[strongSwan] IKEv2 rekey failure with IOS8

Tobias Brunner tobias at strongswan.org
Fri Jul 24 11:11:35 CEST 2015

Hi Tom,

>> You saw that the proposal by the iOS 8 client does not contain a DH
>> group.  This is actually not RFC 7296 (IKEv2) compliant. So this looks like a bug in iOS 8 to me.
> It also sounds like my suspicions about lack of PFS support in IOS8.3 are confirmed.

Yes, looks like it (at least as responder of a rekeying).  Or perhaps
just with this particular proposal.  Did you try without AES-GCM, or
with different DH groups?  Support for AES-GCM this was added relatively
recently with 8.3 so perhaps it's a regression only triggered by that
algorithm (or the absence of an integrity algorithm in the proposal).

>> Does the same happen if the client initiates the rekeying?  Does the
>> behavior change if you don't use AES-GCM?
> I tried getting the IOS8 client to do a rekey by using this config, as there’s no way to force a rekey on the device AFAIK :
>         keylife=5m
>         rekeymargin=1m
>         rekey=no
> But a rekey attempt from the IOS8 device hasn’t happened yet

Since the lifetimes are not negotiated with IKEv2, reducing the
lifetimes on the server won't influence the client.  The
LifeTimeInMinutes key in the ChildSecurityAssociationParameters
dictionary might have an effect.


More information about the Users mailing list