Ubuntu
ike package

Shrew Soft VPN no longer establishes a connection

Bug #860208 reported by Steve Gerbino
128
This bug affects 24 people
Affects Status Importance Assigned to Milestone
ike (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Shrew Soft VPN Connect output:

config loaded for site 'site'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon ...

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ike 2.1.7+dfsg-1build1
ProcVersionSignature: Ubuntu 3.0.0-12.19-generic 3.0.4
Uname: Linux 3.0.0-12-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.23-0ubuntu1
Architecture: amd64
Date: Mon Sep 26 23:03:17 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ike
UpgradeStatus: Upgraded to oneiric on 2011-09-25 (1 days ago)

Revision history for this message
Steve Gerbino (sgerbino) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ike (Ubuntu):
status: New → Confirmed
Revision history for this message
Mark Chester (mchester) wrote :

This is a blocker for me as I can no longer use my workstation for remote access. Need a solution or workaround ASAP. Please update with expected fix time line. Thanks.

Revision history for this message
Mark Chester (mchester) wrote :
Download full text (3.2 KiB)

root@mark:/var/log# tail -n 25 syslog
Oct 17 22:17:24 mark NetworkManager[1116]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Oct 17 22:18:04 mark avahi-daemon[1096]: Withdrawing workstation service for tap0.
Oct 17 22:18:04 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:19:06 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:19:06 mark NetworkManager[1116]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Oct 17 22:19:06 mark NetworkManager[1116]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Oct 17 22:19:16 mark avahi-daemon[1096]: Withdrawing workstation service for tap0.
Oct 17 22:19:16 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:21:15 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:21:15 mark NetworkManager[1116]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Oct 17 22:21:15 mark NetworkManager[1116]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Oct 17 22:21:20 mark avahi-daemon[1096]: Withdrawing workstation service for tap0.
Oct 17 22:21:20 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:22:18 mark AptDaemon: INFO: Quitting due to inactivity
Oct 17 22:22:18 mark AptDaemon: INFO: Quitting was requested
Oct 17 22:22:44 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:22:44 mark NetworkManager[1116]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Oct 17 22:22:44 mark NetworkManager[1116]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Oct 17 22:23:14 mark avahi-daemon[1096]: Withdrawing workstation service for tap0.
Oct 17 22:23:14 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:26:25 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Oct 17 22:26:25 mark NetworkManager[1116]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Oct 17 22:26:25 mark NetworkManager[1116]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Oct 17 22:27:05 mark avahi-daemon[1096]: Withdrawing workstation service for tap0.
Oct 17 22:27:05 mark NetworkManager[1116]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)

root@mark:/var/log# cat iked.log
11/10/17 22:17:01 ## : IKE Daemon, ver 2.1.7
11/10/17 22:17:01 ## : Copyright 2010 Shrew Soft Inc.
11/10/17 22:17:01 ##...

Read more...

Revision history for this message
Mark Chester (mchester) wrote :
Download full text (3.1 KiB)

I did a complete remove and install of the Shrew Soft VPN. It appears to be unable to properly install the IKE packages. Note "half-installed" and "half-configured" lines in the log below.

From /var/log/dpkg.log

2011-10-17 22:47:03 startup archives unpack
2011-10-17 22:47:08 install ike 2.1.7+dfsg-1build1 2.1.7+dfsg-1build1
2011-10-17 22:47:08 status half-installed ike 2.1.7+dfsg-1build1
2011-10-17 22:47:08 status triggers-pending ureadahead 0.100.0-11
2011-10-17 22:47:09 status half-installed ike 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status triggers-pending man-db 2.6.0.2-2
2011-10-17 22:47:09 status half-installed ike 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status unpacked ike 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status unpacked ike 2.1.7+dfsg-1build1
2011-10-17 22:47:09 install ike-qtgui <none> 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status half-installed ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status half-installed ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status triggers-pending desktop-file-utils 0.18-0ubuntu8
2011-10-17 22:47:09 status half-installed ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status triggers-pending gnome-menus 3.2.0-0ubuntu2
2011-10-17 22:47:09 status half-installed ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status triggers-pending bamfdaemon 0.2.104-0ubuntu1
2011-10-17 22:47:09 status half-installed ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status unpacked ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:09 status unpacked ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:10 trigproc ureadahead 0.100.0-11 0.100.0-11
2011-10-17 22:47:10 status half-configured ureadahead 0.100.0-11
2011-10-17 22:47:10 status installed ureadahead 0.100.0-11
2011-10-17 22:47:10 trigproc man-db 2.6.0.2-2 2.6.0.2-2
2011-10-17 22:47:10 status half-configured man-db 2.6.0.2-2
2011-10-17 22:47:12 status installed man-db 2.6.0.2-2
2011-10-17 22:47:12 trigproc desktop-file-utils 0.18-0ubuntu8 0.18-0ubuntu8
2011-10-17 22:47:12 status half-configured desktop-file-utils 0.18-0ubuntu8
2011-10-17 22:47:12 status installed desktop-file-utils 0.18-0ubuntu8
2011-10-17 22:47:12 trigproc gnome-menus 3.2.0-0ubuntu2 3.2.0-0ubuntu2
2011-10-17 22:47:12 status half-configured gnome-menus 3.2.0-0ubuntu2
2011-10-17 22:47:12 status installed gnome-menus 3.2.0-0ubuntu2
2011-10-17 22:47:12 trigproc bamfdaemon 0.2.104-0ubuntu1 0.2.104-0ubuntu1
2011-10-17 22:47:12 status half-configured bamfdaemon 0.2.104-0ubuntu1
2011-10-17 22:47:12 status installed bamfdaemon 0.2.104-0ubuntu1
2011-10-17 22:47:13 startup packages configure
2011-10-17 22:47:13 configure ike 2.1.7+dfsg-1build1 <none>
2011-10-17 22:47:13 status unpacked ike 2.1.7+dfsg-1build1
2011-10-17 22:47:13 status unpacked ike 2.1.7+dfsg-1build1
2011-10-17 22:47:13 status unpacked ike 2.1.7+dfsg-1build1
2011-10-17 22:47:13 status half-configured ike 2.1.7+dfsg-1build1
2011-10-17 22:47:14 status installed ike 2.1.7+dfsg-1build1
2011-10-17 22:47:14 configure ike-qtgui 2.1.7+dfsg-1build1 <none>
2011-10-17 22:47:14 status unpacked ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:14 status half-configured ike-qtgui 2.1.7+dfsg-1build1
2011-10-17 22:47:14 status installed ike-qtgui 2.1.7+df...

