratuite
Taille : 5.76 Mo  
Date : Oct 2017  
OS : Windows XP 32-bit
Windows Vista 32/64-bit
Windows 7 32/64-bit
Windows Server 2008 32/64-bit
32 bit

32/64 bit
TheGreenBow  Software Supports Windows 8 32/64-bit
32/64 bit
TheGreenBow  Software Supports Windows 10 32/64-bit
32/64 bit
Langues : Allemand, Anglais, Arabe, Chinois (simplifié), Coréen, Danois, Espagnol, Farsi, Finlandais, Français, Grec, Hindi, Hongrois, Italien, Japonais, Néerlandais, Norvégien, Polonais, Portugais, Russe, Slovénien, Serbe (latin), Tchèque, Thaï & Turc.  

Release Note VPN Certifié

Version 5.2

Version 5.22 build 005

  • Bug fixing: Command line option "/close" fixed.

Version 5.22 build 003

  • Bug fixing: Buffer overflow in GINA X-Auth login/password values
  • Bug fixing: Buffer overflow in UI command line ()
  • Improvement (vulnerability): PIN Code erased from process memory after being used
  • Improvement (vulnerability): Import/Export password erased from process memory after being used

Version 5.21 build 002

  • Bug fixing: The integrity (signature) of a VPN Configuration is correctly and always checked when the configuration is imported. Corrupted configuration cannot be imported anymore.
  • Bug fixing: GINA UI correctly displayed after first installation.
  • Improvement (vulnerability): Strongest cryptographic mechanism for administrator password storage.
  • Improvement (vulnerability): Administrator password is hidden in user memory.
  • Improvement (vulnerability): Strongest access control mechanism, which avoid the access control being bypassed via code hacking.
  • Improvement (vulnerability): Logs (trace) do not contain sensitive information.
  • Improvement: Uninstall improvement on Windows 8
  • Improvement: Setup and first launch correctly manage obsolete windows certificates

