Universal VPN Client Suite for Windows 32/64 bit

•  Compatible with VPN gateways (IPsec standard)
•  Import of third party configuration files
•  Integrated, dynamic personal firewall with IPv6 support
•  Fallback IPsec / HTTPS (VPN Path Finder Technology)
•  VPN Bypass
•  FIPS Inside
•  Strong authentication (eg. Certificate), Biometrics
•  Quality of Service Support
•  Multi Certificate Support
•  Budget Manager for cost control
•  Integrated support of 3G/4G hardware
•  Integration of all security and communication technologies for universal remote access
•  Free of charge 30 day full version

Security Features

The Entry Client supports all IPsec standards in accordance with RFC

Personal Firewall Stateful Packet Inspection;

IP-NAT (Network Address Translation);
Friendly Net Detection (FND) (Firewall rules are automatically adapted, if the connected
network is recognized because of its IP address area, or the NCP FND server's*);
Start FND dependent action;
Home Zone;
Secure hotspot logon;
Differentiated filter rules relative to: protocols, ports, applications and addresses, LAN
adapter protection;
IPv4 and IPv6 support

VPN Bypass

The VPN Bypass function allows the administrator to define applications which can
communicate over the Internet directly despite disabling split tunneling on the VPN
connection. It is also possible to define which domains or target addresses can bypass the VPN
tunnel.

Virtual Private Networking

IPsec (Layer 3 Tunneling), conform to RFC;
IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2);
Event log; communication only in the tunnel;
MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T);
IPsec tunnel mode

Encryption

Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits;
Dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS);
Hash algorithms: SHA-1, SHA-256, SHA-384, SHA-512, MD5, DH group 1,2,5,14-21, 25-30

FIPS Inside

The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard.
The embedded cryptographic module incorporating these algorithms has been validated as
conformant to FIPS 140-2 (certificate #1747). FIPS compatibility is always given if the
following algorithms are used for set up and encryption of the IPsec connection:

 DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
 Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
 Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES

Authentication Processes

IKE (Aggressive mode and Main Mode), Quick Mode;
XAUTH for extended user authentication;
IKE config mode for dynamic assignment of a virtual address from the internal address pool
(private IP);
PFS;
PAP, CHAP, MS CHAP V.2;
IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative
to switches and access points (Layer 2);
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended
authentication relative to switches and access points on the basis of certificates (Layer 2);
Support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi
Certificate Configurations;
Pre-shared secrets, one-time passwords, and challenge response systems;
RSA SecurID ready

Strong Authentication

Biometric Authentication (Windows 8.x or higher)
X.509 v.3 Standard;
PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems:
TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API;
PKCS#12 interface for private keys in soft certificates;
CSP for use of user certificates in Windows certificate store PIN policy;
PIN policy; administrative specification for PIN entry in any level of complexity;
Revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL),
CARL (Certification Authority Revocation List, formerly ARL), OCSP.

Networking Features

LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area
Network) and WWAN (Wireless Wide Area Network, Mobile Broadband from Windows 7)
support

Network Protocol

IPv4 / IPv6 Dual Stack

Dialers

NCP Internet Connector, Microsoft RAS Dialer (for ISP dial-in via dial-in script)

VPN Path Finder**

NCP Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible

Seamless Roaming**

f a communications medium error occurs, automatic switchover of VPN tunnel to another
Internet communication medium (LAN/WWAN/3G/4G) without altering IP address ensures
that applications communicating over VPN tunnel are not disturbed and application session
is not disconnected. (prerequisite: NCP Secure Enterprise VPN Server)

Additional Features

UDP encapsulation, WISPr-support, IPsec-Roaming, Wi-Fi roaming, import of the file formats:*.ini, *.pcf, *.wgx and *.spd, Multi Certificate Support

Transmission Media

Internet, LAN, WI-FI, GSM (inkl. HSCSD), GPRS, UMTS, LTE, HSDPA, PSTN

IP Address Allocation

DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing

Line Management

DPD with configurable time interval;
Short Hold Mode;
Wi-Fi roaming (handover);
channel bundling (dynamic in ISDN) with freely configurable threshold value;
timeout (controlled by time and charges);

