[strongSwan] Mac OS X Widget and High Sierra
Tobias Brunner
tobias at strongswan.org
Tue Sep 26 09:51:12 CEST 2017
Hi Dan,
> In 2014, Martin W. created a version of the app that “included a short
> delay before callinggetifaddrs() on the RTM_IFINFO event” to give the
> kernel a slightly longer chance to get the new tunnel address ready
> before getifaddrs tried to enumerate it. That was a practical
> workaround in the absence of better support from the kernel, but it’s
> workaround that seems to no longer be working (around?).
Another similar workaround seems to be required, see [1].
> In looking at the OS X page on the strongSwan wiki, I notice a new
> homebrew version of strongSwan is available, and it can be built “with
> Suite B support (does not use the IPsec implementation provided by the
> kernel”. Should I take the plunge into trying to get the config files
> right for my road warrior machine and abandon the widget?
Using the userland IPsec implementation via --with-suite-b option won't
make a difference as that's what the app/widget uses anyway. Also, the
patch above has not yet been included in any release, so you'll have to
install with --HEAD to build strongSwan from the repository.
Regards,
Tobias
[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=039b85dd
More information about the Users
mailing list