[vpn-help] iked core dumped

bsaul at inwind.it bsaul at inwind.it
Sat Jul 19 07:35:12 CDT 2014 

Hi,

I need to connect to Checkpoint VPN. site (firewall.day.it). On windows with 
the provided client Check Point Endpoint Security, using username and password 
the VPN work very well.

But i work with Linux (Fedora 20 Kernel 3.15.5-20 x86_64), then I looking for 
a native linux solution and I download the Shrew VPN Client For Linux release 
2.2.1.

I compiled it first using
cmake -DQTGUI=YES -DNATT=YES -DLDAP=YES
then istalled it using
make install

this is the iked configuration file

cat /usr/local/etc/iked.conf

#
# sample client iked.conf file
#

daemon
{
	# bind to ports
	socket ike 500;
	socket natt 4500;

	# log output
	log_level debug;
	log_file "/var/log/iked.log";
	pcap_decrypt "/var/log/ike-decrypt.pcap";
#	pcap_encrypt "/var/log/ike-encrypt.pcap";

	# retry settings
	retry_delay 10;
	retry_count 2;
}

Using qikea i just configured VPN connection for firewall.day.it

cat .ike/sites/firewall.day.it 
n:version:4
s:network-host:firewall.day.it
n:network-ike-port:500
s:client-auto-mode:pull
s:client-iface:virtual
n:network-mtu-size:1380
n:client-addr-auto:1
s:network-natt-mode:disable
s:network-frag-mode:enable
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
s:auth-method:mutual-psk
s:ident-client-type:fqdn
s:ident-client-data:
s:ident-server-type:any
b:auth-mutual-psk:ZmxleDIwMTQ=
s:phase1-exchange:main
n:phase1-dhgroup:1
s:phase1-cipher:auto
n:phase1-keylen:0
s:phase1-hash:auto
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
s:phase2-transform:auto
n:phase2-keylen:0
s:phase2-hmac:auto
n:phase2-pfsgroup:-1
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
s:ipcomp-transform:disabled
s:policy-level:auto
n:policy-nailed:0
n:policy-list-auto:1

When i try to start connection the client cmplain about "failed to attach to 
key daemon" thats the iked daemon not running. In order to resolve this problem 
i try to run the daemon manually, using the following command (from root)

 iked -f /usr/local/etc/iked.conf  -d 6 -F

But as result, i get follwing error:

iked -f /usr/local/etc/iked.conf  -d 6 -F
iked: /home/bsaul/download/ike/source/libith/libith.cpp:171: bool _ITH_LOCK::
unlock(): Assertion `result == 0' failed.
Candelled (core dumped)

Thanks for the help that you give me

More information about the vpn-help mailing list