Hi Tom, >> You saw that the proposal by the iOS 8 client does not contain a DH >> group. This is actually not RFC 7296 (IKEv2) compliant. So this looks like >> a bug in iOS 8 to me. > > It also sounds like my suspicions about lack of PFS support in IOS8.3 are > confirmed.
Yes, looks like it (at least as responder of a rekeying). Or perhaps just with this particular proposal. Did you try without AES-GCM, or with different DH groups? Support for AES-GCM this was added relatively recently with 8.3 so perhaps it's a regression only triggered by that algorithm (or the absence of an integrity algorithm in the proposal). >> Does the same happen if the client initiates the rekeying? Does the >> behavior change if you don't use AES-GCM? > > I tried getting the IOS8 client to do a rekey by using this config, as > there’s no way to force a rekey on the device AFAIK : > > keylife=5m > rekeymargin=1m > rekey=no > > But a rekey attempt from the IOS8 device hasn’t happened yet Since the lifetimes are not negotiated with IKEv2, reducing the lifetimes on the server won't influence the client. The LifeTimeInMinutes key in the ChildSecurityAssociationParameters dictionary might have an effect. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
