[strongSwan] Up to date macOS native app builds
tobias at strongswan.org
Fri May 4 12:29:39 CEST 2018
>>> Just noting that https://download.strongswan.org/osx/ shows no current
>>> Mac native app builds. It's not mentioned at
>>> https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm
>>> curious if these builds are no longer being done.
>> See .
> Thanks! Would a subsequent remark in that wiki page be appropriate?
> (Is it something I can do if I register)?
Sure, go ahead.
>>> I don't have faith in the current iteration of Apple's IKEv2 implementation. I'm hoping to get around what appears to be a bug in the (rekeying? re-auth?) that happens every 8 minutes that currently drops the tunnel, and to be able to configure robust algorithms
>> This might be due to bug that Apple knows about since at least over a
>> year (I reported it in January 2017 and it was already marked as
>> duplicate), which seems to occur when the server sends back an
>> INVALID_KE_PAYLOAD during IKE_SA_INIT. During the IKE rekeying (which
>> it does after eight minutes) the client will send an incorrect DH public
>> value for the group it originally proposed, not the one the server
>> requested and was used during IKE_SA_INIT.
> Is that the same as noted here?
Doesn't look like it, the issue I described is regarding IKE_SA
rekeying, not CHILD_SA rekeying.
> I can't tell if the response from Apple is suggesting strongSwan is
> acting incorrectly in the described case (and if so, if the behavior
> is in fact incorrect).
It sounds like a configuration mismatch (one side wants to use PFS, the
So check your log to see if the issue you have is related to IKE_SA or
More information about the Users