![]() ![]() They are old, and many parts of the configuration set are getting onto the brink of insecurity. After some IRC discussion today, I decided to take a look, and found the culprit.Īpparently, Apple is deprecating the widely used (but also old) AES128/DES, HMAC_SHA1 and DH Group 2/modp1024 configuration set for IKEv1. Trouble with racoonĪfter getting an iOS 9 and an iOS 10 device, I noticed a considerable slow down in their "Cisco IPSec" (IKEv1) VPN connections to my servers. And I will also provide a solution to deploy a strongSwan mixed IKEv2+IKEv1 server that would work for almost all clients. Also known as: Moving on from racoon to strongSwan, with back compatibility.Īfter an afternoon (well, mostly evening since I woke up at 3 pm) of troubleshooting, I figured out why iOS 9+ and OS X 10.11+ are having slow connection issues with racoon-powered Cisco IPSec IKEv1 VPNs, and why it is really the time to move on to strongSwan and IKEv2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |