[strongSwan] Up to date macOS native app builds

Darren S. phatbuckett at gmail.com
Fri May 4 11:28:27 CEST 2018

On Thu, May 3, 2018 at 2:03 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> > Just noting that https://download.strongswan.org/osx/ shows no current
> > Mac native app builds. It's not mentioned at
> > https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm
> > curious if these builds are no longer being done.
> See [1].

Thanks! Would a subsequent remark in that wiki page be appropriate?
(Is it something I can do if I register)?

> > I don't have faith in the current iteration of Apple's IKEv2 implementation. I'm hoping to get around what appears to be a bug in the (rekeying? re-auth?) that happens every 8 minutes that currently drops the tunnel, and to be able to configure robust algorithms
> This might be due to bug that Apple knows about since at least over a
> year (I reported it in January 2017 and it was already marked as
> duplicate), which seems to occur when the server sends back an
> INVALID_KE_PAYLOAD during IKE_SA_INIT.  During the IKE rekeying (which
> it does after eight minutes) the client will send an incorrect DH public
> value for the group it originally proposed, not the one the server
> requested and was used during IKE_SA_INIT.

Is that the same as noted here?


I can't tell if the response from Apple is suggesting strongSwan is
acting incorrectly in the described case (and if so, if the behavior
is in fact incorrect).

Darren Spruell
phatbuckett at gmail.com

More information about the Users mailing list