[strongSwan] IKEv2 rekey failure with IOS8

Tom Matthews tom at axiom-partners.com
Thu Jul 23 20:03:52 CEST 2015

> On 23 Jul 2015, at 18:10, Tobias Brunner <tobias at strongswan.org> wrote:
> but more correctly you'd define that as prfsha256 in the IKE proposal instead.

Noted, I’ve updated the IKE proposal accordingly.

> You saw that the proposal by the iOS 8 client does not contain a DH
> group.  This is actually not RFC 7296 (IKEv2) compliant. So this looks like a bug in iOS 8 to me.

It also sounds like my suspicions about lack of PFS support in IOS8.3 are confirmed.

> The iOS 8 IKEv2 client can handle a single proposal for ESP, which can
> be changed with the ChildSecurityAssociationParameters in the profile.
> You obviously already did specify that to use AES-GCM.  If the proposal
> in your profile actually includes a DiffieHellmanGroup key with the
> value set to 16 then this looks like another bug.

Indeed, the mobileconfig I used on the IOS device contains the supposedly supported child DH param '16' :

> Does the same happen if the client initiates the rekeying?  Does the
> behavior change if you don't use AES-GCM?

I tried getting the IOS8 client to do a rekey by using this config, as there’s no way to force a rekey on the device AFAIK :


But a rekey attempt from the IOS8 device hasn’t happened yet, I’ll leave it a few hours and see what happens, but in the meantime
I am satisfied to discover that IOS8 cannot handle rekey from the server, and cannot seemingly support PFS.

Kind regards and thank you for your attention on this matter,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3565 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150723/efb36122/attachment.bin>

More information about the Users mailing list