Linux系统入门学习：Linux上如何安装Shrew Soft IPsec VPN

问题：我需要连接到一个IPSec VPN网关，鉴于此，我尝试使用Shrew Soft VPN客户端，它是一个免费版本。我怎样才能安装Shrew Soft VPN客户端到[某个Linux发行版]?

市面上有许多商业VPN网关，同时附带有他们自己的专有VPN客户端软件。虽然也有许多开源的VPN服务器/客户端备选方案，但它们通常缺乏复杂的IPsec支持，比如互联网密钥交换（IKE），这是一个标准的IPsec协议，用于加固VPN密钥交换和验证安全。Shrew Soft VPN是一个免费的IPsec VPN客户端，它支持多种验证方法、密钥交换、加密以及防火墙穿透选项。

下面介绍如何安装Shrew Soft VPN客户端到Linux平台。

首先，从官方站点下载它的源代码。

安装Shrew VPN客户端到Debian, Ubuntu或者Linux Mint

Shrew Soft VPN客户端图形界面要求使用Qt 4.x。所以，作为依赖，你需要安装其开发文件。

1. <span class="pln">$ sudo apt</span><span class="pun">-</span><span class="kwd">get</span><span class="pln"> install cmake libqt4</span><span class="pun">-</span><span class="pln">core libqt4</span><span class="pun">-</span><span class="pln">dev libqt4</span><span class="pun">-</span><span class="pln">gui libedit</span><span class="pun">-</span><span class="pln">dev libssl</span><span class="pun">-</span><span class="pln">dev checkinstall flex bison</span>
2. <span class="pln">$ wget https</span><span class="pun">:</span><span class="com">//www.shrew.net/download/ike/ike-2.2.1-release.tbz2</span>
3. <span class="pln">$ tar xvfvj ike</span><span class="pun">-</span><span class="lit">2.2</span><span class="pun">.</span><span class="lit">1</span><span class="pun">-</span><span class="pln">release</span><span class="pun">.</span><span class="pln">tbz2</span>
4. <span class="pln">$ cd ike</span>
5. <span class="pln">$ cmake </span><span class="pun">-</span><span class="pln">DCMAKE_INSTALL_PREFIX</span><span class="pun">=</span><span class="str">/usr -DQTGUI=YES -DETCDIR=/</span><span class="pln">etc </span><span class="pun">-</span><span class="pln">DNATT</span><span class="pun">=</span><span class="pln">YES </span><span class="pun">.</span>
6. <span class="pln">$ make</span>
7. <span class="pln">$ sudo make install</span>
8. <span class="pln">$ cd </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span>
9. <span class="pln">$ sudo mv iked</span><span class="pun">.</span><span class="pln">conf</span><span class="pun">.</span><span class="pln">sample iked</span><span class="pun">.</span><span class="pln">conf </span>

安装Shrew VPN客户端到CentOS, Fedora或者RHEL

与基于Debian的系统类似，在编译前你需要安装一堆依赖包，包括Qt4。

1. <span class="pln">$ sudo yum install qt</span><span class="pun">-</span><span class="pln">devel cmake gcc</span><span class="pun">-</span><span class="pln">c</span><span class="pun">++</span><span class="pln"> openssl</span><span class="pun">-</span><span class="pln">devel libedit</span><span class="pun">-</span><span class="pln">devel flex bison</span>
2. <span class="pln">$ wget https</span><span class="pun">:</span><span class="com">//www.shrew.net/download/ike/ike-2.2.1-release.tbz2</span>
3. <span class="pln">$ tar xvfvj ike</span><span class="pun">-</span><span class="lit">2.2</span><span class="pun">.</span><span class="lit">1</span><span class="pun">-</span><span class="pln">release</span><span class="pun">.</span><span class="pln">tbz2</span>
4. <span class="pln">$ cd ike</span>
5. <span class="pln">$ cmake </span><span class="pun">-</span><span class="pln">DCMAKE_INSTALL_PREFIX</span><span class="pun">=</span><span class="str">/usr -DQTGUI=YES -DETCDIR=/</span><span class="pln">etc </span><span class="pun">-</span><span class="pln">DNATT</span><span class="pun">=</span><span class="pln">YES </span><span class="pun">.</span>
6. <span class="pln">$ make</span>
7. <span class="pln">$ sudo make install</span>
8. <span class="pln">$ cd </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span>
9. <span class="pln">$ sudo mv iked</span><span class="pun">.</span><span class="pln">conf</span><span class="pun">.</span><span class="pln">sample iked</span><span class="pun">.</span><span class="pln">conf </span>

在基于Red Hat的系统中，最后一步需要用文本编辑器打开/etc/ld.so.conf文件，并添加以下行。

1. <span class="pln">$ sudo vi </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ld</span><span class="pun">.</span><span class="pln">so</span><span class="pun">.</span><span class="pln">conf</span>

1. <span class="pln">include </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span>

重新加载运行时绑定的共享库文件，以容纳新安装的共享库：

1. <span class="pln">$ sudo ldconfig </span>

启动Shrew VPN客户端

首先，启动IKE守护进程（iked）。该守护进作为VPN客户端程通过IKE协议与远程主机经由IPSec通信。

1. <span class="pln">$ sudo iked </span>

现在，启动qikea，它是一个IPsec VPN客户端前端。该GUI应用允许你管理远程站点配置并初始化VPN连接。

要创建一个新的VPN配置，点击“添加”按钮，然后填入VPN站点配置。创建配置后，你可以通过点击配置来初始化VPN连接。

故障排除

1. 我在运行iked时碰到了如下错误。

   iked: error while loading shared libraries: libss_ike.so.2.2.1: cannot open shared object file: No such file or directory

要解决该问题，你需要更新动态链接器来容纳libss_ike库。对于此，请添加库文件的位置路径到/etc/ld.so.conf文件中，然后运行ldconfig命令。

1. <span class="pln">$ sudo ldconfig</span>

验证libss_ike是否添加到了库路径：

1. <span class="pln">$ ldconfig </span><span class="pun">-</span><span class="pln">p </span><span class="pun">|</span><span class="pln"> grep ike </span>

1. <span class="pln">libss_ike</span><span class="pun">.</span><span class="pln">so</span><span class="pun">.</span><span class="lit">2.2</span><span class="pun">.</span><span class="lit">1</span><span class="pun">(</span><span class="pln">libc6</span><span class="pun">,</span><span class="pln">x86</span><span class="pun">-</span><span class="lit">64</span><span class="pun">)</span><span class="pun">=></span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">libss_ike</span><span class="pun">.</span><span class="pln">so</span><span class="pun">.</span><span class="lit">2.2</span><span class="pun">.</span><span class="lit">1</span>
2. <span class="pln">libss_ike</span><span class="pun">.</span><span class="pln">so </span><span class="pun">(</span><span class="pln">libc6</span><span class="pun">,</span><span class="pln">x86</span><span class="pun">-</span><span class="lit">64</span><span class="pun">)</span><span class="pun">=></span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">libss_ike</span><span class="pun">.</span><span class="pln">so</span>

via: http://ask.xmodulo.com/install-shrew-soft-ipsec-vpn-client-linux.html

作者：Dan Nanni 译者：GOLinux 校对：wxy

本文由 LCTT 原创翻译，Linux中国 荣誉推出