Compiling the Shrew Soft VPN client on Raspberry Pi

04.11.2013 by Dirk Olmes

At work we deploy our software on machines that are located at customers sites. To access these machines we have created a VPN infrastructure that allows us to access the machines, deploy updates etc.

I use Shrewsoft’s VPN client to connect to the VPN infrastructure. This works so well on Linux that we recently began to replace the commercial VPN client used on Mac OS X with the Shrew Soft client - but that’s a different story.

Part of our infrastructure is a Zabbix installation which is used to monitor our software via JMX. Zabbix features nice screens that can be used to create a dashboard-style overview over the current state of all hosts.

To give everyone in the office more visibility on how our software is doing I’d like to display custom Zabbix screens on a big display located in the office. A Raspberry Pi looks like the perfect machine for powering the display - it’s cheap, doesn’t use much power and should even have a chrome browser to run in kiosk mode.

Sounds like an interesting pet project so I ordered a Pi and some equipment. When it finally arrived I flashed the standard NOOBS starter pack. The main hurdle will be getting the Shrew Soft VPN client to run, I don’t want to fiddle with the Linux distro right now. That’ll be a hobby project for another day.

Before attempting to compile the source all prerequisites must be installed:

apt-get install cmake
apt-get install flex
apt-get install bison
apt-get install libedit-dev
apt-get install libssl-dev

I did not install Qt and friends - the basic command line client will be sufficient for my setup. Connecting to the VPN will be fully automated anyway.

The next step is to download the sources, unpack the tarball and compile the source. This turned out to be quite smooth using

cmake -DCMAKE_INSTALL_PREFIX=/usr -DETCDIR=/etc -DNATT=YES

followed by the typical

make
make install

sequence.

Now that the VPN client is installed, I exported the VPN settings from my Linux desktop machine and tried to run the command line client

ikec -r vpn

I should have been warned by the smooth compile. Of course the VPN client does not work out of the box, it crashes with

*** glibc detected *** ikec: double free or corruption (out): 0x0191fa70 ***
Aborted

Seems like I have to start digging the code. But that’s another story for another day. Stay tuned.

Comments

Permalink

jokraehe

Posted on 12.02.2014

i have the exact same issue as you described above. do you have any solution to share yet?

Permalink

Dirk Olmes

Posted on 15.02.2014

I dug to the root cause of the issue back after I wrote the blog post but didn’t find the time to do a proper comparison of ikec’s behaviour on the pi vs on my regular Linux machine. Long story short, it was the code that parses the config file. On the pi it doesn’t proplerly detect the last entry in the file - or EOF, I don’t remember the details. The workaround was to add an empty line to the end of the config file.

Permalink

Nkolay Dimitrov

Posted on 31.10.2015

Thank you very much for this comment! It really helped me work around this issue.

Permalink

John de Sousa

Posted on 26.10.2017

Thanks you so much for the tip about adding the line to the end of the file, very much appreciated!

Permalink

Guru

Posted on 06.12.2017

Wow! the EOF really fixed this. THanks a million for posting :)

Permalink

Sebastian Urbanneck

Posted on 14.02.2019

You got to be kiddimg me. So simple yet so helping.

How the hell did you find that Problem?

Permalink

Dirk Olmes

Posted on 14.02.2019

It was a case of good old printf-style debugging back and forth that finally got me this far.

I’m glad this tip still helps someone (although I’d prefer a proper fix but I suppose upstream is dead).

Permalink

SalC

Posted on 22.07.2019

Thanks for this info… but I’ve tried adding the addt’l line to my VPN config file and still get the error ‘ikec: double free or corruption (out)’. Anyone have any other ideas I can try? Thanks much!

Your name:
Comment: