Package Details: ike 2.2.1-10

Git Clone URL: https://aur.archlinux.org/ike.git (read-only, click to copy)
Package Base: ike
Description: Shrew Soft VPN client for Linux
Upstream URL: http://www.shrew.net
Licenses: BSD
Submitter: tmhedberg
Maintainer: rockybulwinkle
Last Packager: rockybulwinkle
Votes: 27
Popularity: 0.000000
First Submitted: 2011-12-06 17:01 (UTC)
Last Updated: 2025-04-17 14:10 (UTC)

Pinned Comments

rockybulwinkle commented on 2020-12-20 18:30 (UTC)

I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.

figue commented on 2019-02-15 20:17 (UTC) (edited on 2019-02-15 20:18 (UTC) by figue)

Ok, shrew-vpn-client updated. Please install that package to have QT GUI.

I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.

For the people that already have a profile, you can bring it up in commandline:

ikec -r profile -u user -p password -a

or use the GUI :P

timsat commented on 2019-02-14 20:01 (UTC) (edited on 2019-02-15 19:38 (UTC) by timsat)

ike updated to 2.2.1-5

  • Migrated to OpenSSL 1.1.x.
  • Removed Qt GUI from this package. The idea behind this decision is to have an as minimalistic base package as possible, with separate packages provide GUI.
  • Tested locally with OpenSSL 1.1.1.a-1.

Any feedback would be appreciated, thanks!

Latest Comments

1 2 3 4 5 6 .. 10 Next › Last »

rockybulwinkle commented on 2025-04-17 14:08 (UTC)

Thanks for the patch, @manuelino! Looks good to me, merged and bumped pkgrel.

manuelino commented on 2025-04-14 19:14 (UTC)

I tried making it work with CMake 4. It builds and executables start up, but I can't test it end-to-end, as I no longer work for the only customer that needed this VPN.

Since I don't really like pasting long patches here (as I usually mess up the formatting), I imported the repo at GH: https://github.com/binary-manu/aur-ike. The patch is on the tip of master.

rockybulwinkle commented on 2025-04-14 04:20 (UTC) (edited on 2025-04-14 04:20 (UTC) by rockybulwinkle)

Looks like the latest CMake update broke the build (jumping from 3.31 to 4). I don't have time to fix this right now. Downloading the most recent CMake 3.31 from the Arch Linux Archive still works.

The issue appears to be that CMake dropped support for certain syntax of add_custom_command. I'm not familiar with CMake. Patches welcome!

rockybulwinkle commented on 2024-07-26 15:38 (UTC)

Ok, it's not as bad as I thought. At least in my work network, if don't make failure to create a UDP_ENCAP_ESPINUDP_NON_IKE socket fatal, then I can still connect to my work.

rockybulwinkle commented on 2024-07-26 12:26 (UTC)

Found the culprit. They dropped support for my socket mode!

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/net/ipv4/esp4.c?id=v6.10&id2=v6.9

rockybulwinkle commented on 2024-07-26 12:18 (UTC)

The package broke. Looks like the kernel upgrade from 6.9.10.arch1-1 -> 6.10.arch1-2 on the 23rd broke it.

Patches welcome!

mkurz commented on 2023-03-23 20:50 (UTC)

@rockybulwinkle It works! Great work, thank you very much!

rockybulwinkle commented on 2023-03-23 20:19 (UTC)

Pushed my changes, try them out @murkz

rockybulwinkle commented on 2023-03-23 19:32 (UTC)

@mkurz, I don't see how removing that delete would solve the double free issue. Just below the delete, data_buff is set to the newly allocated memory (new_buff).

I think your changes would hide an already-existing use-after-free bug. If "data_buff" was already freed, and we just copied data out of it, then what the heck did we just copy?

I'm working on my own fix right now. The root cause in my test case (missing configuration data) appears to be in _CONFIG_MANAGER::file_vpn_load. When config.get_ispublic() is true, if sites_all isn't set, then it adds an empty string to the path. That alone isn't a problem, but then it goes to try to add a delimiter to "size-1", which causes an integer overflow. It doesn't appear ins was written to detect this edge case.

The EOF patch looks reasonable.

mkurz commented on 2023-03-23 18:43 (UTC)

@rockybulwinkle Also see https://github.com/dpolitis/shrew.net-vpn-openssl1.1.1/pull/3/files