Results 1 to 1 of 1
  1. #1
    Untanglit
    Join Date
    Jan 2019
    Posts
    22

    Default IKEv2 Mobile Client encryption settings

    Hello,

    Can anyone confirm the security parameters for the IKEv2 encryption used on untangle please?

    I am having some issues and it seems to be related to the encryption used.

    Mar 10 15:17:33 waghelak charon: 08[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
    Mar 10 15:17:33 waghelak charon: 08[IKE] received proposals inacceptable
    Mar 10 15:17:33 waghelak charon: 08[IKE] remote host is behind NAT
    Mar 10 15:17:33 waghelak charon: 08[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_MD5_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_256/MODP_1024, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_256/MODP_1024
    Mar 10 15:17:33 waghelak charon: 08[CFG] received proposals: IKE:AES_CBC_128/HMAC_SHA1_160/PRF_HMAC_SHA1/MODP_1536
    OK so i think i managed to get the default settings for IOS but now getting below error, any ideas?

    I am trying to connect using preshared key, is this supported with client connect on IKEv2?

    Mar 10 16:01:07 waghelak charon: 08[NET] sending packet: from XX:XX:XX:XX[4500] to 14XX:XX:XX:XX[21624] (80 bytes)
    Mar 10 16:01:07 waghelak charon: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
    Mar 10 16:01:07 waghelak charon: 08[IKE] peer supports MOBIKE
    Mar 10 16:01:07 waghelak charon: 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
    Mar 10 16:01:07 waghelak charon: 08[IKE] no shared key found for
    for reference below is the default settings on IOS.

    https://developer.apple.com/document...tionparameters
    Attached Images Attached Images
    Last edited by kkw98; 03-10-2020 at 09:05 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2