<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
1) The log shows that while it took a couple of attempts to
establish and IKE SA, it was eventually up with and ESP Child SA as
well. So, as far as I can see in your logs, the connection should be
up. What happens next? do the logs show that the connection is
dropped for some reason? what is the output of "ipsec statusall"?
Can you confirm that you are receiving ESP packets afterward, or if
ESP is blocked? <br>
<br>
2) Depending on the vpn clients you use, your proposals seem OK. I
would expand them a bit with better DH group in case the client
supports it in both IKE and ESP configs. In ESP case you can have
two proposals, with and without DH groups if you have clients that
can't do DH with ESP. Unless you really think you need 3des-sha1 for
some clients, there is no reason to keep it. Here is an example:<br>
<br>
ike=aes256-sha256-ecp521-ecp256-modp4096-modp2048!<br>
esp=aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048,
aes256-sha256-sha1!<br>
<div class="moz-cite-prefix"><br>
<br>
Regards,<br>
Jafar<br>
<br>
On 5/11/2018 3:17 AM, Houman wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABBZOsm5hwSoOOo4Qq0HLDof9Bi2udiYic3mEsp6vkH4ZCi5Og@mail.gmail.com">
<div dir="ltr">Hello Jafar,
<div><br>
</div>
<div>Apologies, as I didn't explain what I had already tried.</div>
<div><br>
</div>
<div>1) I have tried your suggestion:</div>
<div><br>
</div>
<div>
<div> ike=aes256-sha256-prfsha256-modp2048-modp1024!</div>
<div> esp=aes256-sha256,aes256-sha1,3des-sha1!</div>
</div>
<div><br>
</div>
<div>I can connect to it via iOS 11 and OSX High Sierra without
any problem from UK. And I no longer get that error message:
"<span style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px">DH group MODP_2048 inacceptable,
requesting MODP_1024".</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px">However my user still can't
connect. As he is connecting from Iran, I strongly suspect
this is because of a recent tightening of the VPN traffic
due to the recent political circumstances. Further below I
have pasted the log when he is trying to connect
unsuccessfully. It says "Connecting..." and after a few
sconds, it drops.</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px">2) Unrelated to that, considering
what we discussed in this thread, it seems I could skip
both </span><b>prfsha256</b> and <b>modp1024</b>.<span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"> Would you say this is now the
perfect settings for iOS 10+, OSX and Windows 10?</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div>
<div><b> ike=aes256-sha256-modp2048!</b></div>
<div><b> esp=aes256-sha256,aes256-sha1,3des-sha1!</b></div>
</div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px">Many Thanks for your help,</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px">Houman</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px">Btw here is the log when he is
trying to connect:</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[NET] received packet: from 109.230.xxx.xx[500] to
172.31.xxx.xxx[500] (604 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[IKE] 109.230.xxx.xx is initiating an IKE_SA</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[IKE] local host is behind NAT, sending keep
alives</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[IKE] remote host is behind NAT</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[ENC] generating IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:16 vpn-server
charon: 02[NET] sending packet: from 172.31.xxx.xxx[500] to
109.230.xxx.xx[500] (448 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:36 vpn-server
charon: 01[IKE] sending keep alive to 109.230.xxx.xx[500]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:55:46 vpn-server
charon: 11[JOB] deleting half open IKE_SA after timeout</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[NET] received packet: from 109.230.xxx.xx[1] to
172.31.xxx.xxx[500] (624 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) V V V V ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[IKE] received MS-Negotiation Discovery Capable
vendor ID</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[IKE] received Vid-Initial-Contact vendor ID</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[IKE] 109.230.xxx.xx is initiating an IKE_SA</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[IKE] local host is behind NAT, sending keep