APN of SIM Card

The APN (Access Point Name) defines the access point of a mobile data connection at a
provider. If the user changes provider, the system automatically takes APN data from the
corresponding SIM card and uses it in client configuration
budget manager (administration of connection time and/or –volume for GPRS/ 3G and Wi-Fi,
in case of GPRS/ 3G separated administration of roaming abroad)
public IP addresses through IP address query via DNS server

Data Compression

IPCOMP (lzs), deflate

Quality of Service

Prioritization of configured outgoing bandwidth in VPN tunnel.

Point-to-Point Protocols

PPP over ISDN, PPP over GSM, PPP over Ethernet;

Internet Society RFCs and Drafts

RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation),
IP security architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NATT), UDP encapsulation, IPCOMP, RFC 7427: IKEv2-Authentication (Padding-method)
LCP, IPCP, MLP, CCP, PAP, CHAP, ECP

Client Monitor Intuitive, Graphical User Interface

Multilingual (German, English, Spanish, French);
Client Info Center;
Configuration, connection management and monitoring, connection statistics, log-files (color
displayed, easy copy&paste-function);
Internet availability test;
Trace tool for error diagnosis;
Traffic light icon for display of connection status;
Integrated support of Mobile Connect Cards (PCMCIA, embedded);
The Client Monitor can be tailored to include your company name or support information;
Password protected configuration management and profile management, configuration
parameter lock;
Automatic check for newer software version

Operating System Support
The following Microsoft Operating Systems are supported with this release:

• Windows 11, 64 bit (up to and including version 21H2)
• Windows 10, 64 bit (up to and including version 21H2)

NCP Secure Entry macOS Client

The NCP Secure macOS Clients enable easy VPN access with just one click for:

• macOS 12 Monterey, macOS 11 Big Sur
  (Apple M1 Chip and Intel-CPU)

The NCP Secure Entry macOS Client is a component of NCP's Next Generation Network Access Technology. The IPsec standard forms the basis of highly secure data connections to VPN gateways of all well-known providers. The connection is set up via any network (including iPhone tethering via USB or Bluetooth). From anywhere in the world, mobile users can access a corporate network with their Mac. The NCP Secure Entry macOS Client is easy to install and to use. And the intuitive, graphical user interface shows all connection and security states before as well as during data connections.

NCP Secure Android Client 

NCP's Secure Clients for Android are available for mobile end-devices with the operation systems Android 4.4 and above. The clients are easy to use and provide highly secure Remote Access to the company network. The NCP Secure Android clients are also available with the NCP Volume License Server.

• Support of Widgets
• IKEv1 (Main Mode, Aggressive Mode), IKEv2 support
• IP address assignment via local IP address/manually or IKE config mode
• XAUTH on/off
• Split/full tunneling network access
• Pre-shared key
• PKCS#12 certificate support
• One-time-password support (OTP support)
• Auto reconnect mode - After starting the VPN connection the client will always try to reconnect after interruption of a Wi-Fi or cellular connection, until the connection is manually disconnected by the user.
• Configurable connection mode (always, manually)
• Profile import of .pcf, .wgx, .ini or .spd files
• NCP VPN Path Finder® Technology
• FIPS Inside

NCP Exclusive Entry Client for Juniper SRX/vSRX

The NCP Exclusive Entry Client (Windows) was developed for and exclusively connects to Juniper Networks® SRX Series Gateways. It was designed for smaller installations and single workplaces (SMB). Thereby it completes the NCP Exclusive Remote Access Solution for large installations (managed Exclusive Clients incl. Management System) but opposed to those clients, the NCP Exclusive Entry Client is an unmanaged standalone client.

The VPN Client Suite offers features such as the Personal Firewall, the patented NCP Path Finder Technology (which is also integrated in the SRX series), biometric authentication (e.g. fingerprint or facial recognition) as well as a new Credential Provider with hot spot logon. Due to perfect technical support on both sides, the NCP Client fits into the SRX Series Services Gateways without any problems.