Results 1 to 8 of 8

Thread: Shrew VPN Client for openSUSE 11.x

  1. #1
    Join Date
    Jun 2008
    Location
    The Netherlands
    Posts
    45

    Default Shrew VPN Client for openSUSE 11.x

    I've been trying to install the Shrew VPN client from source for quite some time now until I found that it's available as a package for openSUSE.

    This what I did to make it work and want to share it with you so everyone can use the Shrew VPN software without compiling etc.

    I'll try to be as detailed as I can. Ok here goes:

    Install Shrew
    If you want your plan to come together you must:
    Add a Additional software repositoy.
    Install Shrew (IKE)
    Create init.d start & stop scripts (optional)
    Create a launcher on your desktop (optional)

    Add a Repository

    StartYast2
    Go to:Software
    Click on Software Reposities
    Clik on ADD.
    Choose Specify URL and click next
    Name the repo. E.g : security
    The URL is: http://download.opensuse.org/reposit...openSUSE_11.x/
    Clik on Next.
    Read the GNUPG key message . If you agree click Import. (if you dont get this message just go ahead)
    Next click on OK and close the Repository management.

    Install Shrew

    Start Yast2
    Go to: Software
    Choose Software Management
    Use the filter Luke and search for ike
    From the available list of packages select ike
    Clik op Apply and wait for completion
    Close Yast2.



    Init script
    To make use of the Shrew VPN client the IKE deamon must be started by root. You can do this manually or you can make an INIT script to start if for you on the next boot:
    To run at manually run the following command as root

    /usr/sbin/iked

    To create a init script copy to content of the script below and save it to /etc/init.d/ike

    This is script source:
    Code:

    Code:
    #! /bin/sh
    
    # Copyright (c) 2011 Harald van Bree
    # All rights reserved.
    #
    # Author: Harald van Bree, 2011
    #
    # /etc/init.d/iked
    #   and its symbolic link
    # /usr/sbin/iked
    
    ### BEGIN INIT INFO
    # Provides:          iked
    # Required-Start:    $network $local_fs
    # Required-Stop:
    # Default-Start:     3 5
    # Default-Stop:      0 1 2 6
    # Short-Description: ike - The Shrew Soft VPN Client
    # Description:  The Shrew Soft VPN Client for Unix is a free IPsec Client for FreeBSD, NetBSD and Linux based operating systems.
    #                It was originally developed to provide secure communications between mobile Windows hosts and open source VPN
    #                gateways that utilize standards compliant software such  as ipsec-tools, OpenSWAN, FreeSWAN, StrongSWAN, isakmpd.
    #                It now offers many of the advanced features only found in expensive commercial software solutions and provides
    #                compatibility for VPN appliances produced by vendors such as Cisco, Juniper, Checkpoint, Fortinet, Netgear,
    #                Linksys, Zywall and many others. It supports most of the features availalble in the Windows VPN Client version
    #                with the exception of those which are not cross platform compatible.
    ### END INIT INFO
    
    # Check for missing binaries
    IKED_BIN=/usr/sbin/iked
    test -x $IKED_BIN || { echo "$IKED_BIN not installed";
    if [ "$1" = "stop" ]; then exit 0;
    else exit 5; fi; }
    
    # Check for existence of needed config file and read it
    #BAR_CONFIG=/etc/bar.cfg
    #test -r $BAR_CONFIG || { echo "$BAR_CONFIG not existing";
    #        if [ "$1" = "stop" ]; then exit 0;
    #        else exit 6; fi; }
    
    # Read config
    #. $BAR_CONFIG
    
    # Load the rc.status script for this service.
    . /etc/rc.status
    
    # Reset status of this service
    rc_reset
    
    case "$1" in
    start)
    echo -n "Starting IKE Deamon"
    ## Start daemon with startproc(8). If this fails
    ## the return value is set appropriately by startproc.
    startproc $IKED_BIN
    
    # Remember status and be verbose
    rc_status -v
    ;;
    stop)
    echo -n "Shutting down IKE Deamin "
    ## Stop daemon with killproc(8) and if this fails
    ## killproc sets the return value according to LSB.
    
    killproc -TERM $IKED_BIN
    
    # Remember status and be verbose
    rc_status -v
    ;;
    restart)
    ## Stop the service and regardless of whether it was
    ## running or not, start it again.
    $0 stop
    $0 start
    
    # Remember status and be quiet
    rc_status
    ;;
    reload)
    # If it supports signaling:
    echo -n "Reload service bar "
    killproc -HUP $IKED_BIN
    #touch /var/run/iked.pid
    rc_status -v
    
    ## Otherwise if it does not support reload:
    #rc_failed 3
    #rc_status -v
    ;;
    status)
    echo -n "Checking for service IKED "
    ## Check status with checkproc(8), if process is running
    ## checkproc will return with exit status 0.
    
