How to install Shrew Soft IPsec VPN client on Linux

Question: I need to connect to an IPSec VPN gateway. For that, I'm trying to use Shrew Soft VPN client, which is available for free. How can I install Shrew Soft VPN client on [insert your Linux distro]?

There are many commercial VPN gateways available, which come with their own proprietary VPN client software. While there are also open-source VPN server/client alternatives, they are typically lacking in sophisticated IPsec support, such as Internet Key Exchange (IKE) which is a standard IPsec protocol used to secure VPN key exchange and authentication. Shrew Soft VPN is a free IPsec VPN client supporting a number of authentication methods, key exchange, encryption and firewall traversal options.

Here is how you can install Shrew Soft VPN client on Linux platforms.

First, download its source code from the official website.

Install Shrew VPN Client on Debian, Ubuntu or Linux Mint

Shrew Soft VPN client GUI requires Qt 4.x. So you will need to install its development files as part of dependencies.

$ sudo apt-get install cmake libqt4-core libqt4-dev libqt4-gui libedit-dev libssl-dev checkinstall flex bison
$ wget https://www.shrew.net/download/ike/ike-2.2.1-release.tbz2
$ tar xvfvj ike-2.2.1-release.tbz2
$ cd ike
$ cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES .
$ make
$ sudo make install
$ cd /etc/
$ sudo mv iked.conf.sample iked.conf

Install Shrew VPN Client on CentOS, Fedora or RHEL

Similar to Debian based systems, you will need to install a number of dependencies including Qt4 before compiling it.

$ sudo yum install qt-devel cmake gcc-c++ openssl-devel libedit-devel flex bison
$ wget https://www.shrew.net/download/ike/ike-2.2.1-release.tbz2
$ tar xvfvj ike-2.2.1-release.tbz2
$ cd ike
$ cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES .
$ make
$ sudo make install
$ cd /etc/
$ sudo mv iked.conf.sample iked.conf

On Red Hat based systems, one last step is to open /etc/ld.so.conf with a text editor, and add the following line.

$ sudo vi /etc/ld.so.conf
include /usr/lib/

Reload run-time bindings of shared libraries to incorporate newly installed shared libraries:

$ sudo ldconfig

Launch Shrew VPN Client

First launch IKE daemon (iked). This daemon speaks the IKE protocol to communicate with a remote host over IPSec as a VPN client.

$ sudo iked

Now start qikea which is an IPsec VPN client front end. This GUI application allows you to manage remote site configurations and to initiate VPN connections.

To create a new VPN configuration, click on "Add" button, and fill out VPN site configuration. Once you create a configuration, you can initiate a VPN connection simply by clicking on the configuration.

Troubleshooting

1. I am getting the following error while running iked.

iked: error while loading shared libraries: libss_ike.so.2.2.1: cannot open shared object file: No such file or directory

To solve this problem, you need to update the dynamic linker to incorporate libss_ike library. For that, add to /etc/ld.so.conf the path where the library is located (e.g., /usr/lib), and then run ldconfig command.

$ sudo ldconfig

Verify that libss_ike is added to the library path:

$ ldconfig -p | grep ike
	libss_ike.so.2.2.1 (libc6,x86-64) => /lib/libss_ike.so.2.2.1
	libss_ike.so (libc6,x86-64) => /lib/libss_ike.so
Download this article as ad-free PDF (made possible by your kind donation): 
Download PDF

Subscribe to Ask Xmodulo

Do you want to receive Linux related questions & answers published at Ask Xmodulo? Enter your email address below, and we will deliver our Linux Q&A straight to your email box, for free. Delivery powered by Google Feedburner.


Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

4 thoughts on “How to install Shrew Soft IPsec VPN client on Linux

  1. I successfully installed the Shrew VPN Client on a CentOS 6.8 system. When I start the GUI using the "qikea" command the window appears but the text can not be read. All letters are displayed as black boxes. Can you tell me what the problem is?

    • Text is not readable inside the popped-up window because you do not have x11-server fonts installed in your linux system. Install xorg-x11-fonts to resolve this issue.

  2. The Shrew VPN client asks me for a missing certificate authority file path when I try saving the connection.

    I thought the certificate was provided to me after I first logged in with my user login and password.

    Where can I type in my user login and password in the create connection dialog ?

Leave a comment

Your email address will not be published. Required fields are marked *