On Thu, May 3, 2018 at 2:03 AM, Tobias Brunner <[email protected]> wrote: > > Just noting that https://download.strongswan.org/osx/ shows no current > > Mac native app builds. It's not mentioned at > > https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm > > curious if these builds are no longer being done. > > See [1].
Thanks! Would a subsequent remark in that wiki page be appropriate? (Is it something I can do if I register)? > > I don't have faith in the current iteration of Apple's IKEv2 > > implementation. I'm hoping to get around what appears to be a bug in the > > (rekeying? re-auth?) that happens every 8 minutes that currently drops the > > tunnel, and to be able to configure robust algorithms > > This might be due to bug that Apple knows about since at least over a > year (I reported it in January 2017 and it was already marked as > duplicate), which seems to occur when the server sends back an > INVALID_KE_PAYLOAD during IKE_SA_INIT. During the IKE rekeying (which > it does after eight minutes) the client will send an incorrect DH public > value for the group it originally proposed, not the one the server > requested and was used during IKE_SA_INIT. Is that the same as noted here? http://www.openradar.appspot.com/29821241 I can't tell if the response from Apple is suggesting strongSwan is acting incorrectly in the described case (and if so, if the behavior is in fact incorrect). -- Darren Spruell [email protected]
