How to change swap location on macOS versions like Mojave with SIP?

I am using Mobile simulator and virtual machines which memory intensive. There are a few posts on internet about how to change the location of Swap files on macOS versions with System Integrity Protection (SIP). The simplest solution without tinkering with OS internals seems to be running the below shell command after boot:

sysctl vm.swapfileprefix=/Volumes/Swap/s

(here /Volumes/Swap is the new swap directory)

But unless SIP is disabled this command can’t be executed. There should be a way to configure this on startup as I can’t keep SIP disabled just to execute this command. Does setting this in /etc/sysctl.conf work on macOS? Has anyone of you tried this? This solution is suggested in this post from 2015 for older versions of macOS when SIP didn’t exist.

How can I move virtual memory swap files to a different drive or partition?

Open to any other alternative solutions. Sorry for cross posting but I didn’t get any constructive replies on Apple forum.

big sur – Avoiding having SIP permanently disabled to permit kernel extension

I’m looking to work around the lack of support for a wireless adapter in Big Sur by using https://github.com/chris1111/Wireless-USB-Big-Sur-Adapter/. Unfortunately it requires SIP to be disabled not just during installation, but permanently. I’m trying to understand why that is, and whether there might be alternatives?

For instance, HoRDNS which faced similar problems you only need to temporarily disable it (https://github.com/jwise/HoRNDIS/issues/132)

Does anyone have any suggestions? My understanding of how all the kext stuff works is a little limited.

big sur – Local policy error when disabling SIP on Big Sur/M1

I’m trying to disable System Integrity Protection on an M1 Mac (yes, I know it’s more dangerous than chainsaw juggling)

csrutil disable as well as csrutil authenticated-root disable fail with an error:

csrutil: Failed to update security configuration for “Macintosh HD”: Failed to create local policy

How can I avoid this failure? What is causing it?


This a brand-new Big Sur 11.0 (20A2411) on M1 MBP. I’m booting into the new “Options” mode, and launching Terminal from there. Authentication is certainly OK, as I get a different error if I enter a wrong password. The user partition is accessible in this mode, I can write to /Volumes/Macintosh HD/Users/me/ for example.

-bash-3.2# csrutil disable
Turning off System Integrity Protection requires modifying system security.
Allow booting unsigned operating systems and any kernel extensions for OS "Macintosh HD"? (y/n): y

Enter password for user admin: 
Mounted /dev/disk3s3 at <private>
Unmounted /dev/disk3s3 ( <private> )
csrutil: Failed to update security configuration for "Macintosh HD": Failed to create local policy

SIP traffic and firewall rules

We have Cisco Expressway-Edge devices handling videoconferencing traffic with the outside world. This all goes through a Checkpoint firewall. The intention is that the inside endpoints can initiate meetings with outside endpoints but, for security reasons, outside endpoints cannot initiate meetings with inside endpoints. So the firewall has outbound rules to allow traffic on various TCP and UDP ports, but has no inbound rules.

With one external party, we can begin a meeting that works fully for 3-4 minutes. But then the room is shown as “leaving”, and the meeting drops. The external party thinks it has sent a SIP UPDATE message on TCP 5061, and has received no reply. If we set a rule to allow inbound traffic the the Expressway-Edge, the meeting stays up.

Why would the external party initiate new inbound connections in this context? Are inbound rules required, or is there something else going wrong?
We don’t have a full packet capture. I am looking to understand what the expected direction of traffic flows would be, if inbound connections initiated externally are deliberately not allowed.

How can I script the bootup disk in macOS Catalina without disabling SIP?

I’m on Catalina 10.15.6.

Previously, you could write shell scripts that would set the boot volume and restart the Mac, either by using bless --mount X --setBoot or by using systemsetup -setstartupdisk, but neither of these commands seem to work now when System Integrity Protection is enabled.

There must be some way to automate this, since the System Preferences app is able to change your boot disk without SIP being disabled, you just need to provide an admin password. What mechanism does the pref pane use to set the bootup disk now? Can we invoke it in a shell script?

permission – What the heck is going on with Catalina? SIP disabled, sudo mounted -uw etc. Applications folder won’t move!

I have googled everything, I am desperate. I have installed Catalina yesterday and tried all the steps here (and more) that were logical to me. The thing is I have the feeling the current version has changed again. I have a parallel MacOS / Windows System with a third exFat partition and in Mojave and Lower I always create links for /Applications and /Users to put all non systemrelevant data into the exFat, it always worked fine (thought you have to make some adjustments in order to work with iCloud apps etc). I wanted to do the same, so I followed all the normal steps to create links for /Applications (also tried with /System/Volume/Data/Applications. But it does not work at all. Usually for example I ditto the /Application to the exFat partition and mv the old one into /Application.old (just to be safe), then I create the link. But I cannot rename or delete /Applications! Is it because they created Hard/systemlinks in Catalina?? I don’t get it. Will I be able to link out the folders to my exFat partition? Any suggestions?

nat – Initial unidirectional audio with SIP trunk

I have an Asterisk server sitting on my network behind a pfSense firewall, it has two trunks, one for my household provided by my ISP using PJSIP and the other for my company provided by a third party using SIP ordinary.

Dialing works without problems, but during calls on the home network (PJSIP), the caller cannot hear me before speaking or making noise.

