[strongSwan] IKEv2 rekey failure with IOS8
tom at axiom-partners.com
Thu Jul 23 20:03:52 CEST 2015
> On 23 Jul 2015, at 18:10, Tobias Brunner <tobias at strongswan.org> wrote:
> but more correctly you'd define that as prfsha256 in the IKE proposal instead.
Noted, I’ve updated the IKE proposal accordingly.
> You saw that the proposal by the iOS 8 client does not contain a DH
> group. This is actually not RFC 7296 (IKEv2) compliant. So this looks like a bug in iOS 8 to me.
It also sounds like my suspicions about lack of PFS support in IOS8.3 are confirmed.
> The iOS 8 IKEv2 client can handle a single proposal for ESP, which can
> be changed with the ChildSecurityAssociationParameters in the profile.
> You obviously already did specify that to use AES-GCM. If the proposal
> in your profile actually includes a DiffieHellmanGroup key with the
> value set to 16 then this looks like another bug.
Indeed, the mobileconfig I used on the IOS device contains the supposedly supported child DH param '16' :
> Does the same happen if the client initiates the rekeying? Does the
> behavior change if you don't use AES-GCM?
I tried getting the IOS8 client to do a rekey by using this config, as there’s no way to force a rekey on the device AFAIK :
But a rekey attempt from the IOS8 device hasn’t happened yet, I’ll leave it a few hours and see what happens, but in the meantime
I am satisfied to discover that IOS8 cannot handle rekey from the server, and cannot seemingly support PFS.
Kind regards and thank you for your attention on this matter,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3565 bytes
Desc: not available
More information about the Users