Shrew Soft Vpn | Client Windows 11

Shrew Soft VPN Client is a legacy IPsec VPN solution that is not officially supported on Windows 11

Running in Compatibility Mode: Set the installer and the application to run in "Windows 7" compatibility mode. shrew soft vpn client windows 11

Example: Connecting to a pfSense IKEv1 VPN with PSK

Assume your VPN gateway details:

Shrew Soft VPN Client — Windows 11 Write-up

Summary

Shrew Soft VPN Client is a free IPsec VPN client for Windows that supports IKEv1/IKEv2 and site-to-site or remote-access connections to many VPN gateways. This write-up covers installation, configuration for a typical IKEv2 site-to-site or remote-access profile, troubleshooting, and security considerations on Windows 11. Shrew Soft VPN Client is a legacy IPsec

Step-by-Step Installation on Windows 11

Step 1: Disable Driver Signature Enforcement (Temporarily)

Because Shrew Soft’s kernel-mode drivers (vfilter.sys, ipsec.sys clone) are not Microsoft-signed for Windows 11, you must disable driver signature enforcement. Device Manager > Network adapters > Shrew Soft

: Installing Shrew Soft can sometimes disable WiFi or Ethernet entirely on newer hardware, particularly on AMD Ryzen-based systems. Security Vulnerabilities

  1. Device Manager > Network adapters > Shrew Soft VPN Adapter > Properties.
  2. Power Management tab → Uncheck "Allow the computer to turn off this device."
  3. Also, disable Hyper-V virtual switches: Control Panel > Programs > Turn Windows features on/off > Uncheck Hyper-V (if not needed), then reboot.

Wi-Fi Disconnection: A common bug where Wi-Fi stops working after installation. This is often fixed by unchecking Enable DNS or Obtain Topology Automatically in the VPN Site Configuration under the Policy tab.

Security Considerations

  • Prefer certificate-based authentication over PSK when possible.
  • Use strong algorithms (AES-256, SHA-256/384, modern DH groups).
  • Keep Windows and the VPN client updated.
  • Limit administrative access to VPN configuration.
  • Rotate PSKs periodically and protect private keys with strong passphrases.