jackie1100
commented
3 years ago @jgimenez - (I hope tagging directly is ok) Going through the README, I found the troubleshooting link: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#troubleshooting where it mentioned an issue with iOS 13 and changing sha2-truncbug value from yes to no and then doing an ipsec restart. Voila the Iphone VPN connects now. But I don't want to close this issue yet to make sure that I haven't applied just a band-aid. If I restarted both ipsec and xl2tpd, I noticed that the value I changed got reverted back. Also, if I restarted the container, the old value would be back, if I just restarted ipsec, it worked. So I want to make sure if there is a better/permanent way to apply this change? Secondly, is the sha2-truncbug value responsible for deactivating sha 256 compatible mode, as advised by apple? Thanks
zshvvhm
Woodehh
jgimenez
Hi, Thanks so much for this wonderful and amazing project, have been using it for 2 years. I'm very new to github so please excuse if I say or ask something stupid. I'm running the "docker-ipsec-vpn-server" in a cloud hosting environment and use it mainly for 4-5 personal phones. After the iOS 14 upgrade, the VPN does not connect on iPhone, although Android phones work fine. It looks like the issue is mentioned here: https://developer.apple.com/forums/thread/660499. It talks about deactivating SHA-256 compatible mode (96 bits). After searching and reading on various places online I found that these parameters may be defined in ipsec.conf. I found 2 ipsec.conf files in the container environment:
But I have no idea what to change and in which of the 2 files to change. I would be more than happy to contribute and help others as I know many people would be facing this issue, but need some initial help in figuring out. I would really appreciate if you can provide some help. Thanks again.