    # Return value is slightly different for the status command:
    # 0 - service up and running
    # 1 - service dead, but /var/run/  pid  file exists
    # 2 - service dead, but /var/lock/ lock file exists
    # 3 - service not running (unused)
    # 4 - service status unknown :-(
    # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
    
    # NOTE: checkproc returns LSB compliant status values.
    checkproc $IKED_BIN
    # NOTE: rc_status knows that we called this init script with
    # "status" option and adapts its messages accordingly.
    rc_status -v
    ;;
    *)
    ## If no parameters are given, print which are avaiable.
    echo "Usage: $0 {start|stop|status|restart|reload}"
    exit 1
    ;;
    esac
    Save this to /etc/init.d/iked
    Then do "chmod 744 /etc/init.d/iked"
    and then do : "ln -s /etc/init.d/iked /sbin/rciked" to create a symbolic link to the script.

    Now you can use the "rciked" command to start stop and check status of the ike deamon. (like in rciked start | rciked stop etc)
    To make shure the IKE Deamon is started on the next boot execute the following command (as root)

    chkconfig -a iked

    Now start the deamon by rciked start (you dont have to reboot for this just now)

    Launcher
    The final step is to create a launcher on your desktop to start the GUI.
    Right click on your desktop and choose Create Launcher..

    Fill in the fields as described below

    Type: Application
    Name: Shrew
    Command: /usr/bin/ikea
    Comment: Shrew VPN client

    Tadaa..


    If you followed the steps outlined above you are able to setup a tunnel but no traffic will pass. This has something to do with a route verification filter setting for the Linux kernel. To resolve this you must edit as root the file /etc/sysctl.conf and make sure the following is in this file.

    # enable route verification on all interfaces
    Code:
    net.ipv4.conf.all.rp_filter = 0
    Just restart your machine at this point and your good to go. Happing tunneling

  2. #2

    Default Re: Shrew VPN Client for openSUSE 11.x

    I think the repository link got broken here. Found required packages in this repo...

    Index of /repositories/security/openSUSE_11.4

  3. #3

    Default Re: Shrew VPN Client for openSUSE 11.x

    All other information is correct. Tried it on OpenSUSE 11.4, worked for me. Greate thanks....

  4. #4
    Join Date
    Jun 2008
    Location
    The Netherlands
    Posts
    45

    Default Re: Shrew VPN Client for openSUSE 11.x

    Good to see everything works for you as well.

  5. #5
    Join Date
    Jun 2008
    Location
    The Netherlands
    Posts
    45

    Default Re: Shrew VPN Client for openSUSE 11.x

    Hi everyone,

    I've got Shrew VPN client running on OpenSUSE 12.1 as well. Most of the procedure is the same as described above but you have to use an other repository and if you using SYSTEMD instead of the older INIT you must use an other start script.
    use this repo: Index of /repositories/security/openSUSE_12.1

    To make the IKED start at boot with systemD do the following:

    !!!! Use this option only if your on systemD, If you are still on the old INIT use the init.d script in the original post.

    As root, make an new file in "/lib/systemd/system" and call it "iked.service" without the quotes that is.
    Next, Edit this iked.services file so it contains the following:
    Code:
    [Unit]
    Description=Shrew VPN client 
    
    [Service]
    ExecStart=/usr/sbin/iked
    TimeoutSec=0
    StandardOutput=tty
    RemainAfterExit=yes
    SysVStartPriority=99
    
    [Install]
    WantedBy=multi-user.target

    Once you've created the file with the above content type the following (as root)
    Code:
    # systemctl enable /lib/systemd/system/iked.service
    You can start it manually by typing:
    Code:
    # systemctl start iked.service
    You can stop it manually by typing:
    Code:
    # systemctl stop iked.service

    You can check status by typing:
    Code:
    # systemctl status iked.service
    People usually get what's coming to them ... unless it's been mailed

  6. #6

    Default Re: Shrew VPN Client for openSUSE 11.x

    Good post!
    but I have a small problem. After installed ike from yast I cannot find any ikea binary file to start my shrew vpn client.
    how can fix it?

  7. #7
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,317

    Default Re: Shrew VPN Client for openSUSE 11.x

    On Wed, 05 Nov 2014 17:16:02 +0000, susecom wrote:

    > Good post!
    > but I have a small problem. After installed ike from yast I cannot find
    > any ikea binary file to start my shrew vpn client.
    > how can fix it?


    Given that openSUSE 11.1 is years out of support, you might start a new
    thread and mention what version of openSUSE you're using, and provide
    specific details about the issue you're having - error messages are good.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  8. #8
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,317

    Default Re: Shrew VPN Client for openSUSE 11.x

    On Wed, 05 Nov 2014 19:02:28 +0000, Jim Henderson wrote:

    > On Wed, 05 Nov 2014 17:16:02 +0000, susecom wrote:
    >
    >> Good post!
    >> but I have a small problem. After installed ike from yast I cannot find
    >> any ikea binary file to start my shrew vpn client.
    >> how can fix it?

    >
    > Given that openSUSE 11.1 is years out of support, you might start a new
    > thread and mention what version of openSUSE you're using, and provide
    > specific details about the issue you're having - error messages are
    > good.
    >
    > Jim


    I would also point out (now that I notice where this post is, too), that
    asking in the unreviewed HOWTOs forum (which is for submitting howto
    docs, not for asking questions) is the wrong place - you will want the
    networking forum.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •