[CentOS] Shrew Soft VPN Client for CentOS 6

Fri Feb 24 22:30:00 UTC 2012
David G. Miller <dave at davenjudy.org>

 <m.roth at ...> writes:

> Hi, Dave,
> dave at ... wrote:
> >
> > Where I work uses the Shrew Soft VPN client to access remote resources.  I
> > have found pre-built rpms for EL5, various versions of Fedora, and
> > appropriate packages for non-rpm based distros but no rpm for EL6.  I have
> > downloaded the source from Shrew Soft and built "my own" which built and
> > installed with no errors but then didn't work.  I'm finally taking the
> <snip>
> > same configuration and user connects under EL6 (confirmed on the VPN
> > server) but is unusable (e.g., I can't ping known systems).
> I think I'd try tcpdump, or some other tool, and see what's happening.
>          mark
I ran tcpdump on my gateway's interface to the the 'net while running a ping on
the client.  I could see what I'm pretty sure were the ping returns (hard to
tell since it's VPN traffic).  I'll move the tcpdump to watching what goes from
the gateway to the VPN client although the VPN traffic will then be mixed in
with any other non-VPN traffic between the client and my gateway.  I can cut
back on this traffic but I can't stop it or filter it the way I cann at the
gateway's exterior NIC.

I'm pretty sure the problem has to do with the VPN stack on the VPN client.  The
FC16 box uses the same client and the same configuration to successfully connect
to the VPN and access remote systems but there are several dependent libraries
that are newer on the FC16 platform (I tried installing the FC16 rpm on my EL6
box to 1) see if it would install and 2) see what dependencies changed).  There
could be something wrong with how the outbound packets get built but then I
probably wouldn't have seen the pings coming back.