IOS Ipsec Sha256 issue



  • Hey guys!!

    I am trying to setup my mobile vpn! Indeed, I already have it working!
    I am using aes256 and sha256, etc my clients are able to connect, no issues

    But now, I needed to make my iOS clients to connect using iphone and Ipad. And no way to put the tunnel up for those guys!

    In a troubleshooting, I changed the hash algorithm to Sha1 and it comes up! I need to change for both phases!

    But for security reasons and policies, I cant leave it working using sha1.

    Did anyone face the same issue? Or anyone having it working with Sha256 or an app that I can use and not using the native iOS vpn setup???

    Thanks in advance,

    Diego



  • iOS only supports SHA1 there AFAIK, it's not configurable. You can at least enable multiple options in the P2 so clients that support it will use SHA256.



  • Oh, what a pitty!!!

    Thanks for your helping!!!

    Diego



  • iOS 8 does have SHA256 support (and better DH groups), but it can only be accessed by creating a custom profile based on IKEv2 using Apple Configurator. It's about as inconvenient as they could possibly make it.

    And it's iOS 8 only. No OS X support.



  • IKEv2 is a better idea in general, though only if all your mobile clients support IKEv2. Apple does indeed make it about as painful as possible to setup IKEv2 on iOS.



  • hello guys!

    But, where can I find that apple configurator for ikev2?

    No app to use?



  • Apple Configurator is an enterprise configuration management tool from Apple. You can find it in the App store.

    But honestly, I encourage you to turn back now…



  • Hi guys!

    Right, got it!

    Thanks in advance!!!

    I have another topic about split tunnel. If you guys could help me on that, I appreciate.

    Diego


Log in to reply