[strongSwan] Up to date macOS native app builds
Darren S.
phatbuckett at gmail.com
Fri May 4 11:28:27 CEST 2018
On Thu, May 3, 2018 at 2:03 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> > Just noting that https://download.strongswan.org/osx/ shows no current
> > Mac native app builds. It's not mentioned at
> > https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm
> > curious if these builds are no longer being done.
>
> See [1].
Thanks! Would a subsequent remark in that wiki page be appropriate?
(Is it something I can do if I register)?
> > I don't have faith in the current iteration of Apple's IKEv2 implementation. I'm hoping to get around what appears to be a bug in the (rekeying? re-auth?) that happens every 8 minutes that currently drops the tunnel, and to be able to configure robust algorithms
>
> This might be due to bug that Apple knows about since at least over a
> year (I reported it in January 2017 and it was already marked as
> duplicate), which seems to occur when the server sends back an
> INVALID_KE_PAYLOAD during IKE_SA_INIT. During the IKE rekeying (which
> it does after eight minutes) the client will send an incorrect DH public
> value for the group it originally proposed, not the one the server
> requested and was used during IKE_SA_INIT.
Is that the same as noted here?
http://www.openradar.appspot.com/29821241
I can't tell if the response from Apple is suggesting strongSwan is
acting incorrectly in the described case (and if so, if the behavior
is in fact incorrect).
--
Darren Spruell
phatbuckett at gmail.com
More information about the Users
mailing list