<div dir="ltr"><div dir="ltr"><div dir="ltr">Hello,<br><div><br></div><div>I would like to change the encryption to support the following on iOS:</div><br>ikev2.ikeSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM<br>ikev2.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA384<br>ikev2.ikeSecurityAssociationParameters.diffieHellmanGroup = .group19<br>ikev2.childSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM<br>ikev2.childSecurityAssociationParameters.integrityAlgorithm = .SHA384<br>ikev2.childSecurityAssociationParameters.diffieHellmanGroup = .group19<br><br></div><div>This is how the server is setup:</div>config setup<br>  strictcrlpolicy=yes<br>  uniqueids=never<br>conn ${SERVERNAME}<br>  auto=add<br>  compress=no<br>  type=tunnel<br>  keyexchange=ikev2<br>  fragmentation=yes<br>  forceencaps=yes<br>  ike=aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048, aes256-sha256-ecp521-ecp256-modp4096-modp2048!<br>  esp=aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1!<br>  dpdaction=clear<br>  dpddelay=180s<br>  dpdtimeout=3600s<br>  rekey=no<br>  left=%any<br>  leftid=@${VPNHOST}<br>  leftcert=cert.pem<br>  leftsendcert=always<br>  leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a>, ::/0<br>  right=%any<br>  rightid=%any<br>  rightauth=eap-radius<br>  eap_identity=%any<br>  rightdns=${DNS1},${DNS2}<br>  rightsourceip=${VPNIPPOOL},${VPNIP6POOL}<br>  leftfirewall=no</div><div dir="ltr"><br></div><div>But I can't connect, what do I have to change to make this possible, please? </div><div>Thanks</div><div>Houman</div></div>