I can confirm it's working on linux-lts as well. They merged the change in 5.15.47, latest in arch is 5.15.48 :)
Search Criteria
Package Details: ike 2.2.1-9
Package Actions
| Git Clone URL: | https://aur.archlinux.org/ike.git (read-only, click to copy) |
|---|---|
| Package Base: | ike |
| Description: | Shrew Soft VPN client for Linux |
| Upstream URL: | http://www.shrew.net |
| Licenses: | BSD |
| Submitter: | tmhedberg |
| Maintainer: | rockybulwinkle |
| Last Packager: | rockybulwinkle |
| Votes: | 27 |
| Popularity: | 0.000000 |
| First Submitted: | 2011-12-06 17:01 (UTC) |
| Last Updated: | 2024-07-26 16:26 (UTC) |
Dependencies (5)
- libedit
- ncurses (ncurses-gitAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- cmake (cmake-gitAUR) (make)
- openldap (optional)
Required by (2)
Sources (7)
rockybulwinkle commented on 2022-06-18 16:48 (UTC)
manuelino commented on 2022-06-18 08:40 (UTC) (edited on 2022-06-18 08:40 (UTC) by manuelino)
It looks like the fix has been merged into 5.18.4. I can confirm that kernel 5.18.5 from Arch works correctly with iked.
rockybulwinkle commented on 2022-06-10 17:34 (UTC)
Thanks @manuelino for the info. I gave a half-hearted attempted at building a kernel with the patch, but ran into issues. It's good to see a fix is coming upstream in any case.
Ultimately what I've decided to do, personally, is revert back to package versions on May 25th, just before the problematic kernel came out (Server=https://archive.archlinux.org/repos/2022/05/25/$repo/os/$arch). I did a pacman -Syyuu with the old mirror to roll back my package versions. Then I configured my pacman to ignore linux-lts, linux-lts headers, and other packages that depend on a kernel version like nvidia drivers, and updated the system again.
Side note and heads up, I may disown this package soon if I can get a more modern VPN solution working at work. I only picked it up because no one else had, I still used it, and the AUR version was broken. As soon as I have a VPN at work that doesn't need shrewsoft, I am dropping this.
manuelino commented on 2022-06-10 17:04 (UTC) (edited on 2022-06-10 17:06 (UTC) by manuelino)
I did some investigations and found a workaround, albeit invasive (kernel patch & rebuild).
The error recv X_SPDADD message failure ( errno = 3 ) is caused by a commit introduced in Linux 5.18 and backported to LTS 5.15.42 (https://github.com/torvalds/linux/commit/4dc2a5a8f6754492180741facf2a8787f2c415d7). It has been reverted in mainline (https://github.com/torvalds/linux/commit/9c90c9b3e50e16d03c7f87d63e9db373974781e0) so things should be back to normal when 5.19 is out. Meanwhile, Arch kernels don't have the reverted commit, so iked is not working.
So I simply took the latest build files for the linux package (5.18.3) from asp and modified it to apply the reverting patch. Then compiled it.
With this kernel, the VPN client started working again. Of course, this means that for any 5.18.x kernel release we'll have to rebuild the kernel, but since I must use this client for a customer's VPN (vpnc does not work as it does not implement some message the server sends and cuts me out every 60 minutes) this is preferable anyway.
Below there's the base64 of a tgz file containing two patch files: place pfkey.patch alongside PKGBUILD, and apply PKGBUILD.patch to PKGBUILD.
H4sIAAAAAAAAA+2VfU/jRhCH+Rd/itHdSSHkbf1uQ2lJQrhD5AARkK6qKmvtXSdWEjvatcPLp+/Y
JhzcoVatDiq1+1har2d3Z8az659X8ZzfdVc0j2ZbrwVBXNct77prk+pZt6zqXnUdd0u3DJtYpmU7
5hbRDby2gLxaRk8oZE4FwNaSpsWfz+NCvkVCbwtL4hg6nWmSA+2lPO/hcejROChPRQThdyYtSRm/
BdP0mW+zWPeZ2e0y3wwZd2zXtH3QCXEsS+t0Oi941Fqt1kteDw+hY3iG09YJtOqOAWjEzcmTCJI0
h1V5UoOVyCIu5Y7MRRHlILNoDrty3oaNYR6EBb4S2sI2RFkq88chykINttdZwmCX3+bBjAn526R/
NAhGX66Cz/0vv+/jeBmLC4FdrbONHTh4CB2KjLKIynwHfQfRIkv5ThXl4/FFcDq6PBuNm08f2rh+
exsqBpfn/aNhf3IVXFyefz6ZDIPzs/GvbTi7Ho/b1VsEWBN012zu47Ikhh0M3Sw9CJ4XIq1Tam33
duEsSzv3XGTwMLKmi4JDFn+XZhNYxiWkGe7t4obeSZDJNKULdAO7QCufmcAOA77mKWRpaaRRXtDF
w9gNhyW9wwomiwXcUCxNnsHDHtRu8hlOwSc65fgeICgaBGCcTPBq8GmW3WpND9t/WtIWlvRvFRNw
S5d8KdGw2fM2EJyW3PMsfrRVUzfbTYXkAY6UA3U+2GvD49x97d/+bH8YF6cfB9cn46PX/AX8pf4T
q9Z/x7UIqfXfcZT+vwXP9B91Mp33NkcCdfq54UH7Pd2z/Yh0u5yGjh47zxX/myW13n9jLNVe99oO
tLB1S50PpIhSuuQHVESzRZIWt52q1fBzLkTED3Y0VNF3Hzbz9vYw49Ysz1dyr9fD/qwIu1G27D2u
71XtL6XicfY+p9ODajF23pWu8M8QJ1PY8L7WMZqkMOci5YvNhDhZcK0FtbbWH4kGTa2Us4Stpiu0
yjq5Rn/QP9b1oWP3Dd8lA90k/cHIHFquj7eRZRJi6brnOY0y3Bizk3CVCXTEZP3/c7AWLcOtK/JC
gKE7cj3LtxzneGSYtmda2Him6xq255rWwNKHpm5bfhXgiK7xP3dZpKjLP7H1vVgfPtamm4npz9Vr
yBk1bEcWS4zRmJyeXDS0Djyh4cdWzKjpxXpk+7FLDUJdh8ex5VEShSYxopBwj9t2yKht8ojEukdc
