[Swan] ECDSA Re: Libreswan 4.6: connection IKEv2 win10 to Linux freezes soon after Android device connects

Paul Wouters paul at nohats.ca
Tue Jan 18 18:36:22 EET 2022

On Tue, 18 Jan 2022, Mirsad Goran Todorovac wrote:

> The empirical evidence shows that Windows 10 Pro 21H1 still reverts back to MODP1024 when
> rekeying. This is just not logical behaviour and IMHO defeats the purpose of having
> NegotiateDH2048_AES256 key in the first place.
> Even when Microsoft fixes this bug, it will still take months and years for clients to
> upgrade to the latest protocol fix.

It has been years since we reported this bug to them. I tried renewed
channels as well.

> I wish I knew the people who could influence these things in Microsoft and Android OS
> vendors.

I had a direct link with Microsoft in the past, but all those people
moved on. I tried publicly shaming them and that didn't work either.
We were very reluctant adding the option. The best workaround is to
let windows do the idle timeout before rekey and re-establish, but I
don't think that can be done automated without losing your connection.

And note that last week, they completely broken VPN / L2TP stuff with
their updates, so while they will be working on fixing that, it shows
their lack of expertise and care. Your best bet is really to move
everyone off of Microsoft and onto Apple.


More information about the Swan mailing list