[strongSwan] strongswan 4.6.4 and IOS6

Martin Willi martin at strongswan.org
Thu Nov 15 10:38:23 CET 2012

Hi Andreas,

> pluto[1640]: packet from next payload type of
> ISAKMP Message has an unknown value: 132

In some situations, iOS6 now uses the Cisco proprietary IKE
fragmentation, even if strongSwan did not indicate support for it. IKE
fragmentation is currently not supported in strongSwan.

> I read that the VPN tunnel should work with strongswan 5.

The new IKEv1 implementation in strongSwan 5.x can't handle IKE
fragmentation, either.

> Is there a patch for strongswan 4.6.4. to enable the VPN tunnel with
> IOS6.

No. I don't know what the exact parameters are when iOS6/racoon switches
to IKE fragmentation. It works with some (shorter?) certificates, but
not with others.


More information about the Users mailing list