Ah the bleeding edge; thank you for the reply. After sending this message I did notice that commit. Building the widget is beyond my meager developer rights with Apple, but using “brew install strongswan –HEAD” did indeed result in a working command-line verison, which is at least as good, and some would probably argue it’s better.
Thanks very much for the help. Cheers, Dan On 9/26/17, 2:51 AM, "Tobias Brunner" <[email protected]> wrote: Hi Dan, > In 2014, Martin W. created a version of the app that “included a short > delay before callinggetifaddrs() on the RTM_IFINFO event” to give the > kernel a slightly longer chance to get the new tunnel address ready > before getifaddrs tried to enumerate it. That was a practical > workaround in the absence of better support from the kernel, but it’s > workaround that seems to no longer be working (around?). Another similar workaround seems to be required, see [1]. > In looking at the OS X page on the strongSwan wiki, I notice a new > homebrew version of strongSwan is available, and it can be built “with > Suite B support (does not use the IPsec implementation provided by the > kernel”. Should I take the plunge into trying to get the config files > right for my road warrior machine and abandon the widget? Using the userland IPsec implementation via --with-suite-b option won't make a difference as that's what the app/widget uses anyway. Also, the patch above has not yet been included in any release, so you'll have to install with --HEAD to build strongSwan from the repository. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=039b85dd
