[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
This bug was fixed in the package strongswan - 5.3.5-1ubuntu4.2 --- strongswan (5.3.5-1ubuntu4.2) yakkety; urgency=medium * d/p/ikev2-Only-add-NAT-D-notifies-to-DPDs-as-initiator.patch: fix issue related to DPD vs iOS10 (LP: #1687711) -- Christian EhrhardtMon, 15 May 2017 07:48:30 +0200 ** Changed in: strongswan (Ubuntu Yakkety) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
This bug was fixed in the package strongswan - 5.3.5-1ubuntu3.2 --- strongswan (5.3.5-1ubuntu3.2) xenial; urgency=medium * d/p/ikev2-Only-add-NAT-D-notifies-to-DPDs-as-initiator.patch: fix issue related to DPD vs iOS10 (LP: #1687711) -- Christian EhrhardtWed, 03 May 2017 17:37:06 +0200 ** Changed in: strongswan (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
On Thu, May 18, 2017 at 2:21 AM, Simon Déziel <1687...@bugs.launchpad.net> wrote: > With a Yakkety server running 5.3.5-1ubuntu4.1 and an iOS 10.3.2 client, I > can reproduce the issue. > The package from -proposed (5.3.5-1ubuntu4.2) fixes the issue, thanks > Christian! > Thank you so much Simon, I have a note here in my office which is titled "Beer for people if I ever meet them", you just scored a +1 there! ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
With a Yakkety server running 5.3.5-1ubuntu4.1 and an iOS 10.3.2 client, I can reproduce the issue. The package from -proposed (5.3.5-1ubuntu4.2) fixes the issue, thanks Christian! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
On 2017-05-17 01:35 AM, ChristianEhrhardt wrote: > Thanks Simon, do you (or dguido) have a chance to test on Yakkety as > well or would that be too much setup effort? I don't have any (interest in) Yakkety but I'll give it a try since you took the time to prepare a SRU. Simon -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Also found no other things in Xenial and autopkgtests are fine on X Seting v-done for xenial, but yakkety has to be checked one with the right devices (and setup). ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Thanks Simon, do you (or dguido) have a chance to test on Yakkety as well or would that be too much setup effort? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
5.3.5-1ubuntu3.2 from xenial-proposed fixes the issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Hello dguido, or anyone else affected, Accepted strongswan into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/strongswan/5.3.5-1ubuntu4.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Ok, all tests succeeded as well, so I'd think this is good for SRU - so I pushed it to unapproved for Xenial and Yakkety. Please help me testing -proposed once it appears there. Note (to myself) - related bileto tickets: https://bileto.ubuntu.com/#/ticket/2752 https://bileto.ubuntu.com/#/ticket/2761 ** Changed in: strongswan (Ubuntu Xenial) Status: Triaged => Fix Committed ** Changed in: strongswan (Ubuntu Yakkety) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Updated SRU template, matching that we intend to fix the issue now and not as initially requested backport the full newer strongswan. ** Description changed: + [Impact] + + * iOS10+/MacOS10+ devices fail at dead peer detection and re-establish +the connection over and over + + * Backport of upstream fix. + + + [Test Case] + + * Set up strongswan (the reporter did so via algo, but other preferred +setups are good as well) and prepare iOS10+ devices to dial in. + + * check for the reconnects to start based on broken dead peer detection + + + [Regression Potential] + + * Due to the fact that this is a backport there could be dependencies to +the newer code. The change isn't too bug and it looks safe, as well as +compiling and regression testing fine - but if we want to look out for +regressions that certainly is the biggest potential one. + * From the behavior change itself it should be safe, to quote from +upstream "If a responder is natted it will usually be a static NAT +(unless it's a mediated connection) in which case adding these notifies +makes not much sense (if the initiator's NAT mapping had changed the +responder wouldn't be able to reach it anyway). + + [Other Info] + + * I can do general regression check, but for the actual issue +verification I lack the apple devices and have to rely on the reporters +(fortunately two active on the bug now, and confirmed on the ppa +already) + + + --- + + Original bug asked to backport the full newer release, but given SRU + policy and that it seems to be fixable with much smaller change we + decided for a backported patch - keeping original content below: + + --- + strongSwan is effectively incompatible with iOS 10+ and macOS 10.11+ devices. Dead peer detection does not work for these devices and they continually re-establish security associations (SAs) as a result. Please see the issues described in further detail below: strongSwan confirmed the issue and patched it in 5.5.1: https://wiki.strongswan.org/issues/2126 strongSwan recommends a workaround that breaks other functionality: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-and-iOS-10 Ubuntu 17.04 has packaged strongSwan 5.5.1 which fixes this issue. I would recommend an SRU for strongSwan 5.3.5 to 5.5.1 in Ubuntu 16.04. [Impact] Ubuntu users are running into this bug in normal usage: https://github.com/trailofbits/algo/issues/430 [Test Case] In order to test this issue: 1. Deploy an Ubuntu 16.04 server with strongSwan via Algo (https://github.com/trailofbits/algo) 2. Connect an iOS client 3. Wait a few minutes for the reconnects to start based on broken dead peer detection In order to test the fix for this issue: 1. Deploy an Ubuntu 17.04 server with strongSwan via Algo (modify config.cfg to select 17.04) 2. Connect an iOS client 3. Wait the same time period as before and notice that the connection does not drop [Regression Potential] strongSwan and IPSEC software in general change at a very slow rate. In our tests with Algo, the exact same ipsec.conf and related configuration work for strongSwan 5.5.1 that worked for 5.3.5. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Thanks for the check, I also couldn't find anything too obviously broken. I'm prepping Yakkety as well now and if things go well would put it to the SRU queue later. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
