IOS Ipsec Sha256 issue
-
Hey guys!!
I am trying to setup my mobile vpn! Indeed, I already have it working!
I am using aes256 and sha256, etc my clients are able to connect, no issuesBut now, I needed to make my iOS clients to connect using iphone and Ipad. And no way to put the tunnel up for those guys!
In a troubleshooting, I changed the hash algorithm to Sha1 and it comes up! I need to change for both phases!
But for security reasons and policies, I cant leave it working using sha1.
Did anyone face the same issue? Or anyone having it working with Sha256 or an app that I can use and not using the native iOS vpn setup???
Thanks in advance,
Diego
-
iOS only supports SHA1 there AFAIK, it's not configurable. You can at least enable multiple options in the P2 so clients that support it will use SHA256.
-
Oh, what a pitty!!!
Thanks for your helping!!!
Diego
-
iOS 8 does have SHA256 support (and better DH groups), but it can only be accessed by creating a custom profile based on IKEv2 using Apple Configurator. It's about as inconvenient as they could possibly make it.
And it's iOS 8 only. No OS X support.
-
IKEv2 is a better idea in general, though only if all your mobile clients support IKEv2. Apple does indeed make it about as painful as possible to setup IKEv2 on iOS.
-
hello guys!
But, where can I find that apple configurator for ikev2?
No app to use?
-
Apple Configurator is an enterprise configuration management tool from Apple. You can find it in the App store.
But honestly, I encourage you to turn back now…
-
Hi guys!
Right, got it!
Thanks in advance!!!
I have another topic about split tunnel. If you guys could help me on that, I appreciate.
Diego
