bintec Secure IPSec Client
The bintec Secure IPSec Client is a powerful IPSec software application for professional remote access VPN solutions. It enables secure remote access to company data for mobile employees and telecommuters.
The bintec Secure IPSec Client supports the Microsoft 32-bit and 64-bit Operating Systems Windows 10, Windows 8.x, Windows 7 and it enables secure remote access to company data. Based on IPSec standards and in combination with VPN Gateways of bintec elmeg GmbH the bintec Secure IPSec Client realizes secured tunnels for access to the central data network. The integrated Personal Firewall ensures the protection of the end user system.
A wizard leads through the installation and a configuration assistant helps to create a precise connection profile. Is the VPN connection established, the user applies to the applications in familiar manner, without thinking about security functions. Furthermore the graphical user interface informs about the current VPN tunnel connection status.
Featured with comprehensive security functions, the Secure IPSec Client is an ideal solution for home offices or mobile employees with a need for a secured remote access to delicate central company data.
The bintec Secure IPSec Client enables the use in any VPN environment. Thanks to its standard-compliant IPSec implementation, it allows communication with VPN gateways of various manufacturers and also supports all common operating systems. Additional features allow the implementation of a integrated remote access VPN solution.
IPv6-enabled dynamic personal firewall
Data encryption (Encryption)
Strong authentication and encryption methods
FIPS 140-2 certified
Automatic adjustment of firewall rules
Prevention of the misuse of dialer applications (0190 and 0900)
Integrated personal firewall
High ease of use through graphical user interface
Integrated support for 3G/4G hardware
Automatic media recognition
Automatic HotSpot detection
Seamless Roaming - VPN connection remains established even when changing media
Automatic connection to the corporate network
Consistently stable VPN connections
Support of IPSec over TCP, based on the NCP Path Finder technology
Activation, licensing, deactivation, update and installation Activation and licensing of the IPSec client
The license serial numbers of the bintec Secure IPSec Clients have eight digits and start with 22x. Even if you purchase several bintec IPSec Clients as a package, you will receive a separate license sheet and a separate serial number for each Client. When you activate an update, the bintec Secure IPSec Client always retains its original serial number. During the online activation, you will receive a new activation key, which then releases the additional features.
By default, activation is possible in the client immediately after installation via online. You can find how to activate your client in our short and compact activation instructions for online activation. If you would like to activate offline or cannot activate online, for example, because network traffic is restricted. You can find information about this activation variant in the instructions for offline activation.
Deactivating the license
The client licenses may only be activated and used on one system at a time. If a license is no longer used on the system, it can be deactivated and then reactivated on a new system (from client version 3.0).
Updates can be free of charge or with costs. Depending on whether the new software has new features or not. Updates are free if it is a new service release, e.g. 3.02 to 3.04. Updates are subject to a charge if a new software version (major release) is purchased, e.g. 3.0 to 3.1 or 4.x to 5.x.
New major releases up to version 3.1 were marked by changing the first decimal place, e.g. 3.0 to 3.1. As of version 4.x, major releases are marked by changing whole numbers, e.g. 4.x to 5.x.
An update allows a maximum of two jumps to the next or next but one major release. A major release is marked by a change of the digit before the dot (up to and including version 3.1) or the first digit after the dot (from version number 4.x upwards) in the version number.
New versions contain significant changes, performance or function enhancements and are subject to a charge, i.e. the client receives a new license key (LS) when updates are made.
New service releases include bug fixes and "minor improvements".
