| Git Clone URL: | https://aur.archlinux.org/ike.git (read-only, click to copy) |
|---|---|
| Package Base: | ike |
| Description: | Shrew Soft VPN client for Linux |
| Upstream URL: | http://www.shrew.net |
| Licenses: | BSD |
| Submitter: | tmhedberg |
| Maintainer: | rockybulwinkle |
| Last Packager: | rockybulwinkle |
| Votes: | 27 |
| Popularity: | 0.000000 |
| First Submitted: | 2011-12-06 17:01 (UTC) |
| Last Updated: | 2025-04-17 14:10 (UTC) |
Hello. Am I the only one who is experiencing issues with ikec/iked and openssl?
After today's upgrade, the VPN would no longer start until I installed openssl-1.1 alongside regular openssl.
Recompilation also seems to fail, since openssl-1.1 headers and libraries are not found where the build systems looks, and the latest openssl probably introduces some incompatible changes.
@jvybihal it should be correct now. Thanks for pointing out the discrepancy!
The .SRCINFO has pkgrel = 5, PKGBUILD is pkgrel=6. Can this be please corrected?
I can confirm it's working on linux-lts as well. They merged the change in 5.15.47, latest in arch is 5.15.48 :)
It looks like the fix has been merged into 5.18.4. I can confirm that kernel 5.18.5 from Arch works correctly with iked.
Thanks @manuelino for the info. I gave a half-hearted attempted at building a kernel with the patch, but ran into issues. It's good to see a fix is coming upstream in any case.
Ultimately what I've decided to do, personally, is revert back to package versions on May 25th, just before the problematic kernel came out (Server=https://archive.archlinux.org/repos/2022/05/25/$repo/os/$arch). I did a pacman -Syyuu with the old mirror to roll back my package versions. Then I configured my pacman to ignore linux-lts, linux-lts headers, and other packages that depend on a kernel version like nvidia drivers, and updated the system again.
Side note and heads up, I may disown this package soon if I can get a more modern VPN solution working at work. I only picked it up because no one else had, I still used it, and the AUR version was broken. As soon as I have a VPN at work that doesn't need shrewsoft, I am dropping this.
I did some investigations and found a workaround, albeit invasive (kernel patch & rebuild).
The error recv X_SPDADD message failure ( errno = 3 ) is caused by a commit introduced in Linux 5.18 and backported to LTS 5.15.42 (https://github.com/torvalds/linux/commit/4dc2a5a8f6754492180741facf2a8787f2c415d7). It has been reverted in mainline (https://github.com/torvalds/linux/commit/9c90c9b3e50e16d03c7f87d63e9db373974781e0) so things should be back to normal when 5.19 is out. Meanwhile, Arch kernels don't have the reverted commit, so iked is not working.
So I simply took the latest build files for the linux package (5.18.3) from asp and modified it to apply the reverting patch. Then compiled it.
With this kernel, the VPN client started working again. Of course, this means that for any 5.18.x kernel release we'll have to rebuild the kernel, but since I must use this client for a customer's VPN (vpnc does not work as it does not implement some message the server sends and cuts me out every 60 minutes) this is preferable anyway.
Below there's the base64 of a tgz file containing two patch files: place pfkey.patch alongside PKGBUILD, and apply PKGBUILD.patch to PKGBUILD.
