Spanish EnglishGerman

bintec Secure IPSec Client

bintec Secure IPSec Client - for professional application

  • Support of Windows 10, 8.x and 7
  • IKEv1, IKEv2, IKE Config Mode, X-Auth, certificates (X.509)
  • Independent Licence De- and Reactivation
  • Easy installation with wizard / assistant
  • Support of IPSec over TCP, NCP Path Finder technology
  • Integrated WLAN configuration
  • 3G UMTS/4G LTE dialer with integrated budget manager

bintec Secure IPSec Client

The bintec Secure IPSec Client is a powerful IPSec software application for professional remote access VPN solutions. It enables secure remote access to company data for mobile employees and telecommuters.

Product description

The bintec Secure IPSec Client supports the Microsoft 32-bit and 64-bit Operating Systems Windows 10, Windows 8.x, Windows 7 and it enables secure remote access to company data. Based on IPSec standards and in combination with VPN Gateways of bintec elmeg GmbH the bintec Secure IPSec Client realizes secured tunnels for access to the central data network. The integrated Personal Firewall ensures the protection of the end user system.

A wizard leads through the installation and a configuration assistant helps to create a precise connection profile. Is the VPN connection established, the user applies to the applications in familiar manner, without thinking about security functions. Furthermore the graphical user interface informs about the current VPN tunnel connection status.

Featured with comprehensive security functions, the Secure IPSec Client is an ideal solution for home offices or mobile employees with a need for a secured remote access to delicate central company data.


The bintec Secure IPSec Client enables the use in any VPN environment. Thanks to its standard-compliant IPSec implementation, it allows communication with VPN gateways of various manufacturers and also supports all common operating systems. Additional features allow the implementation of a integrated remote access VPN solution.



IPv6-enabled dynamic personal firewall
Data encryption (Encryption)
Strong authentication and encryption methods
FIPS 140-2 certified
Multi-certificate support
Parameter locks
Automatic adjustment of firewall rules
Prevention of the misuse of dialer applications (0190 and 0900)
Integrated personal firewall


High ease of use through graphical user interface
Integrated support for 3G/4G hardware
Automatic media recognition
Automatic HotSpot detection
Seamless Roaming - VPN connection remains established even when changing media
Automatic connection to the corporate network
Consistently stable VPN connections
Support of IPSec over TCP, based on the NCP Path Finder technology

Activation, licensing, deactivation, update and installation Activation and licensing of the IPSec client


The license serial numbers of the bintec Secure IPSec Clients have eight digits and start with 22x. Even if you purchase several bintec IPSec Clients as a package, you will receive a separate license sheet and a separate serial number for each Client. When you activate an update, the bintec Secure IPSec Client always retains its original serial number. During the online activation, you will receive a new activation key, which then releases the additional features.
By default, activation is possible in the client immediately after installation via online. You can find how to activate your client in our short and compact activation instructions for online activation. If you would like to activate offline or cannot activate online, for example, because network traffic is restricted. You can find information about this activation variant in the instructions for offline activation.


Deactivating the license

The client licenses may only be activated and used on one system at a time. If a license is no longer used on the system, it can be deactivated and then reactivated on a new system (from client version 3.0).



Updates can be free of charge or with costs. Depending on whether the new software has new features or not. Updates are free if it is a new service release, e.g. 3.02 to 3.04. Updates are subject to a charge if a new software version (major release) is purchased, e.g. 3.0 to 3.1 or 4.x to 5.x.

New major releases up to version 3.1 were marked by changing the first decimal place, e.g. 3.0 to 3.1. As of version 4.x, major releases are marked by changing whole numbers, e.g. 4.x to 5.x.

An update allows a maximum of two jumps to the next or next but one major release. A major release is marked by a change of the digit before the dot (up to and including version 3.1) or the first digit after the dot (from version number 4.x upwards) in the version number.



New versions contain significant changes, performance or function enhancements and are subject to a charge, i.e. the client receives a new license key (LS) when updates are made.

