<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Andreas,<div><br></div><div>Thank you for your reply.</div><div><br></div><div>I am programming the IKEv2 VPN client on iOS myself with the following settings:</div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(233,214,11);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span><span style="color:rgb(102,217,239)">authenticationMethod</span><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = </span>NEVPNIKEAuthenticationMethod<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span><span style="color:rgb(174,128,255)">none</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(233,214,11);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span><span style="color:rgb(102,217,239)">deadPeerDetectionRate</span><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = </span>NEVPNIKEv2DeadPeerDetectionRate<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span><span style="color:rgb(174,128,255)">medium</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>ikeSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>encryptionAlgorithm<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = .</span><span style="color:rgb(174,128,255)">algorithmAES256</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>ikeSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>integrityAlgorithm<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = .</span><span style="color:rgb(174,128,255)">SHA256</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>ikeSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>diffieHellmanGroup<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = .</span><span style="color:rgb(174,128,255)">group14</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>ikeSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>lifetimeMinutes<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = </span><span style="color:rgb(240,96,255)">1440</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>childSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>encryptionAlgorithm<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = .</span><span style="color:rgb(174,128,255)">algorithmAES256</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>childSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>integrityAlgorithm<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = .</span><span style="color:rgb(174,128,255)">SHA256</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>childSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>diffieHellmanGroup<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = .</span><span style="color:rgb(174,128,255)">group14</span></p>
<p style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(102,217,239);background-color:rgb(39,40,34)"><span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> ikev2.</span>childSecurityAssociationParameters<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)">.</span>lifetimeMinutes<span style="font-stretch:normal;font-size:12px;line-height:normal;color:rgb(233,226,222)"> = </span><span style="color:rgb(240,96,255)">1440</span></p></div><div><br></div><div>I have searched into MOBIKE and apparently, Apple's NEVPNManager is supporting MOBIKE. Although it's unclear to me if I have to configure it separately, or is it functioning out of the box. So far I haven't found anything in the documentation.</div><div><br></div><div><br></div><div>Kind Regards,</div><div>Houman</div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 10 Feb 2019 at 13:14, Andreas Steffen <<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Hi Houman,<br>
<br>
actually the IKEv2 MOBIKE mobility protocol does this automatically.<br>
Does your IPsec peer (VPN gateway) support MOBIKE since strongSwan<br>
enables it out of the box?<br>
<br>
Regards<br>
<br>
Andreas<br>
<br>
On 09.02.19 17:50, Houman wrote:<br>
> Hello,<br>
> <br>
> I've set up strongSwan U5.6.2/K4.15.0-43-generic on Ubuntu 18.04. It<br>
> works very well.<br>
> <br>
> However is there any way to improve connection or loss of when moving<br>
> from cellular 4G to WiFi / WiFi to 4G?<br>
> <br>
> I thought that IKEv2 could do that seamlessly?<br>
> <br>
> Many Thanks,<br>
> <br>
<br>
-- <br>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Networked Solutions<br>
HSR University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[INS-HSR]==<br>
<br>
</blockquote></div>