Read more...

Revision history for this message
svaens (svaens) wrote :

From what I have read, a recent package still worked:

"Previous version of shrew in Linux dist (version 2.1.5 in Ubuntu 11.04
Natty) completes this negotiation and connects fine, and as a workaround I
have kept packages of 2.1.5 installed on Oneiric (preventing upgrade to
2.1.7)."

http://lists.shrew.net/pipermail/vpn-help/2011-September/003988.html

Revision history for this message
Mark Chester (mchester) wrote :

Downgrading to these packages has restored VPN connectivity for me.
ike_2.1.5+dfsg-2
ike-qtgui_2.1.5+dfsg-2

I used the Natty packages found here:
http://packages.ubuntu.com/natty/ike

Download the above packages. (make sure you select the right architecture)
Remove both 2.1.7 packages using the Ubuntu Software Center (you need to search for ike and show the technical items to see both packages).
Right-click the downloaded ike 2.1.5 deb package
Choose Open With Ubuntu Software Center and click install.
Repeat for the Ike-qtgui 2.1.5 package.

Revision history for this message
Mark Chester (mchester) wrote :

To prevent Update Manager from upgrading to 2.1.7, create the following 2 files:

/etc/apt/preferences.d/ike, which contains these lines:
Package: ike
Pin: version 2.1.5+dfsg-2
Pin-Priority: 1010

And /etc/apt/preferences.d/ike-qtgui, which contains these lines:
Package: ike-qtgui
Pin: version 2.1.5+dfsg-2
Pin-Priority: 1011

Revision history for this message
Daniel Défago (daniel-defagordi) wrote :

Hello,

I confirm that it's working fine with the version 2.1.5 , thank's

Revision history for this message
bing (bing000) wrote :

I can confirm the bug with the ike 2.1.7+dfsg-1build1 deb. I can also confirm that ike 2.1.7 compiles fine from the tar source from shrew.net, and the default iked.conf, init.d script, and so forth also work fine (appear unchanged from 2.1.5 deb).

The usual change *.rp_filter = 0 applies.

Revision history for this message
Wannabe (borts88) wrote :

Same bug, since updated to 11.10. Fixed it by above method, with downgrading to 2.1.5. Doesn't really bug me anymore, as far as there is a workaround for that.

Revision history for this message
Kexin (kexin) wrote :

The problem is in the Shrew 2.1.7 packages in 11.10. I rebuilt ike from the
source (still 2.1.7) and it works fine.

I have noticed that although iked from 11.10 Shrew 2.1.7 package binds to NATT
(4500), there never comes traffic via NATT. This might be the cause of timeout.

<-- Kexin

Revision history for this message
Prolag (prolag) wrote :

Hi

I have the some issue, i realized some test and this bug come from the Debian Patch 0004_select.diff ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566673 ) if i don't apply this patch, the VPN work !

Revision history for this message
Mike Steele (gurucentral) wrote :

This is causing me real headaches. To login to work, I have to use an old Windows laptop. I hate that.

I'm old and I've lost most my intelligence. I just wanna do my work and then watch some Matlock. I don't want to attempt to load an old version of Shrew (2.1.5) cuz it's too hard and I don't know how. I don't want to download source for 2.1.7 and recompile it cuz it's too hard and I don't know how. I would get down on my knees and beg, but they hurt. Will SOMEONE please fix this?

-Mikey

Revision history for this message
Geoffrey Gudgeon (gbgudgeon) wrote :

Just wondering if ther has been a fix for this. The reason i ask is that I get the same issues but I have installed and fresh version 12.04 of ubuntu and tried both the 2.1.5 and 2.1.7 servsions getting the same results??

Cheers Geoff

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.