There were some issues regarding sha2-truncbug in earlier RouterOS versions ( viewtopic.php?f=2&t=116556&p=576808&hil. Unfortunately, Apple IPhones with IOS13 then choose the weak SHA-1 algorithm." The problem can be fixed also for racoon gateways by removing hmac_sha256 from the list of IKE phase 2 authentication algorithm proposals. "Apple seems to have silently fixed their racoon code which is known to be buggy with SHA-256 authentication algorithm truncation. This thread shows the same issue ( ) and suggests setting sha2-truncbug to "no" in /etc/nf on the VPN server. MacOS Mojave and iOS12 are still working fine. While trying to connect you get this error:įrom the MikroTik logs everything looks fine (client gets an IP assigned). Since iO13 or macOS Catalina IKEv2 VPN isn't working anymore (client certificates).
0 Comments
Leave a Reply. |