IKEv2 and iOS 9

miken32

Anyone got this working? I'm having problems getting past P1 setup and I'm not sure why.

Oct 16 11:51:28	charon: 15[MGR] checkout IKE_SA by message
Oct 16 11:51:28	charon: 15[MGR] created IKE_SA (unnamed)[3]
Oct 16 11:51:28	charon: 15[MGR] created IKE_SA (unnamed)[3]
Oct 16 11:51:28	charon: 15[CFG] <3> looking for an ike config for 1.2.3.4...9.8.7.6
Oct 16 11:51:28	charon: 15[CFG] <3> looking for an ike config for 1.2.3.4...9.8.7.6
Oct 16 11:51:28	charon: 15[CFG] <3> candidate: 1.2.3.4...%any, prio 1052
Oct 16 11:51:28	charon: 15[CFG] <3> candidate: 1.2.3.4...%any, prio 1052
Oct 16 11:51:28	charon: 15[CFG] <3> found matching ike config: 1.2.3.4...%any with prio 1052
Oct 16 11:51:28	charon: 15[CFG] <3> found matching ike config: 1.2.3.4...%any with prio 1052
Oct 16 11:51:28	charon: 15[IKE] <3> 9.8.7.6 is initiating an IKE_SA
Oct 16 11:51:28	charon: 15[IKE] <3> 9.8.7.6 is initiating an IKE_SA
Oct 16 11:51:28	charon: 15[IKE] <3> IKE_SA (unnamed)[3] state change: CREATED => CONNECTING
Oct 16 11:51:28	charon: 15[IKE] <3> IKE_SA (unnamed)[3] state change: CREATED => CONNECTING
Oct 16 11:51:28	charon: 15[CFG] <3> selecting proposal:
Oct 16 11:51:28	charon: 15[CFG] <3> selecting proposal:
Oct 16 11:51:28	charon: 15[CFG] <3> no acceptable ENCRYPTION_ALGORITHM found
Oct 16 11:51:28	charon: 15[CFG] <3> no acceptable ENCRYPTION_ALGORITHM found
Oct 16 11:51:28	charon: 15[CFG] <3> selecting proposal:
Oct 16 11:51:28	charon: 15[CFG] <3> selecting proposal:
Oct 16 11:51:28	charon: 15[CFG] <3> proposal matches
Oct 16 11:51:28	charon: 15[CFG] <3> proposal matches
Oct 16 11:51:28	charon: 15[CFG] <3> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 16 11:51:28	charon: 15[CFG] <3> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 16 11:51:28	charon: 15[CFG] <3> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
Oct 16 11:51:28	charon: 15[CFG] <3> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
Oct 16 11:51:28	charon: 15[CFG] <3> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
Oct 16 11:51:28	charon: 15[CFG] <3> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536
Oct 16 11:51:28	charon: 15[IKE] <3> remote host is behind NAT
Oct 16 11:51:28	charon: 15[IKE] <3> remote host is behind NAT
Oct 16 11:51:28	charon: 15[IKE] <3> DH group MODP_1024 inacceptable, requesting MODP_1536
Oct 16 11:51:28	charon: 15[IKE] <3> DH group MODP_1024 inacceptable, requesting MODP_1536
Oct 16 11:51:28	charon: 15[MGR] <3> checkin and destroy IKE_SA (unnamed)[3]
Oct 16 11:51:28	charon: 15[MGR] <3> checkin and destroy IKE_SA (unnamed)[3]
Oct 16 11:51:28	charon: 15[IKE] <3> IKE_SA (unnamed)[3] state change: CONNECTING => DESTROYING
Oct 16 11:51:28	charon: 15[IKE] <3> IKE_SA (unnamed)[3] state change: CONNECTING => DESTROYING
Oct 16 11:51:28	charon: 15[MGR] check-in and destroy of IKE_SA successful
Oct 16 11:51:28	charon: 15[MGR] check-in and destroy of IKE_SA successful

ipsec.conf shows a config that matches perfectly what the iPhone is sending (ike = aes256-sha256-modp1536!) so I'm not sure from where it gets the error about MODP_1024 being "inacceptable."

