[strongSwan] Up to date macOS native app builds

Darren S. phatbuckett at gmail.com
Thu May 3 05:42:53 CEST 2018


The built-in VPN client has been a comedy of errors for my deployment... I
don't have faith in the current iteration of Apple's IKEv2 implementation.
I'm hoping to get around what appears to be a bug in the (rekeying?
re-auth?) that happens every 8 minutes that currently drops the tunnel, and
to be able to configure robust algorithms (I understand it also lacks
support for things like AES-GCM, defaults to weak DH groups, etc.). I can't
figure out the magic sauce required to get logging/debugging with IKEv2
(the common advice I see to enable Racoon logging appears to apply to IKEv1
keying). It appears that the only way of having granular control over
settings is to use a configuration profile and deal with a config utility
or the plist format. There are plenty of blog and forum posts and wiki
pages in various places that talk about how to make things work, but
there's also an equivalent amount of variance in what they recommend doing
(including many that are wrong or recommend insecure configurations).

I'm hoping the next version of the OS brings significant improvements to
the IPsec framework but at this point I was hoping to use a more robust and
configurable (and easier to diagnose) client. I can roll with the Homebrew
build but I was looking forward to trying out the graphical interface too.

- Darren

On Wed, May 2, 2018 at 12:30 PM, ccsalway <ccsalway at yahoo.co.uk> wrote:

> The built in VPN client is able to connect using Certificate and
> Username/Password, so I’m curious what you hope to gain from a native app?
>
> - C
>
> On 2 May 2018, at 19:28, Darren S. <phatbuckett at gmail.com> wrote:
>
> Hi,
>
> Just noting that https://download.strongswan.org/osx/ shows no current
> Mac native app builds. It's not mentioned at https://wiki.strongswan.org/
> projects/strongswan/wiki/MacOSX so I'm curious if these builds are no
> longer being done. Is the current guidance for macOS to use Homebrew or do
> a manual build? (And if the .app bundle build is no longer occurring, is
> there currently no supported macOS native app option)?
>
> --
> Darren Spruell
> phatbuckett at gmail.com
>
>
>


-- 
Darren Spruell
phatbuckett at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180502/eeebbb3e/attachment.html>


More information about the Users mailing list