[vpn-help] iked core dumped
bsaul at inwind.it
bsaul at inwind.it
Sat Jul 19 07:35:12 CDT 2014
Hi,
I need to connect to Checkpoint VPN. site (firewall.day.it). On windows with
the provided client Check Point Endpoint Security, using username and password
the VPN work very well.
But i work with Linux (Fedora 20 Kernel 3.15.5-20 x86_64), then I looking for
a native linux solution and I download the Shrew VPN Client For Linux release
2.2.1.
I compiled it first using
cmake -DQTGUI=YES -DNATT=YES -DLDAP=YES
then istalled it using
make install
this is the iked configuration file
cat /usr/local/etc/iked.conf
#
# sample client iked.conf file
#
daemon
{
# bind to ports
socket ike 500;
socket natt 4500;
# log output
log_level debug;
log_file "/var/log/iked.log";
pcap_decrypt "/var/log/ike-decrypt.pcap";
# pcap_encrypt "/var/log/ike-encrypt.pcap";
# retry settings
retry_delay 10;
retry_count 2;
}
Using qikea i just configured VPN connection for firewall.day.it
cat .ike/sites/firewall.day.it
n:version:4
s:network-host:firewall.day.it
n:network-ike-port:500
s:client-auto-mode:pull
s:client-iface:virtual
n:network-mtu-size:1380
n:client-addr-auto:1
s:network-natt-mode:disable
s:network-frag-mode:enable
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
s:auth-method:mutual-psk
s:ident-client-type:fqdn
s:ident-client-data:
s:ident-server-type:any
b:auth-mutual-psk:ZmxleDIwMTQ=
s:phase1-exchange:main
n:phase1-dhgroup:1
s:phase1-cipher:auto
n:phase1-keylen:0
s:phase1-hash:auto
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
s:phase2-transform:auto
n:phase2-keylen:0
s:phase2-hmac:auto
n:phase2-pfsgroup:-1
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
s:ipcomp-transform:disabled
s:policy-level:auto
n:policy-nailed:0
n:policy-list-auto:1
When i try to start connection the client cmplain about "failed to attach to
key daemon" thats the iked daemon not running. In order to resolve this problem
i try to run the daemon manually, using the following command (from root)
iked -f /usr/local/etc/iked.conf -d 6 -F
But as result, i get follwing error:
iked -f /usr/local/etc/iked.conf -d 6 -F
iked: /home/bsaul/download/ike/source/libith/libith.cpp:171: bool _ITH_LOCK::
unlock(): Assertion `result == 0' failed.
Candelled (core dumped)
Thanks for the help that you give me
More information about the vpn-help
mailing list