Version 5.20 build 006

  • Feature request: Gina Mode supported on Windows 7, Vista 32-64bit.
  • Feature request: Added a password confirmation field when exporting a VPN Configuration.
  • Feature request: ESP anti-replay service supported i.e. RFC 2401/4303.
  • Feature request: Added several command lines (and setup init file) to better choose Certificates from Token or SmartCard in VPN Configuration. They are called PKI Options. For more details, look at our deployment guide on our website. "KeyUsage" allows limiting access only to "Authentication" certificates from the Token or SmartCard. "SmartCardRoaming" allows setting the rule used to fetch a Certificate from the Token or SmartCard. "Pkcs11Only" allows limiting access only to "PKCS#11" certificates from the Token or SmartCard. "NoCaCertReq" allows using Certificate with different Certificate Authority the VPN Gateway is using. "PKICheck" allows to force having the Root Certificate onto the user machine.
  • Feature request: The PKI Options are also manageable through the user interface via a new tab in the "Tools" > "Option..." window.
  • Feature request: Enable the IT manager to disable the Configuration Panel via registry key. When the specific registry key is set, the user cannot access the Configuration Panel (OEM partners specific).
  • Feature request: The VPN Configuration backup folder might not exist on some custom Windows environment. The VPN Configuration backup folder is customized (OEM partners specific).
  • Feature request: The Software Activation folder might not exist on some custom Windows environment. The Software Activation folder is customized (OEM partners specific).
  • Feature request: Exclusion of DHCP protocol from network filter to allow DHCP mechanism when network configuration forces everything in tunnel (
  • Feature request: Algorithms SHA2 is supported to sign with a CSP smart card.
  • Feature request: Remove "buy" button (OEM partners specific).
  • Feature: Korean is now embedded as a new language.
  • Feature: Ability to open the current User Certificate Store when selecting a Certificate in the configuration Panel, instead of the local machine Certificate Store.
  • Feature: Gemalto .NET with CSP middleware supported on Windows Vista & Seven.
  • Improvement: New order to move the focus from one field to another with the tab key in the Configuration Panel > IPsec Phase 2 tab.
  • Improvement: Do not display systray popup on Phase1/Phase2 renegotiation.
  • Improvement: Extended the size of SmartCard PIN code field to be able to enter longer PIN code.
  • Improvement: Ability to activate the software on Windows machine where system folders like MyDocuments or ProgramData might or might not be available.
  • Improvement: Ability to connect to Wifi hotspot with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask
  • Improvement: The "Lock Access to Config Panel" password popup doesn't have focus.
  • Improvement: VPN Configuration can be accessible in computer memory.
  • Improvement: IKE buffer overflow with Vendor ID.
  • Improvement: Minor cosmetic.
  • Bug fixing: VPN Client "Start Mode" should be "Manual" instead of "After Windows logon" in Windows Seven 64bit (some OEM partners only).
  • Bug fixing: The VPN Client cannot open a tunnel when using a Certificate with Unicode or UTF8 characters like Japanese characters.
  • Bug fixing: PKCS#11 middleware used instead of CSP middleware when SmartCardRoaming Option is set to either 2, 3, 4 or 5.
  • Bug fixing: No wrong PIN code popup when using Smart Card with CSP middleware.
  • Bug fixing: Alternate DNS/WINS are not applied if tunnel open when enabling "Auto open this tunnel on traffic detection".
  • Bug fixing: In Gina mode and "Open tunnel" with Alternate DNS/WINS, the DNS/WINS are applied to Local Interface instead of Virtual Interface.
  • Bug fixing: Packet fragmentation not properly performed when modifying MTU size (some values) on Windows XP.
  • Bug fixing: Software upgrade fails when using silent mode "/S".
  • Bug fixing: Impossible to open with certificate when user does not have admin right.
  • Bug fixing: VPN Client not responding after received Key renewal from router.
  • Bug fixing: No tunnel when using SHA2 algorithm and Windows Certificate Store.
  • Bug fixing: Another tunnel does not open properly after unplugging a smartcard with some smartcard models.
  • Bug fixing: Crash IKE in some network circumstances when coming out of sleep mode, or when tunnel fails to open on "Wrong Remote Address" followed by "Save" VPN Configuration.
  • Bug fixing: Remote Config feature creates logs in the wrong directory.
  • Bug fixing: Activation not properly working in some circumstances like multiple user levels on the same machine.
  • Bug fixing: Accept the Section ID in VPN Configuration file coming from the VPN Gateway when virtual IP address is set to
  • Bug fixing: Support VPN configuration coming from the VPN gateway containing "-" in the tunnel names.
  • Bug fixing: The feature VPN "Peer to Peer" might fail when there is a router with NAT-T in between, in some network configuration.
  • Bug fixing: VPN tunnel might not open when configured with a Certificate selected from the User Certificate Store.
  • Bug fixing: The VPN tunnel opens properly but no traffic goes through when using X-Auth based configuration and VPN Client address is
  • Bug fixing: VPN Client stops responding for a while after received Key Renewal from the VPN Router in some VPN Configuration circumstances.
  • Bug fixing: IP address renewal with DHCP server does not working properly with VPN Configuration forcing all traffic in the tunnel (i.e. subnet mask
  • Bug fixing: Import of VPN Configuration not working properly when the Certificate has a local ID type DER_ASN1_DN_ID containing a subject with chars like spaces and "/".
  • Bug fixing: "Phase2" > "Advanced" > "Alternate Server" > IP addresses cannot be reset to
  • Bug fixing: The VPN tunnel fails to open when using Mode-Config with some specific VPN Routers (OEM partners).
  • Bug fixing: Cannot create a VPN Configuration via the Configuration Panel (specific OEM partner customization).

Problèmes connus :
  • Several Certificates with same Subject added to the Windows Certificate Store might prevent a tunnel to open in some circumstances.
  • The VPN Client might be able to open tunnel under RDP sessions in some circumstances.
  • Windows might not recognize software signature when installing the software although signature is provided, Windows Vista only.

Documentation VPN Certifié

  TheGreenBow Brochure  All English PDF (1940 Kb)
  Fiche Produit Client VPN (EN/FR)  6.x English PDF (173 KB)
       Français PDF (173 Ko)
  Guide utilisateur du Client VPN IPsec Certifié  5.2 English PDF (2.4 MB)
       Français PDF (2,4 Mo)
  Guide de deploiement VPN  All Français PDF (575 KB)
       English PDF (572 Ko)
  Configuration des Gateways VPN  All English On-line
       Français On-line
  Listes des Tokens et Cartes à puce  All English On-line
       Français On-line
  Certificate Management Guide  All English PDF (983Kb)
  Outils de management  All English On-line
       Français On-line
Features/How to
  Serveur d'authentification  All English On-line
       Français On-line
  Mode USB  All English On-line
       Français On-line
  Partage de bureau a distance  All English On-line
       Français On-line
  Langues / Traduction  All English On-line
       Français On-line
  FAQ  All English On-line
       Français On-line
  Support en ligne  All English On-line
       Français On-line
Videos tutorials