rhMWMcpM2miW1fuRDqHOs1kqO79dZSKH0+pYBXX76Xxy9fUYvTznejK6PPiwmk9DKvl/R8wVCoVC
oVAoFAqFQqFQKBQKhUKhUCgUCsX/mj8Ap9oJtQAoAAA=
Cos4 commented on 2022-06-10 08:02 (UTC) (edited on 2022-06-10 08:03 (UTC) by Cos4)
I built the package and can connect to the VPN but can't access the network behind the VPN. I tried in a Windows VM it works fine. The iked service looks a bit weird (why exited when the process in running)
#systemctl status iked
iked.service - Shrew VPN client
Loaded: loaded (/usr/lib/systemd/system/iked.service; disabled; vendor preset: disabled)
Active: active (exited) since Fri 2022-06-10 09:39:48 CEST; 22s ago
Process: 10303 ExecStart=/usr/bin/iked (code=exited, status=0/SUCCESS)
Main PID: 10303 (code=exited, status=0/SUCCESS)
Tasks: 4 (limit: 38174)
Memory: 3.5M
CPU: 15ms
CGroup: /system.slice/iked.service
└─10305 /usr/bin/iked
$ikec -r ...
...
ii : bringing up tunnel ...
>> : network device configured
ii : tunnel enabled
$ip route
default via 192.168.0.254 dev tap0 proto static
192.168.0.0/24 dev tap0 proto kernel scope link src 192.168.0.254
...
But the ping fails with Destination Host Unreachable.
Thats the errors from iked.log but I didn't find any good info if that's related or how to fix it.
!! : peer violates RFC, transform number mismatch ( 1 != 2 )
!! : invalid private netmask, defaulting to 255.255.255.0
K! : recv X_SPDADD message failure ( errno = 3 )
!! : config packet ignored ( config already mature )
Anybody with any similar problems or any ideas?
blacksheepccd commented on 2022-06-01 06:20 (UTC)
error 'session terminated by gateway' occurred about 20 seconds after getting connected. I also installed it on windows10 which works fine. Now I switched to vpnc software as a replacement,it's fine for me.
rockybulwinkle commented on 2022-05-31 17:06 (UTC)
I run my system on the linux-lts kernel. It appears that the upgrade from 5.15.41->5.15.43 is what breaks the VPN. Still looking into this, though hoping it gets smoothed over in a future kernel update...
rockybulwinkle commented on 2022-05-31 16:34 (UTC)
Some recent package has broken the VPN. The build succeeds, it connects to the VPN, gets an IP, but no traffic can go through. Is anyone else experienced this and found a workaround? I'm trying downgrading my packages to narrow down which package broke it.
Parkotron commented on 2022-04-18 12:28 (UTC)
@rockybulwinkle Thanks.
One small thing: This fails to build if the CMAKE_GENERATOR environment variable is set to anything other than Unix Makefiles. Since the PKGBUILD is explicitly calling make, it should probably be explicitly setting -G 'Unix Makefiles'. (Or alternatively, it could call cmake --build instead of make, I guess.)
shadowlest commented on 2022-04-14 17:35 (UTC) (edited on 2022-04-14 17:42 (UTC) by shadowlest)
@rockybulwinkle @figue yes I checked and all prerequisites are installed, I tried to recompile but it remains the same. I did a test on another system that uses the old Shrew and saw the various routes that the VPN closes when connecting and using ikec these routes are not being established.
Unfortunately we don't have a debug option right? I tested with root to see if it could be permission but it also gave the same thing.
[fhoenix@fhoenix-virtualbox ~]$ sudo iked
[sudo] senha para fhoenix:
ii : created ike socket 0.0.0.0:500
ii : created natt socket 0.0.0.0:4500
## : IKE Daemon, ver 2.2.1
## : Copyright 2013 Shrew Soft Inc.
## : This product linked OpenSSL 1.1.1n 15 Mar 2022
[fhoenix@fhoenix-virtualbox ~]$ ikec -r PPWSP3 -u ****** -p ****** -a
ii : ## : VPN Connect, ver 2.2.1
## : Copyright 2013 Shrew Soft Inc.
## : press the <h> key for help
>> : config loaded for site 'PPWSP3'
>> : attached to key daemon ...
>> : peer configured
>> : iskamp proposal configured
>> : esp proposal configured
>> : client configured
>> : local id configured
>> : remote id configured
>> : pre-shared key configured
ii : bringing up tunnel ...
>> : network device configured
ii : tunnel enabled
Pinned Comments
rockybulwinkle commented on 2020-12-20 18:30 (UTC)
I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.
figue commented on 2019-02-15 20:17 (UTC) (edited on 2019-02-15 20:18 (UTC) by figue)
Ok, shrew-vpn-client updated. Please install that package to have QT GUI.
I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.
For the people that already have a profile, you can bring it up in commandline:
or use the GUI :P
timsat commented on 2019-02-14 20:01 (UTC) (edited on 2019-02-15 19:38 (UTC) by timsat)
ike updated to 2.2.1-5
Any feedback would be appreciated, thanks!