[Swan] macOS Big Sur L2TP issue
Paul Wouters
paul at nohats.ca
Thu Nov 26 14:11:10 UTC 2020
On Wed, 25 Nov 2020, Palvelin Postmaster wrote:
> I’m running Linux Libreswan 3.29 (netkey) on 5.4.0-1029-aws (Ubuntu 20.04). We serve macOS Catalina and Windows 10 VPN clients over L2TP.
>
> What do I need to do to become compatible with macOS Big Sur’s L2TP implementation?
>
> https://support.apple.com/en-gb/HT211840
Nothing. Basically they confirm you do NOT need sha-truncbug=yes
It remains true that sha-truncbug=yes is ONLY needed for android phones.
If you have a mix of android and non-android clients, do NOT enable
sha2_256 for ESP. Instead, prefer sha2_384 or sha2_512.
Paul
More information about the Swan
mailing list