This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to connect through L2TP/IPSec via macOS and iOS

Hi, everyone.

I'm having a bit of an issue... I cannot connect to my company's VPN with my iOS devices and macOS system. We use L2TP/IPSec. 

I told Apple, and received this response:

Hello. We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is performing a SHA-256 HMAC with 96 bits output instead of the standard expected 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits on the server should fix this issue Thanks, --Dan

How do I go upon changing this in UTM 9? I am the systems administrator, but I have never had to deal with this before.

I appreciate your assistance.

Ted



This thread was automatically locked due to age.
Parents
  • Update 2021-05-26: I'm not sure where to find it, but I believe someone solved the issue of creating an L2TP-over-IPsec Policy that works for iOS and Windows.

    Ted, note that there is only one L2TP-over-IPsec Policy, so other non-Apple devices will no longer be able  to connect after you make the change suggested by Emmanuel.  You might want to consider using the OpenVPN apps for iOS to let Apple devices connect via the SSL VPN.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Update 2021-05-26: I'm not sure where to find it, but I believe someone solved the issue of creating an L2TP-over-IPsec Policy that works for iOS and Windows.

    Ted, note that there is only one L2TP-over-IPsec Policy, so other non-Apple devices will no longer be able  to connect after you make the change suggested by Emmanuel.  You might want to consider using the OpenVPN apps for iOS to let Apple devices connect via the SSL VPN.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children