Hi, everyone.
I'm having a bit of an issue... I cannot connect to my company's VPN with my iOS devices and macOS system. We use L2TP/IPSec.
I told Apple, and received this response:
Hello. We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is performing a SHA-256 HMAC with 96 bits output instead of the standard expected 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits on the server should fix this issue Thanks, --Dan
How do I go upon changing this in UTM 9? I am the systems administrator, but I have never had to deal with this before.
I appreciate your assistance.
Ted
Hello Ted,
Thank you for contacting the Sophos Community!
What is the output of the L2TP log? and do you have any log on the client?
You can try by following this steps:
Update 2021-05-26: I'm not sure where to find it, but I believe someone solved the issue of creating an L2TP-over-IPsec Policy that works for iOS and Windows.
Ted, note that there is only one L2TP-over-IPsec Policy, so other non-Apple devices will no longer be able to connect after you make the change suggested by Emmanuel. You might want to consider using the OpenVPN apps for iOS to let Apple devices connect via the SSL VPN.
Cheers - Bob