Help Center/ Virtual Private Network/ Administrator Guide/ S2C Enterprise Edition VPN/ Interconnection with TheGreenBow VPN Client/ Policy-based Mode/ Configuration on TheGreenBow VPN Client
Updated on 2025-08-19 GMT+08:00
View PDF
Share

Configuration on TheGreenBow VPN Client

Prerequisites

  • TheGreenBow VPN Client has been installed on a Windows host.
  • A VPC and its subnets have been created.

Procedure

  1. Start TheGreenBow VPN Client on the Windows host.

    TheGreenBow VPN Client 6.6 is used as an example. The configuration pages may vary according to the client version. For details, see the product documentation of the corresponding version.

  2. Choose VPN Configuration > IKE V1, right-click the configuration examples tgbtestIPV4 and tgbtestIPV6, and choose Delete from the shortcut menu.
  3. Create a VPN gateway.

    Choose VPN Configuration > IKE V2, right-click IKE V2, and choose New IKE AUTH from the shortcut menu.

  4. Configure IKE phase 1.

    Choose VPN Configuration > IKE V2 > Ikev2Gateway, and enter the required information.

    Table 1 describes the key parameters. For other parameters, use their default settings.
    Table 1 Parameter description

    Tab Page

    Parameter

    Description

    Value

    Authentication

    Interface

    Select the public IP address of TheGreenBow VPN Client.

    1.1.1.1

    Remote Gateway

    Select the active EIP of the Huawei Cloud VPN gateway, which is used to communicate with TheGreenBow VPN Client.

    1.1.1.2

    Preshared Key

    Select Preshared Key.

    The value must be the same as the PSK configured in Table 3.

    Test@123

    Encryption

    The settings must be the same as those of the IKE policy configured in Table 3.
    • Encryption: AES CBC 256
    • Authentication: SHA2-256
    • Key Group: DH15 (MODP 3072)

    Authentication

    Key Group

    Protocol

    Local ID

    Select IPV4 Address, and enter the public IP address of TheGreenBow VPN Client.

    The value must be the same as the customer ID configured in Table 2.

    1.1.1.1

    Remote ID

    Select IPV4 address, and enter the active EIP of the Huawei Cloud VPN gateway.

    The value must be the same as the local ID configured in Table 3.

    1.1.1.2

    Gateway

    Redundant Gateway

    Leave this parameter blank when TheGreenBow VPN Client has a single IP address.

    Leave this parameter blank.

  5. Create a VPN connection.

    Choose VPN Configuration > IKE V2 > Ikev2Gateway, right-click Ikev2Gateway, and choose New Child SA from the shortcut menu.

  6. Configure IPsec phase 2.

    Choose VPN Configuration > IKE V2 > Ikev2Gateway > Ikev2Tunnel, deselect Request configuration from the gateway, and enter related information as prompted.

    Table 2 describes the key parameters. For other parameters, use their default settings.

    Table 2 Parameter description

    Tab Page

    Parameter

    Description

    Value

    Child SA

    VPN Client address

    Enter the private IP address of TheGreenBow VPN Client.

    172.16.1.1

    Address type

    Select Subnet address.

    Subnet address

    Remote LAN address

    CIDR block of the Huawei Cloud VPC.

    192.168.0.0

    Subnet mask

    255.255.0.0

    Encryption

    The settings must be the same as those of the IPsec policy configured in Table 3.
    • Encryption: AES CBC 256
    • Integrity: SHA2-256
    • Diffie-Hellman: DH15 (MODP 3072)
    • Child SA Lifetime: 3600 sec

    Integrity

    Diffie-Hellman

    Child SA Lifetime

    Automation

    Automatic Open mode

    -
    • Select Automatically open this tunnel when VPN Client starts after logon.
    • Select Automatically open this tunnel on traffic detection.

  7. Choose Configuration from the menu bar in the upper left corner, and then click Save.
Parent topic: Policy-based Mode