[strongSwan] Mac OS X Widget and High Sierra

Dan Diman dan.diman at certifi.net
Tue Sep 26 12:48:10 CEST 2017

Ah the bleeding edge; thank you for the reply.  After sending this message I did notice that commit.  Building the widget is beyond my meager developer rights with Apple, but using “brew install strongswan –HEAD” did indeed result in a working command-line verison, which is at least as good, and some would probably argue it’s better.

Thanks very much for the help.


On 9/26/17, 2:51 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

    Hi Dan,
    > In 2014, Martin W. created a version of the app that “included a short
    > delay before callinggetifaddrs() on the RTM_IFINFO event” to give the
    > kernel a slightly longer chance to get the new tunnel address ready
    > before getifaddrs tried to enumerate it.  That was a practical
    > workaround in the absence of better support from the kernel, but it’s
    > workaround that seems to no longer be working (around?).
    Another similar workaround seems to be required, see [1].
    > In looking at the OS X page on the strongSwan wiki, I notice a new
    > homebrew version of strongSwan is available, and it can be built “with
    > Suite B support (does not use the IPsec implementation provided by the
    > kernel”.  Should I take the plunge into trying to get the config files
    > right for my road warrior machine and abandon the widget?
    Using the userland IPsec implementation via --with-suite-b option won't
    make a difference as that's what the app/widget uses anyway.  Also, the
    patch above has not yet been included in any release, so you'll have to
    install with --HEAD to build strongSwan from the repository.
    [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=039b85dd

More information about the Users mailing list