alives</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[IKE] remote host is behind NAT</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:44 vpn-server
charon: 16[NET] sending packet: from 172.31.xxx.xxx[500] to
109.230.xxx.xx[1] (440 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[NET] received packet: from 109.230.xxx.xx[1024]
to 172.31.xxx.xxx[4500] (1536 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ
N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi
TSr ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[IKE] received 54 cert requests for an unknown ca</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[CFG] looking for peer configs matching
172.31.xxx.xxx[%any]...109.230.xxx.xx[192.168.1.103]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[CFG] selected peer config 'roadwarrior'</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[IKE] initiating EAP_IDENTITY method (id 0x00)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[IKE] peer supports MOBIKE</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[IKE] authentication of '<a
href="http://vpn1.xxx.com" moz-do-not-send="true">vpn1.xxx.com</a>'
(myself) with RSA signature successful</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[IKE] sending end entity cert "CN=<a
href="http://vpn1.xxx.com" moz-do-not-send="true">vpn1.xxx.com</a>"</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[IKE] sending issuer cert "C=US, O=Let's Encrypt,
CN=Let's Encrypt Authority X3"</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[ENC] generating IKE_AUTH response 1 [ IDr CERT
CERT AUTH EAP/REQ/ID ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 04[NET] sending packet: from 172.31.xxx.xxx[4500] to
109.230.xxx.xx[1024] (3616 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 02[NET] received packet: from 109.230.xxx.xx[1024]
to 172.31.xxx.xxx[4500] (96 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 02[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 02[IKE] received EAP identity 'houmie'</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 02[IKE] initiating EAP_MSCHAPV2 method (id 0x6C)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 02[ENC] generating IKE_AUTH response 2 [
EAP/REQ/MSCHAPV2 ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 02[NET] sending packet: from 172.31.xxx.xxx[4500] to
109.230.xxx.xx[1024] (112 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 03[NET] received packet: from 109.230.xxx.xx[1024]
to 172.31.xxx.xxx[4500] (144 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 03[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2
]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 03[ENC] generating IKE_AUTH response 3 [
EAP/REQ/MSCHAPV2 ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 03[NET] sending packet: from 172.31.xxx.xxx[4500] to
109.230.xxx.xx[1024] (144 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 01[NET] received packet: from 109.230.xxx.xx[1024]
to 172.31.xxx.xxx[4500] (80 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 01[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2
]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 01[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK
established</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 01[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:45 vpn-server
charon: 01[NET] sending packet: from 172.31.xxx.xxx[4500] to
109.230.xxx.xx[1024] (80 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[NET] received packet: from 109.230.xxx.xx[1024]
to 172.31.xxx.xxx[4500] (112 bytes)</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[ENC] parsed IKE_AUTH request 5 [ AUTH ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] authentication of '192.168.1.103' with EAP
successful</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] authentication of '<a
href="http://vpn1.xxx.com" moz-do-not-send="true">vpn1.xxx.com</a>'
(myself) with EAP</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] IKE_SA roadwarrior[4] established between
172.31.xxx.xxx[<a href="http://vpn1.xxx.com"
moz-do-not-send="true">vpn1.xxx.com</a>]...109.230.xxx.xx[192.168.1.103]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] peer requested virtual IP %any</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[CFG] reassigning offline lease to 'houmie'</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] assigning virtual IP 10.10.10.1 to peer
