[Swan] macOS Big Sur L2TP issue

Paul Wouters paul at nohats.ca
Thu Nov 26 14:11:10 UTC 2020

On Wed, 25 Nov 2020, Palvelin Postmaster wrote:

> I’m running Linux Libreswan 3.29 (netkey) on 5.4.0-1029-aws (Ubuntu 20.04). We serve macOS Catalina and Windows 10 VPN clients over L2TP.
> What do I need to do to become compatible with macOS Big Sur’s L2TP implementation?
> https://support.apple.com/en-gb/HT211840

Nothing. Basically they confirm you do NOT need sha-truncbug=yes

It remains true that sha-truncbug=yes is ONLY needed for android phones.

If you have a mix of android and non-android clients, do NOT enable
sha2_256 for ESP. Instead, prefer sha2_384 or sha2_512.


More information about the Swan mailing list