Hi Darren, > Just noting that https://download.strongswan.org/osx/ shows no current > Mac native app builds. It's not mentioned at > https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm > curious if these builds are no longer being done.
See [1]. > I don't have faith in the current iteration of Apple's IKEv2 implementation. > I'm hoping to get around what appears to be a bug in the (rekeying? re-auth?) > that happens every 8 minutes that currently drops the tunnel, and to be able > to configure robust algorithms This might be due to bug that Apple knows about since at least over a year (I reported it in January 2017 and it was already marked as duplicate), which seems to occur when the server sends back an INVALID_KE_PAYLOAD during IKE_SA_INIT. During the IKE rekeying (which it does after eight minutes) the client will send an incorrect DH public value for the group it originally proposed, not the one the server requested and was used during IKE_SA_INIT. Regards, Tobias [1] https://wiki.strongswan.org/issues/2089#note-2
