[strongSwan] Up to date macOS native app builds

Tobias Brunner tobias at strongswan.org
Thu May 3 11:03:49 CEST 2018


Hi Darren,

> Just noting that https://download.strongswan.org/osx/ shows no current
> Mac native app builds. It's not mentioned at
> https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm
> curious if these builds are no longer being done.

See [1].

> I don't have faith in the current iteration of Apple's IKEv2 implementation. I'm hoping to get around what appears to be a bug in the (rekeying? re-auth?) that happens every 8 minutes that currently drops the tunnel, and to be able to configure robust algorithms

This might be due to bug that Apple knows about since at least over a
year (I reported it in January 2017 and it was already marked as
duplicate), which seems to occur when the server sends back an
INVALID_KE_PAYLOAD during IKE_SA_INIT.  During the IKE rekeying (which
it does after eight minutes) the client will send an incorrect DH public
value for the group it originally proposed, not the one the server
requested and was used during IKE_SA_INIT.

Regards,
Tobias

[1] https://wiki.strongswan.org/issues/2089#note-2


More information about the Users mailing list