Here is my PJSIP configuration:

(transport-udp)
type=transport
allow_reload=yes
protocol=udp
bind=0.0.0.0:5060
local_net=192.168.2.0/24
external_media_address=REDACTED
external_signaling_address=REDACTED

(net)
type=registration
transport=transport-udp
outbound_auth=net
server_uri=sip:REDACTED
client_uri=sip:REDACTED@REDACTED
retry_interval=30
forbidden_retry_interval=30
fatal_retry_interval=30
auth_rejection_permanent=no
max_retries=10000
expiration=30
line=yes
endpoint=net
contact_user=REDACTED

(net)
type=auth
auth_type=userpass
username=REDACTED
password=REDACTED

(net)
type=aor
contact=sip:REDACTED:5060
maximum_expiration=30

(net)
type=endpoint
language=au
transport=transport-udp
context=from-net
disallow=all
allow=g722
allow=ulaw
allow=alaw
allow=g729
outbound_auth=net
aors=net
moh_suggest=music
trust_id_inbound=yes
from_user=REDACTED
from_domain=REDACTED
direct_media=no
rewrite_contact=yes

(net)
type=identify
endpoint=net
match=REDACTED

Since there are two SIP providers, the call is matched based on the IP addresses provided by my ISP from their SIP servers.

How can I fix it?

sip – Asterisk WebRTC outbound call timeout

I am running an Asterisk 16 installation and a WebPhone based on SIP.js. Unfortunately, I often don't hear the first few seconds when I call someone. But all is well with incoming calls.

The Asterisk is in a data center, the browser / client is behind NAT.

Journal (see the delay between seconds 11 to 13)

(Nov 2 17:58:11) VERBOSE(15217)(C-00000002) app_dial.c: PJSIP/hativ-voip-00000003 answered PJSIP/hativ-00000002
(Nov 2 17:58:11) VERBOSE(15226)(C-00000002) bridge_channel.c: Channel PJSIP/hativ-voip-00000003 joined 'simple_bridge' basic-bridge <80f71862-7910-4363-97e4-8d8a9e98765f>
(Nov 2 17:58:11) VERBOSE(15217)(C-00000002) bridge_channel.c: Channel PJSIP/hativ-00000002 joined 'simple_bridge' basic-bridge <80f71862-7910-4363-97e4-8d8a9e98765f>
(Nov 2 17:58:13) VERBOSE(15217)(C-00000002) res_rtp_asterisk.c: 0x7f05cc0773a0 -- Strict RTP qualifying stream type: audio
(Nov 2 17:58:13) VERBOSE(15217)(C-00000002) res_rtp_asterisk.c: 0x7f05cc0773a0 -- Strict RTP switching source address to 91.67.195.16:58920
(Nov 2 17:58:13) VERBOSE(15217)(C-00000002) res_rtp_asterisk.c: 0x7f05cc0773a0 -- Strict RTP learning complete - Locking on source address 91.67.195.16:58920
(Nov 2 17:58:13) VERBOSE(15226)(C-00000002) res_rtp_asterisk.c: 0x7f05cc0860d0 -- Strict RTP switching to RTP target address 212.117.203.158:32406 as source
(Nov 2 17:58:13) VERBOSE(15226)(C-00000002) res_rtp_asterisk.c: 0x7f05cc0860d0 -- Strict RTP learning complete - Locking on source address 212.117.203.158:32406

Configuration of the endpoint for the Asterisk account (used to connect to Asterisk):

type=endpoint

dtls_ca_file=/etc/asterisk/certificates/chain.pem
dtls_cert_file=/etc/asterisk/certificates/cert.pem
dtls_private_key=/etc/asterisk/certificates/privkey.pem

direct_media=no
force_rport=yes
rtp_ipv6=yes
rtp_symmetric=yes

; Sets dtls_setup=actpass, dtls_verify=fingerprint, ice_support=yes, media_encryption=dtls, media_use_received_transport=yes, rtcp_mux=yes, use_avpf=yes
webrtc=yes

disallow=all
allow=opus
allow=alaw
allow=ulaw

Configuration of the endpoint for the SIP account (used to connect to the SIP provider):

type=endpoint

context=incoming
dtmf_mode=rfc4733
force_rport=yes
language=de
rewrite_contact=yes
rtp_symmetric=yes
timers=yes

from_domain=example.com

disallow=all
allow=alaw

Anyone have any idea what could be causing the delay?

Unknown packets with 0x6a614b00 as payloads in SIP call traffic

Battery exchange network

The Stack Exchange network includes 175 question and answer communities, including Stack Overflow, the largest and most reliable online community for developers who want to learn, share knowledge and develop their careers.

Visit Stack Exchange

SIP requestor display software with LDAP search for Windows?

Basic problem: Running a new SIP PBX system with personal handsets. The handsets display the name and number of the caller. Handsets have tiny screens. Some people have bad eyes. The recording of magnifying glasses on the handsets is not an option.

Idea: There is a big monitor right next to the handset, connected to a Windows 7/8/10 PC. Enter the number of the caller and the name of the caller on the Windows PC. The PBX has an LDAP directory and allows you to register multiple SIP phones on the same extension.

My problem: I can not find any Windows software that can connect to a SIP PBX and an LDAP directory, displaying a large popup window with the name and number of the caller for incoming calls.

Soft phones without LDAP search support cost $ 10, but I need LDAP support and a large pop-up window. Allusions?