Arch Linux User Repository

I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.

Ok, shrew-vpn-client updated. Please install that package to have QT GUI.

I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.

For the people that already have a profile, you can bring it up in commandline:

ikec -r profile -u user -p password -a

or use the GUI :P

ike updated to 2.2.1-5

• Migrated to OpenSSL 1.1.x.
• Removed Qt GUI from this package. The idea behind this decision is to have an as minimalistic base package as possible, with separate packages provide GUI.
• Tested locally with OpenSSL 1.1.1.a-1.

Any feedback would be appreciated, thanks!

Thanks for the patch, @manuelino! Looks good to me, merged and bumped pkgrel.

I tried making it work with CMake 4. It builds and executables start up, but I can't test it end-to-end, as I no longer work for the only customer that needed this VPN.

Since I don't really like pasting long patches here (as I usually mess up the formatting), I imported the repo at GH: https://github.com/binary-manu/aur-ike. The patch is on the tip of master.

Looks like the latest CMake update broke the build (jumping from 3.31 to 4). I don't have time to fix this right now. Downloading the most recent CMake 3.31 from the Arch Linux Archive still works.

The issue appears to be that CMake dropped support for certain syntax of add_custom_command. I'm not familiar with CMake. Patches welcome!

Ok, it's not as bad as I thought. At least in my work network, if don't make failure to create a UDP_ENCAP_ESPINUDP_NON_IKE socket fatal, then I can still connect to my work.

Found the culprit. They dropped support for my socket mode!

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/diff/net/ipv4/esp4.c?id=v6.10&id2=v6.9

The package broke. Looks like the kernel upgrade from 6.9.10.arch1-1 -> 6.10.arch1-2 on the 23rd broke it.

Patches welcome!

@rockybulwinkle It works! Great work, thank you very much!

Pushed my changes, try them out @murkz

@mkurz, I don't see how removing that delete would solve the double free issue. Just below the delete, data_buff is set to the newly allocated memory (new_buff).

I think your changes would hide an already-existing use-after-free bug. If "data_buff" was already freed, and we just copied data out of it, then what the heck did we just copy?

I'm working on my own fix right now. The root cause in my test case (missing configuration data) appears to be in _CONFIG_MANAGER::file_vpn_load. When config.get_ispublic() is true, if sites_all isn't set, then it adds an empty string to the path. That alone isn't a problem, but then it goes to try to add a delimiter to "size-1", which causes an integer overflow. It doesn't appear ins was written to detect this edge case.

The EOF patch looks reasonable.

@rockybulwinkle Also see https://github.com/dpolitis/shrew.net-vpn-openssl1.1.1/pull/3/files