Reputation: 31
iOS ipsec disable Aggressive mode PSK
I am writing an ipsec application for iOS using network extension framework with preshared secret. It fails to connect to vpn server with error: "Negotiation failed with vpn server". Server side has an error log as:
Aggressive Mode PSK disabled for security reasons.
But the code only sets authentication method and sharedSecretReference, without setting aggressive mode. As a matter of fact, I read Apple's document, could not find anywhere this mode could be set or disabled.
I understand that aggressive mode PSK is a secret risk and should not be used. My question is, why iOS set aggressive mode by default and how to disable it?
Upvotes: 0
Views: 1462
Answers (1)
Reputation: 1455
regarding to libreswan wiki page it is bug in ios
iOS UserInterface bug: If you ever fill in the "Group Name" and then clear it - the connection remains using Aggressive Mode. If you want to use Main Mode your only choice is to delete the VPN profile and start one from scratch where you never touch the "Group Name" input box.
Upvotes: 1
Related Questions
- Is it possible to disable the network in iOS Simulator?
- Xcode building for iOS Simulator, but linking in an object file built for iOS, for architecture 'arm64'
- How to change Status Bar text color in iOS
- How can I change the name of an iOS app in Xcode?
- How to check iOS version?
- Cisco/AWS IKEv2/IPSEC Site-to-Site VPN: Received an IKE msg id outside supported window
- How can I check for an active Internet connection on iOS or macOS?
- How can I disable the UITableView selection?
- Terraform (AWS) create VPN IPSec connection with non-default parameters