Service Release

New service releases include bug fixes and "minor improvements".
Not subject to charge: no new license key (LS) required

Basically there is no obligation to update



FAQ's about the IPSec Client:
Here you can find all necessary tips and tricks for the IPSec Client

Discontinued bintec elmeg IPSec Client:
versions 1.3 2.0 2.1 2.2 2.3 3.0


Windows 10*: Client Version 3.0x or newer
Windows 8/8.1: Client version 2.3x or newer
Windows 7: Client version 2.2x or newer
Windows Vista Support up to and including Client Version 3.1x

Windows 10 compatibility:

bintec Secure IPSec Client 3.03 older than Windows 10, 32/64 bit version 1709
bintec Secure IPSec Client 3.13 up to Windows 10, 32/64 bit version 1809
bintec Secure IPSec Client 4.1 up to Windows 10, 32/64 bit version 1803
bintec Secure IPSec Client 5.0 up to Windows 10, 32/64 bit version 1909

IPSec Client licenses may only be activated and used on one system at a time. Customers have the ability to deactivate a license which is no longer being used on a particular system in order to activate it on a new system. (version 3.0 and higher)
Online & off-line activation
Activation can be carried out online (internet access from the respective PC is required) or off-line (internet access from a different PC is required).
Easy to use due to graphical user interface with build in installation wizard
WLAN Configuration
Integrated WLAN configuration
Integrated Dialer (RAS)
Integrated Dialer for ISDN, GSM, UMTS and LTE with build in budget manager
Client Monitor
Graphical User Interface for connection control and monitoring
System Logging
Easy diagnosis thanks to integrated advanced logging
Supported Operating Systems
Windows 10, Windows 8.x, Windows 8 (also TabletPC; no Windows RT 8.x), Windows 7, Windows Vista, Windows XP up to v 2.32 - all 32/64 Bit
Supported Languages
English, French, Spanish and German
Seamless Roaming
VPN connections remain intact even when the connection type changes (LAN/WLAN/mobile data)
IPSec RFC 2401-2409
IPSec Algorithms
AES (128,192, 256 Bit), 3DES (168 Bit), Blowfish (128-448) RSA (1024 or 2048)
IPSec Hashes
MD-5, SHA-1, SHA-256, SHA-384, SHA-512 and DH-Groups 1, 2, 5, 14-18
IKE Versions
IKEv1 and IKEv2 - with Pre Shared Keys and certificates (X.509)
IPSec IKE Config Mode
IKE Mode Config allows the dynamic assignment of client IP configuration (IP address, DNS and WINS servers)
IKE Protocol Extended Authentication for extended user authentication, necessary or OTP (One Time Password, inclusive Smart Cards and Token) solutions
IPSec Dead-Peer-Detection
Provides continues connection monitoring
Support of NAT Traversal (NAT-T) for connections over routers with activated NAT
IPSec Certificates (PKI)
Support of X.509 certificates
IPSec PKI Standards
Entrusts Smart Cards: PKCS#11, for Encryption Token TCOS 1.2 and 2.0, Smart Card Reader Interfaces CT-API and PC/SC, PKCS#12, CSP
IPSec Certificate Revocation List
EPRL - End-entity Public-Key Certificate Revocation List (CRL), CARL - Certification Authority Revocation List, (ARL), OCSP - Online Certificate Status Protocol
IPSec over TCP (NCP Path Finder)
IPSec Fallback to TCP, e.g. 443 (HTTPS), based at the NCP Path Finder technology, to overcome firewalls with activated IKE Port 500 filters
FIPS inside
The Client has a FIPS-compliant cryptographic algorithm (certified in accordance with FIPS 140-2). FIPS compliance is achieved when the following algorithms are used to establish and encrypt the IPSec connection:
FIPS Inside Algorithms
- Encryption algorithms: AES 128, 192, 256-bit or triple DES; - Hash algorithms: SHA1, SHA256, SHA384 or SHA512-bit - DH group: group 2 or higher
Media Type
LAN, WLAN, XDSL, ISDN, GSM, UMTS, LTE, inclusive automatic type of media detection
Query of the current IP address via a public DynDNS Server
Automatic Hotspot detection
Stateful Inspection Firewall
Stateful Inspection Firewall for IPv4 and IPv6, directional controlled packet filter with controlling of the connection state, application filtering
Friendly Net Detection
Automatic detection of unsecure and secure network and dependent of that an activation and deactivation of firewall rules
Password protection for profile management and configuration for avoid unauthorized access to configuration parameters.

Weiterführende Links

Request Info