docker-ikev2-vpn-server icon indicating copy to clipboard operation
docker-ikev2-vpn-server copied to clipboard

Published 20 hours ago verified publisher icon gaomd

proposals not match when using iOS 14.01

Open aioliahexi opened this issue 4 years ago • 3 comments

05[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ

05[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ 05[IKE] no acceptable proposal found

05[IKE] failed to establish CHILD_SA, keeping IKE_SA

05[ENC] generating IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR DNS DNS) N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ]

05[NET] sending packet: from 172.17.0.2[4500] to 192.168.188.17[4500] (192 bytes)

04[NET] received packet: from 192.168.188.17[500] to 172.17.0.2[500] (432 bytes)

04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N((16430)) ]

aioliahexi avatar Sep 29 '20 14:09 aioliahexi

The fix method is quite simple.
Add below single line esp=aes256-sha256-modp2048 in the ipsec.conf

aioliahexi avatar Sep 30 '20 12:09 aioliahexi

Added this line to /etc/ipsec.conf inside docker container, then docker restart container-name, then recreated .mobileconfig file. May be the last step is not necessary. Thanks.

maxgorovenko avatar Feb 28 '22 14:02 maxgorovenko

Just checked, work without recreating .mobileconfig. Thank you.

Chiorufarewerin avatar Mar 03 '22 16:03 Chiorufarewerin