'houmie'</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] peer requested virtual IP %any6</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] no virtual IP found for %any6 requested by
'houmie'</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[IKE] CHILD_SA roadwarrior{2} established with
SPIs caa2d799_i 8f5ab10c_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://10.10.10.1/32" moz-do-not-send="true">10.10.10.1/32</a></p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[ENC] generating IKE_AUTH response 5 [ AUTH
CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]</p>
<p
style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";color:rgb(69,69,69)">May 11 07:57:46 vpn-server
charon: 11[NET] sending packet: from 172.31.xxx.xxx[4500] to
109.230.xxx.xx[1024] (256 bytes)</p>
</div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><span
style="color:rgb(69,69,69);font-family:"Helvetica
Neue";font-size:12px"><br>
</span></div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 May 2018 at 21:52, John Connett <span
dir="ltr"><<a href="mailto:jrc@skylon.demon.co.uk"
target="_blank" moz-do-not-send="true">jrc@skylon.demon.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div id="m_4818619819815122131divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif"
dir="ltr">
<div id="m_4818619819815122131divtagdefaultwrapper"
style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,EmojiFont,"Apple
Color Emoji","Segoe UI
Emoji",NotoColorEmoji,"Segoe UI
Symbol","Android Emoji",EmojiSymbols"
dir="ltr">
<p style="margin-top:0;margin-bottom:0">Don't know if
this might be related:</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0"><a
href="https://support.microsoft.com/en-gb/help/4103721/windows-10-update-kb4103721"
class="m_4818619819815122131OWAAutoLink"
id="m_4818619819815122131LPlnk348641"
target="_blank" moz-do-not-send="true">https://support.microsoft.com/<wbr>en-gb/help/4103721/windows-10-<wbr>update-kb4103721</a><br>
<br>
</p>
"<span>Addresses an issue that prevents certain VPN
apps from working on builds of Windows 10, version
1803. These apps were developed using an SDK version
that precedes Windows 10, version 1803, and use the
public RasSetEntryProperties API".</span></div>
<div id="m_4818619819815122131divtagdefaultwrapper"
style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,EmojiFont,"Apple
Color Emoji","Segoe UI
Emoji",NotoColorEmoji,"Segoe UI
Symbol","Android Emoji",EmojiSymbols"
dir="ltr">
<br>
</div>
<div id="m_4818619819815122131divtagdefaultwrapper"
style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,EmojiFont,"Apple
Color Emoji","Segoe UI
Emoji",NotoColorEmoji,"Segoe UI
Symbol","Android Emoji",EmojiSymbols"
dir="ltr">
<span></span>Regards</div>
<div id="m_4818619819815122131divtagdefaultwrapper"
style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,EmojiFont,"Apple
Color Emoji","Segoe UI
Emoji",NotoColorEmoji,"Segoe UI
Symbol","Android Emoji",EmojiSymbols"
dir="ltr">
--</div>
<div id="m_4818619819815122131divtagdefaultwrapper"
style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,EmojiFont,"Apple
Color Emoji","Segoe UI
Emoji",NotoColorEmoji,"Segoe UI
Symbol","Android Emoji",EmojiSymbols"
dir="ltr">
John Connett<br>
<br>
<div style="color:rgb(0,0,0)">
<hr style="display:inline-block;width:98%">
<div id="m_4818619819815122131divRplyFwdMsg"
dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
Users <<a
href="mailto:users-bounces@lists.strongswan.org"
target="_blank" moz-do-not-send="true">users-bounces@lists.<wbr>strongswan.org</a>>
on behalf of Jafar Al-Gharaibeh <<a
href="mailto:jafar@atcorp.com" target="_blank"
moz-do-not-send="true">jafar@atcorp.com</a>><br>
<b>Sent:</b> 10 May 2018 21:33<br>
<b>To:</b> Houman<br>
<b>Cc:</b> <a
href="mailto:users@lists.strongswan.org"
target="_blank" moz-do-not-send="true">users@lists.strongswan.org</a><br>
<b>Subject:</b> Re: [strongSwan] Sudden issues
with Windows 10 clients</font>
<div> </div>
</div>
<span class="">
<div style="background-color:#ffffff">Hi Houman,<br>
<br>
Similar to the Windows problem you had earlier,
you don't have the correct combination of
configured algorithms. look at the logs:<br>
<br>
May 10 20:26:48 vpn-server charon: 12[IKE]
DH group MODP_2048 inacceptable, requesting
MODP_1024<br>
<br>
The iphone expect modp2048, but your
configuration says modp1024. Look back at the
suggestion we made for Windows and just use the
same configuration.<br>
<br>
Regards,<br>
Jafar<br>
</div>
</span></div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>