question

SyrovRadek-5245 avatar image
0 Votes"
SyrovRadek-5245 asked CandyLuo-MSFT answered

iOS14 Apple devices cannot connect Windows Server 2016 - RRAS - L2TP VPN - encryption issue

Hello,

After updating our Apple devices with new IOS14, they cannot connect to MS RRAS - L2TP VPN. Older versions works fine.
Apple supports statement says.

"This will need to be resolved by the server administrator.
We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is assuming a SHA-256 HMAC with 96 bits instead of the standard 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits should fix this issue."

Can I fix this from the MS Server side, please?

Thank you

windows-server-2016windows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi ,

Since I did not find any related Microsoft official document, I am afraid there is no such way could switch the SHA-256 HMAC output from 96 to 128 bits.

UserVoice is where you can provide feedback to the Microsoft Product Groups who are now monitoring these forums. You could post the feedback in our UserVoice, here is the link:

https://windowsserver.uservoice.com/forums/295047-general-feedback

Best Regrads,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.