Shrew VPN in openSUSE

There is an instruction page of VPN for Linux on Knowledge Base of IT service of the University of Manchester. But the client software cannot be compiled correctly in openSUSE 13.2. So I chose to install the alternative Shrew client software. It’s not easy, too. Here is my installing record.

Shrew is a VPN client software. For openSUSE, it can be installed by 1 Click Install:

  1. Open Package Search for openSUSE,
  2. Type “ike” and search,
  3. The first package named “ike” should be commented as “The Shrew Soft VPN Client“.

This is the package we should use. Here is the brief description:

The Shrew Soft VPN Client for Unix is a free IPsec Client for FreeBSD, NetBSD and Linux based operating systems. It was originally developed to provide secure communications between mobile Windows hosts and open source VPN gateways that utilize standards compliant software such as ipsec-tools, OpenSWAN, FreeSWAN, StrongSWAN, isakmpd. It now offers many of the advanced features only found in expensive commercial software solutions and provides compatibility for VPN appliances produced by vendors such as Cisco, Juniper, Checkpoint, Fortinet, Netgear, Linksys, Zywall and many others. It supports most of the features availalble in the Windows VPN Client version with the exception of those which are not cross platform compatible.

Choose a favorite openSUSE version and click to expand the sub-section. If it shows “Show unstable packages“, that means that no stable version ike for the chosen openSUSE version  is available at this moment.

I chose to use the unstable version on openSUSE Tumbleweed, which worked for me.

After clicking the “Show unstable packages”, a “1 Click Install” link shows up. It can be opened by YaST2, or saved as an ike.ymp file by right clicking and choosing “save as …” then opened by YaST2. Follow the instruction and finish the installation.

Check system settings first. Using a text editor to edit (as root) /etc/sysctl.conf, change to as following lines or add them,

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

Open a terminal and input,

# iked

If you want to run Shrew in the backend. If autostart on boot is required, keep input as following,

# systemctl enable /usr/sbin/iked
# systemctl start iked
ii : created ike socket 0.0.0.0:500
ii : created natt socket 0.0.0.0:4500
## : IKE Daemon, ver 2.2.1
## : Copyright 2013 Shrew Soft Inc.
## : This product linked OpenSSL 1.0.1k-fips 8 Jan 2015

Now, Shrew should be running in backend.

Then, use following command,

qikea

to open the GUI window of Shrew to import vpn profile and connect to vpn server.

Or,

qikec

if command line is preferred.

Now, university ID and password can be used to login VPN.

Further instructions about using Shrew can be found here.©

本文发表于水景一页。永久链接:<http://cnzhx.net/blog/shrew-vpn-in-opensuse/>。转载请保留此信息及相应链接。

5 条关于 “Shrew VPN in openSUSE” 的评论

      • 安装没问题,能正常连接,但无法与VPN端的内网主机通信
        ping 不通里面的主机,不知道是路由不对还是怎么地

  1. 引用通告: openSUSE Tumbleweed 初始配置记录 | 水景一页

时间过去太久,评论已关闭。
如果您有话要说,请到讨论区留言并给出此文章链接。
谢谢您的理解 :-)