On Wed, 25 Nov 2020, Palvelin Postmaster wrote:
I’m running Linux Libreswan 3.29 (netkey) on 5.4.0-1029-aws (Ubuntu 20.04). We
serve macOS Catalina and Windows 10 VPN clients over L2TP.
What do I need to do to become compatible with macOS Big Sur’s L2TP
implementation?
https://support.apple.com/en-gb/HT211840
Nothing. Basically they confirm you do NOT need sha-truncbug=yes
It remains true that sha-truncbug=yes is ONLY needed for android phones.
If you have a mix of android and non-android clients, do NOT enable
sha2_256 for ESP. Instead, prefer sha2_384 or sha2_512.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