H4sIAAAAAAAAA+2VfU/jRhCH+Rd/itHdSSHkbf1uQ2lJQrhD5AARkK6qKmvtXSdWEjvatcPLp+/Y
JhzcoVatDiq1+1har2d3Z8az659X8ZzfdVc0j2ZbrwVBXNct77prk+pZt6zqXnUdd0u3DJtYpmU7
5hbRDby2gLxaRk8oZE4FwNaSpsWfz+NCvkVCbwtL4hg6nWmSA+2lPO/hcejROChPRQThdyYtSRm/
BdP0mW+zWPeZ2e0y3wwZd2zXtH3QCXEsS+t0Oi941Fqt1kteDw+hY3iG09YJtOqOAWjEzcmTCJI0
h1V5UoOVyCIu5Y7MRRHlILNoDrty3oaNYR6EBb4S2sI2RFkq88chykINttdZwmCX3+bBjAn526R/
NAhGX66Cz/0vv+/jeBmLC4FdrbONHTh4CB2KjLKIynwHfQfRIkv5ThXl4/FFcDq6PBuNm08f2rh+
exsqBpfn/aNhf3IVXFyefz6ZDIPzs/GvbTi7Ho/b1VsEWBN012zu47Ikhh0M3Sw9CJ4XIq1Tam33
duEsSzv3XGTwMLKmi4JDFn+XZhNYxiWkGe7t4obeSZDJNKULdAO7QCufmcAOA77mKWRpaaRRXtDF
w9gNhyW9wwomiwXcUCxNnsHDHtRu8hlOwSc65fgeICgaBGCcTPBq8GmW3WpND9t/WtIWlvRvFRNw
S5d8KdGw2fM2EJyW3PMsfrRVUzfbTYXkAY6UA3U+2GvD49x97d/+bH8YF6cfB9cn46PX/AX8pf4T
q9Z/x7UIqfXfcZT+vwXP9B91Mp33NkcCdfq54UH7Pd2z/Yh0u5yGjh47zxX/myW13n9jLNVe99oO
tLB1S50PpIhSuuQHVESzRZIWt52q1fBzLkTED3Y0VNF3Hzbz9vYw49Ysz1dyr9fD/qwIu1G27D2u
71XtL6XicfY+p9ODajF23pWu8M8QJ1PY8L7WMZqkMOci5YvNhDhZcK0FtbbWH4kGTa2Us4Stpiu0
yjq5Rn/QP9b1oWP3Dd8lA90k/cHIHFquj7eRZRJi6brnOY0y3Bizk3CVCXTEZP3/c7AWLcOtK/JC
gKE7cj3LtxzneGSYtmda2Him6xq255rWwNKHpm5bfhXgiK7xP3dZpKjLP7H1vVgfPtamm4npz9Vr
yBk1bEcWS4zRmJyeXDS0Djyh4cdWzKjpxXpk+7FLDUJdh8ex5VEShSYxopBwj9t2yKht8ojEukdc
rhMWMcpM2miW1fuRDqHOs1kqO79dZSKH0+pYBXX76Xxy9fUYvTznejK6PPiwmk9DKvl/R8wVCoVC
oVAoFAqFQqFQKBQKhUKhUCgUCsX/mj8Ap9oJtQAoAAA=
I built the package and can connect to the VPN but can't access the network behind the VPN. I tried in a Windows VM it works fine. The iked service looks a bit weird (why exited when the process in running)
#systemctl status iked
iked.service - Shrew VPN client
Loaded: loaded (/usr/lib/systemd/system/iked.service; disabled; vendor preset: disabled)
Active: active (exited) since Fri 2022-06-10 09:39:48 CEST; 22s ago
Process: 10303 ExecStart=/usr/bin/iked (code=exited, status=0/SUCCESS)
Main PID: 10303 (code=exited, status=0/SUCCESS)
Tasks: 4 (limit: 38174)
Memory: 3.5M
CPU: 15ms
CGroup: /system.slice/iked.service
└─10305 /usr/bin/iked
$ikec -r ...
...
ii : bringing up tunnel ...
>> : network device configured
ii : tunnel enabled
$ip route
default via 192.168.0.254 dev tap0 proto static
192.168.0.0/24 dev tap0 proto kernel scope link src 192.168.0.254
...
But the ping fails with Destination Host Unreachable.
Thats the errors from iked.log but I didn't find any good info if that's related or how to fix it.
!! : peer violates RFC, transform number mismatch ( 1 != 2 )
!! : invalid private netmask, defaulting to 255.255.255.0
K! : recv X_SPDADD message failure ( errno = 3 )
!! : config packet ignored ( config already mature )
Anybody with any similar problems or any ideas?
error 'session terminated by gateway' occurred about 20 seconds after getting connected. I also installed it on windows10 which works fine. Now I switched to vpnc software as a replacement,it's fine for me.
I run my system on the linux-lts kernel. It appears that the upgrade from 5.15.41->5.15.43 is what breaks the VPN. Still looking into this, though hoping it gets smoothed over in a future kernel update...
Pinned Comments
rockybulwinkle commented on 2020-12-20 18:30 (UTC)
I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.
figue commented on 2019-02-15 20:17 (UTC) (edited on 2019-02-15 20:18 (UTC) by figue)
Ok, shrew-vpn-client updated. Please install that package to have QT GUI.
I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.
For the people that already have a profile, you can bring it up in commandline:
or use the GUI :P
timsat commented on 2019-02-14 20:01 (UTC) (edited on 2019-02-15 19:38 (UTC) by timsat)
ike updated to 2.2.1-5
Any feedback would be appreciated, thanks!