[strongSwan] Mac OS X Widget Yosemite Issues

Dan Diman dan.diman at certifi.net
Fri Oct 24 21:38:53 CEST 2014

Thank you, Martin.  This does indeed resolve the issue.  strongSwan
connects immediately and has been stable all day through several cycles of
disconnecting and reconnecting.

As you observe, it may not qualify as a clean fix, but it is effective!

Thank you again.


On 10/24/14, 9:00 AM, "Martin Willi" <martin at strongswan.org> wrote:

>> I¹m using the Mac OS X strongSwan widget and after upgrading to
>> Yosemite, I am receiving the error "No common traffic selectors found²
>> very frequently, but not 100% of the time.  Something like 95% of the
>> time.
>I could reproduce the issue here on Yosemite. It happens here in 1 of
>about 10 times, so I unfortunately haven't noticed that in my earlier
>> created TUN device: utun1
>> virtual IP did not appear on utun1
>> installing virtual IP failed
>> no acceptable traffic selectors found
>On Yosemite, the kernel raises RTM_IFINFO for our new tun device, but
>the address seems to not be enumerable yet by getifaddrs(). As the
>kernel doesn't give us a RTM_NEWADDR event, either, charon can't notice
>that the address is ready.
>A clean fix is rather difficult, maybe we could manually enumerate the
>interfaces once again if the timeout triggers, but this requires some
>major changes. Instead, I've included a short delay before calling
>getifaddrs() on the RTM_IFINFO event [1]. In my tests that seems to make
>things more reliable, it was successful in all of about 30 tries.
>A new release based on 5.2.1 is available at [2]. Probably it can't fix
>the issue, but it certainly should make the success rate significantly
>better. Let me know if it works for you.

More information about the Users mailing list