[strongSwan] Mac OS X Widget and High Sierra
Dan Diman
dan.diman at certifi.net
Tue Sep 26 12:48:10 CEST 2017
Ah the bleeding edge; thank you for the reply. After sending this message I did notice that commit. Building the widget is beyond my meager developer rights with Apple, but using “brew install strongswan –HEAD” did indeed result in a working command-line verison, which is at least as good, and some would probably argue it’s better.
Thanks very much for the help.
Cheers,
Dan
On 9/26/17, 2:51 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:
Hi Dan,
> In 2014, Martin W. created a version of the app that “included a short
> delay before callinggetifaddrs() on the RTM_IFINFO event” to give the
> kernel a slightly longer chance to get the new tunnel address ready
> before getifaddrs tried to enumerate it. That was a practical
> workaround in the absence of better support from the kernel, but it’s
> workaround that seems to no longer be working (around?).
Another similar workaround seems to be required, see [1].
> In looking at the OS X page on the strongSwan wiki, I notice a new
> homebrew version of strongSwan is available, and it can be built “with
> Suite B support (does not use the IPsec implementation provided by the
> kernel”. Should I take the plunge into trying to get the config files
> right for my road warrior machine and abandon the widget?
Using the userland IPsec implementation via --with-suite-b option won't
make a difference as that's what the app/widget uses anyway. Also, the
patch above has not yet been included in any release, so you'll have to
install with --HEAD to build strongSwan from the repository.
Regards,
Tobias
[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=039b85dd
More information about the Users
mailing list