Arch Linux User Repository

Just tested a clean build in a clean VM: builds and works.

Meanwhile, I came up with my own patch around the issue. I'll leave it here even if it's already fixed because wasting code is bad ;)

It takes a different approach to the problem:

• depend on openssl-1.1 rather than on openssl in PKGBUILD, to avoid compilation warnings and errors;

• apply the following patch in prepare(), forcing CMake to look into appropriate folders so that it finds the correct version of headers and libraries.

  --- a/CMakeLists.txt 2022-11-07 15:58:01.871819791 +0100 +++ b/CMakeLists.txt 2022-11-07 15:46:44.599849990 +0100 @@ -42,11 +42,13 @@ set( SEARCH_INC /usr/local/include + /usr/include/openssl-1.1 /usr/include )

  set( SEARCH_LIB /usr/local/lib + /usr/lib/openssl-1.1 /usr/lib )

  set( @@ -258,6 +260,7 @@ find_path( PATH_INC_CRYPTO NAMES "openssl/evp.h" + NO_CMAKE_SYSTEM_PATH PATHS ${SEARCH_INC} )

  if( NOT PATH_INC_CRYPTO ) @@ -266,11 +269,15 @@ FATAL_ERROR "Unable to locate openssl crypto include files" )

  +else() + include_directories(BEFORE "${PATH_INC_CRYPTO}") + endif( NOT PATH_INC_CRYPTO )

  find_library( PATH_LIB_CRYPTO NAMES "crypto" + NO_CMAKE_SYSTEM_PATH PATHS ${SEARCH_LIB} )

  if( NOT PATH_LIB_CRYPTO ) @@ -279,6 +286,10 @@ FATAL_ERROR "Unable to locate openssl crypto library file" )

  +else() + cmake_path(REMOVE_FILENAME PATH_LIB_CRYPTO) + link_directories(BEFORE "${PATH_LIB_CRYPTO}") + endif( NOT PATH_LIB_CRYPTO )

  find_path(

Yours is definitely shorter!

Thanks for your efforts.

Should be working now. You may need to do a clean build.

Nevermind, rebooted after upgrading my system and it's working now. I'll push an update soon.

@manuelino I'm running into another problem trying to recompile with openssl 1.1.

Initially it complained about casting a const to a non-const. I'm working around that right now by adding -fpermissive.

When built though, it runs into an "internal error" when connected.

Still debugging. I'm open to patches.

Hello. Am I the only one who is experiencing issues with ikec/iked and openssl?

After today's upgrade, the VPN would no longer start until I installed openssl-1.1 alongside regular openssl.

Recompilation also seems to fail, since openssl-1.1 headers and libraries are not found where the build systems looks, and the latest openssl probably introduces some incompatible changes.

@jvybihal it should be correct now. Thanks for pointing out the discrepancy!

The .SRCINFO has pkgrel = 5, PKGBUILD is pkgrel=6. Can this be please corrected?

I can confirm it's working on linux-lts as well. They merged the change in 5.15.47, latest in arch is 5.15.48 :)

It looks like the fix has been merged into 5.18.4. I can confirm that kernel 5.18.5 from Arch works correctly with iked.

Thanks @manuelino for the info. I gave a half-hearted attempted at building a kernel with the patch, but ran into issues. It's good to see a fix is coming upstream in any case.

Ultimately what I've decided to do, personally, is revert back to package versions on May 25th, just before the problematic kernel came out (Server=https://archive.archlinux.org/repos/2022/05/25/$repo/os/$arch). I did a pacman -Syyuu with the old mirror to roll back my package versions. Then I configured my pacman to ignore linux-lts, linux-lts headers, and other packages that depend on a kernel version like nvidia drivers, and updated the system again.

Side note and heads up, I may disown this package soon if I can get a more modern VPN solution working at work. I only picked it up because no one else had, I still used it, and the AUR version was broken. As soon as I have a VPN at work that doesn't need shrewsoft, I am dropping this.