Not subject to charge: no new license key (LS) required
Basically there is no obligation to update
FAQ's about the IPSec Client:
Here you can find all necessary tips and tricks for the IPSec Client knowledgebase.bintec-elmeg.com/kb/software-be-sdx/ipsec-client/
Discontinued bintec elmeg IPSec Client:
versions 1.3 2.0 2.1 2.2 2.3 3.0
Windows 10*: Client Version 3.0x or newer
Windows 8/8.1: Client version 2.3x or newer
Windows 7: Client version 2.2x or newer
Windows Vista Support up to and including Client Version 3.1x
Windows 10 compatibility:
bintec Secure IPSec Client 3.03 older than Windows 10, 32/64 bit version 1709
bintec Secure IPSec Client 3.13 up to Windows 10, 32/64 bit version 1809
bintec Secure IPSec Client 4.1 up to Windows 10, 32/64 bit version 1803
bintec Secure IPSec Client 5.0 up to Windows 10, 32/64 bit version 1909
Administration / ManagementDeactivation
IPSec Client licenses may only be activated and used on one system at a time. Customers have the ability to deactivate a license which is no longer being used on a particular system in order to activate it on a new system. (version 3.0 and higher)
Online & off-line activation
Activation can be carried out online (internet access from the respective PC is required) or off-line (internet access from a different PC is required).
Easy to use due to graphical user interface with build in installation wizard
Integrated WLAN configuration
Integrated Dialer (RAS)
Integrated Dialer for ISDN, GSM, UMTS and LTE with build in budget manager
Graphical User Interface for connection control and monitoring
Easy diagnosis thanks to integrated advanced logging
Operating System / LanguagesSupported Operating Systems
Windows 10, Windows 8.x, Windows 8 (also TabletPC; no Windows RT 8.x), Windows 7, Windows Vista, Windows XP up to v 2.32 - all 32/64 Bit
English, French, Spanish and German
IPSec FeaturesSeamless Roaming
VPN connections remain intact even when the connection type changes (LAN/WLAN/mobile data)
IPSec RFC 2401-2409
AES (128,192, 256 Bit), 3DES (168 Bit), Blowfish (128-448) RSA (1024 or 2048)
MD-5, SHA-1, SHA-256, SHA-384, SHA-512 and DH-Groups 1, 2, 5, 14-18
IKEv1 and IKEv2 - with Pre Shared Keys and certificates (X.509)
IPSec IKE Config Mode
IKE Mode Config allows the dynamic assignment of client IP configuration (IP address, DNS and WINS servers)
IPSec IKE XAUTH
IKE Protocol Extended Authentication for extended user authentication, necessary or OTP (One Time Password, inclusive Smart Cards and Token) solutions
Provides continues connection monitoring
Support of NAT Traversal (NAT-T) for connections over routers with activated NAT
IPSec Certificates (PKI)
Support of X.509 certificates
IPSec PKI Standards
Entrusts Smart Cards: PKCS#11, for Encryption Token TCOS 1.2 and 2.0, Smart Card Reader Interfaces CT-API and PC/SC, PKCS#12, CSP
IPSec Certificate Revocation List
EPRL - End-entity Public-Key Certificate Revocation List (CRL), CARL - Certification Authority Revocation List, (ARL), OCSP - Online Certificate Status Protocol
IPSec over TCP (NCP Path Finder)
IPSec Fallback to TCP, e.g. 443 (HTTPS), based at the NCP Path Finder technology, to overcome firewalls with activated IKE Port 500 filters
The Client has a FIPS-compliant cryptographic algorithm (certified in accordance with FIPS 140-2). FIPS compliance is achieved when the following algorithms are used to establish and encrypt the IPSec connection:
FIPS Inside Algorithms
- Encryption algorithms: AES 128, 192, 256-bit or triple DES; - Hash algorithms: SHA1, SHA256, SHA384 or SHA512-bit - DH group: group 2 or higher
LAN, WLAN, XDSL, ISDN, GSM, UMTS, LTE, inclusive automatic type of media detection
Query of the current IP address via a public DynDNS Server
Automatic Hotspot detection
SecurityStateful Inspection Firewall
Stateful Inspection Firewall for IPv4 and IPv6, directional controlled packet filter with controlling of the connection state, application filtering
Friendly Net Detection
Automatic detection of unsecure and secure network and dependent of that an activation and deactivation of firewall rules
Password protection for profile management and configuration for avoid unauthorized access to configuration parameters.