Hi Dan, > In 2014, Martin W. created a version of the app that “included a short > delay before callinggetifaddrs() on the RTM_IFINFO event” to give the > kernel a slightly longer chance to get the new tunnel address ready > before getifaddrs tried to enumerate it. That was a practical > workaround in the absence of better support from the kernel, but it’s > workaround that seems to no longer be working (around?).
Another similar workaround seems to be required, see [1]. > In looking at the OS X page on the strongSwan wiki, I notice a new > homebrew version of strongSwan is available, and it can be built “with > Suite B support (does not use the IPsec implementation provided by the > kernel”. Should I take the plunge into trying to get the config files > right for my road warrior machine and abandon the widget? Using the userland IPsec implementation via --with-suite-b option won't make a difference as that's what the app/widget uses anyway. Also, the patch above has not yet been included in any release, so you'll have to install with --HEAD to build strongSwan from the repository. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=039b85dd