** Tags added: server-next ** Changed in: strongswan (Ubuntu Xenial) Status: Confirmed => Triaged ** Changed in: strongswan (Ubuntu Yakkety) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
I was able to reproduce the problematic scenario with an iOS 10.3.1 client and I'm happy to say that 5.3.5-1ubuntu3.2 [*] fixes it. Thanks Christian! *: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2752 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
** Changed in: strongswan (Ubuntu Xenial) Status: New => Confirmed ** Changed in: strongswan (Ubuntu Yakkety) Status: New => Confirmed ** Changed in: strongswan (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: strongswan (Ubuntu Yakkety) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
Thanks, I will test the package you provided soon and get back to you with the results. In the meantime, we have setup Algo to pull in strongSwan packages from 17.04. This has not caused any issues: https://github.com/trailofbits/algo/pull/515/files -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
The following is a bit of a quick shot but maybe good for your to verify. I backported the change I identified to Xenial (eventually Y is needed as well). The package starts building in: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2752 If you could try and verify if that fixes the issue that would be great. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
We might try if [1] applies and fixes the issue without all the major changes that 5.5.1 would imply. [1]: https://wiki.strongswan.org/projects/strongswan/repository/revisions/33241871a82a0c374128373e47380be60f0431fa/diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
I'm only now reading into details, but in general just taking 5.5.1 can be a backport but not easily an SRU. We have to check if there is a way to find a minimal amount of changes to SRU them. ** Also affects: strongswan (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: strongswan (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: strongswan (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
I can confirm that the `strongswan-5.5.1-1ubuntu3` source package from 17.04 compiles without issue on 16.04. There is one missing build-dep `libsystemd-dev` however. I've experienced no functionality or stability issues so far. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
** Description changed: strongSwan is effectively incompatible with iOS 10+ and macOS 10.11+ devices. Dead peer detection does not work for these devices and they continually re-establish security associations (SAs) as a result. Please see the issues described in further detail below: strongSwan confirmed the issue and patched it in 5.5.1: https://wiki.strongswan.org/issues/2126 strongSwan recommends a workaround that breaks other functionality: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-and-iOS-10 Ubuntu 17.04 has packaged strongSwan 5.5.1 which fixes this issue. I - would recommend backporting strongSwan 5.5.1 to Ubuntu 16.04. + would recommend an SRU for strongSwan 5.3.5 to 5.5.1 in Ubuntu 16.04. [Impact] Ubuntu users are running into this bug in normal usage: https://github.com/trailofbits/algo/issues/430 [Test Case] In order to test this issue: 1. Deploy an Ubuntu 16.04 server with strongSwan via Algo (https://github.com/trailofbits/algo) 2. Connect an iOS client 3. Wait a few minutes for the reconnects to start based on broken dead peer detection In order to test the fix for this issue: 1. Deploy an Ubuntu 17.04 server with strongSwan via Algo (modify config.cfg to select 17.04) 2. Connect an iOS client 3. Wait the same time period as before and notice that the connection does not drop [Regression Potential] strongSwan and IPSEC software in general change at a very slow rate. In our tests with Algo, the exact same ipsec.conf and related configuration work for strongSwan 5.5.1 that worked for 5.3.5. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1687711] Re: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+
** Description changed: strongSwan is effectively incompatible with iOS 10+ and macOS 10.11+ devices. Dead peer detection does not work for these devices and they continually re-establish security associations (SAs) as a result. Please see the issues described in further detail below: strongSwan confirmed the issue and patched it in 5.5.1: https://wiki.strongswan.org/issues/2126 strongSwan recommends a workaround that breaks other functionality: https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-and-iOS-10 + + Ubuntu 17.04 has packaged strongSwan 5.5.1 which fixes this issue. I + would recommend backporting strongSwan 5.5.1 to Ubuntu 16.04. [Impact] Ubuntu users are running into this bug in normal usage: https://github.com/trailofbits/algo/issues/430 [Test Case] In order to test this issue: 1. Deploy an Ubuntu 16.04 server with strongSwan via Algo (https://github.com/trailofbits/algo) 2. Connect an iOS client 3. Wait a few minutes for the reconnects to start based on broken dead peer detection In order to test the fix for this issue: 1. Deploy an Ubuntu 17.04 server with strongSwan via Algo (modify config.cfg to select 17.04) 2. Connect an iOS client 3. Wait the same time period as before and notice that the connection does not drop - Ubuntu 17.04 has packaged strongSwan 5.5.1 which fixes this issue. I - would recommend backporting strongSwan 5.5.1 to Ubuntu 16.04. - [Regression Potential] strongSwan and IPSEC software in general change at a very slow rate. In our tests with Algo, the exact same ipsec.conf and related configuration work for strongSwan 5.5.1 that worked for 5.3.5. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687711 Title: strongSwan 5.3.5 has a known incompatibility with iOS/macOS 10+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1687711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs