How to install Shrew Soft IPsec VPN client on Linux

Last updated on September 23, 2020 by Dan Nanni

Question: I need to connect to an IPSec VPN gateway. For that, I'm trying to use Shrew Soft VPN client, which is available for free. How can I install Shrew Soft VPN client on [insert your Linux distro]?

There are many commercial VPN gateways available, which come with their own proprietary VPN client software. While there are also open-source VPN server/client alternatives such as OpenSwan, Tinc, they are typically lacking in sophisticated IPsec support, such as Internet Key Exchange (IKE) which is a standard IPsec protocol used to secure VPN key exchange and authentication. Shrew Soft VPN is a free IPsec VPN client supporting a number of authentication methods, key exchange, encryption and firewall traversal options.

Here is how you can install Shrew Soft VPN client on Linux platforms.

First, download its source code from the official website.

Install Shrew VPN Client on Ubuntu, Debian or Linux Mint

Shrew Soft VPN client GUI requires Qt 4.x. So you will need to install its development files as part of dependencies.

$ sudo apt-get install cmake libqt4-core libqt4-dev libqt4-gui libedit-dev libssl-dev checkinstall flex bison
$ wget https://www.shrew.net/download/ike/ike-2.2.1-release.tbz2
$ tar xvfvj ike-2.2.1-release.tbz2
$ cd ike
$ cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES .
$ make
$ sudo make install
$ cd /etc/
$ sudo mv iked.conf.sample iked.conf

Install Shrew VPN Client on CentOS, Fedora or RHEL

Similar to Debian based systems, you will need to install a number of dependencies including Qt4 before compiling it.

$ sudo yum install qt-devel cmake gcc-c++ openssl-devel libedit-devel flex bison
$ wget https://www.shrew.net/download/ike/ike-2.2.1-release.tbz2
$ tar xvfvj ike-2.2.1-release.tbz2
$ cd ike
$ cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES .
$ make
$ sudo make install
$ cd /etc/
$ sudo mv iked.conf.sample iked.conf

Post Installation Step

After installation, one last step is to open /etc/ld.so.conf with a text editor, and add the following line.

$ sudo vi /etc/ld.so.conf
include /usr/lib/

Reload run-time bindings of shared libraries to incorporate newly installed shared libraries:

$ sudo ldconfig

Launch Shrew VPN Client

First launch IKE daemon (iked). This daemon speaks the IKE protocol to communicate with a remote host over IPSec as a VPN client.

$ sudo iked

Now start qikea which is an IPsec VPN client front end. This GUI application allows you to manage remote site configurations and to initiate VPN connections.

To create a new VPN configuration, click on Add button, and fill out VPN site configuration. Once you create a configuration, you can initiate a VPN connection simply by clicking on the configuration.

Troubleshooting

1. I am getting the following error while running iked.

iked: error while loading shared libraries: libss_ike.so.2.2.1: cannot open shared object file: No such file or directory

To solve this problem, you need to update the dynamic linker to incorporate libss_ike library. For that, add to /etc/ld.so.conf the path where the library is located (e.g., /usr/lib), and then run ldconfig command.

$ sudo ldconfig

Verify that libss_ike is added to the library path:

$ ldconfig -p | grep ike
 libss_ike.so.2.2.1 (libc6,x86-64) => /lib/libss_ike.so.2.2.1
    libss_ike.so (libc6,x86-64) => /lib/libss_ike.so

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal or credit card

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.

Xmodulo © 2021 ‒ AboutWrite for UsFeed ‒ Powered by DigitalOcean