MrMoo

mod1536 is broken on the iPhone:

https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)

miken32

@MrMoo:

mod1536 is broken on the iPhone:

https://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)

Ugh, SHA1 it is, I guess. Thanks for the link.

MrMoo

Of note that wiki article has updated for OS X El Capitan which apparently is sending 3DES by default.  Only tried iOS so far.

dennypage

It's only broken for manually configured VPNs. If you use Apple Configurator, you can use higher groups, including groups 14-21. Configurator is kind of a pain, but it's necessary if you want access to better encryption settings.

One word of caution however: Using AES-256-GCM will eventually crash both iOS 9.1 and OS X 10.11.1. I haven't tested AES-128-GCM, but I'm guessing that will crash as well.

ltctech

Has anyone managed to route all traffic from iOS 9.1 through the tunnel using the manual configuration?

I can only get it to route to the LAN subnet if I specify it directly on the router, but if I specify something like 0.0.0.0/0 nothing goes through the tunnel.

jimp

@ltctech:

Has anyone managed to route all traffic from iOS 9.1 through the tunnel using the manual configuration?

I can only get it to route to the LAN subnet if I specify it directly on the router, but if I specify something like 0.0.0.0/0 nothing goes through the tunnel.

Uncheck "Provide a list of accessible networks to clients" on the mobile clients tab
Add a P2 for 0.0.0.0/0

If it doesn't work for whatever reason, try adding a P2 for just mobile clients to LAN first, and put the 0.0.0.0/0 P2 below it. I didn't need that, but I saw someone else mention they couldn't route properly without it.

jwt

@dennypage:

It's only broken for manually configured VPNs. If you use Apple Configurator, you can use higher groups, including groups 14-21. Configurator is kind of a pain, but it's necessary if you want access to better encryption settings.

I don't agree that Configurator is the only way.  Anything that can produce the profile should get the same result.

@dennypage:

One word of caution however: Using AES-256-GCM will eventually crash both iOS 9.1 and OS X 10.11.1. I haven't tested AES-128-GCM, but I'm guessing that will crash as well.

Have you reported this to Apple?

dennypage

Sorry, I didn't mean to imply that the configurator is the only way you could create an Apple config. You could always create one by hand editing a plist file, but that's even more painful than Configurator and rather error prone. Configurator is the only tool I know of that that actually generates Apple VPN configs. Is there another tool that I don't know of?

The point of the original post was communicate the limitations of creating the VPN via Network Preferences.

@jwt:

@dennypage:

It's only broken for manually configured VPNs. If you use Apple Configurator, you can use higher groups, including groups 14-21. Configurator is kind of a pain, but it's necessary if you want access to better encryption settings.

I don't agree that Configurator is the only way.  Anything that can produce the profile should get the same result.

ltctech

I upgraded our router to 2.2.5 today, iOS is now able to connect and routes all traffic through the tunnel.

Problem is that without resorting to 3DES, we cannot support both Windows and iOS while still using AES. Windows requires AES256 while iOS requires AES128 for SHA1 and DH 1024 in Phase 1. There is no way to configure this in pfSense even though strongSwan supports multiple Phase 1 proposals.
https://forum.pfsense.org/index.php?topic=101889.0

At this point I am considering adding a few lines into vpn.inc to check for my Mobile VPN identifier and hard code the ike line to what I need into ipsec.conf.

dennypage

If you configure via iOS' built-in UI, you are severely limited in what you can achieve. However, if you use a profile you can configure AES256/SHA2 and reasonable DH groups.

@ltctech:

Problem is that without resorting to 3DES, we cannot support both Windows and iOS while still using AES. Windows requires AES256 while iOS requires AES128 for SHA1 and DH 1024 in Phase 1.

davros123

Thanks for the info.

I just used the Apple configurator to use AES256/SHA2…but it seems my Windows 10 VPN wants to use DH group2 (1024).

Is there an easy way I can change win10 VPN client to use group 21 DH?