[Swan] macOS Big Sur L2TP issue
paul at nohats.ca
Thu Nov 26 14:11:10 UTC 2020
On Wed, 25 Nov 2020, Palvelin Postmaster wrote:
> I’m running Linux Libreswan 3.29 (netkey) on 5.4.0-1029-aws (Ubuntu 20.04). We serve macOS Catalina and Windows 10 VPN clients over L2TP.
> What do I need to do to become compatible with macOS Big Sur’s L2TP implementation?
Nothing. Basically they confirm you do NOT need sha-truncbug=yes
It remains true that sha-truncbug=yes is ONLY needed for android phones.
If you have a mix of android and non-android clients, do NOT enable
sha2_256 for ESP. Instead, prefer sha2_384 or sha2_512.
More information about the Swan