Project

General

Profile

Bug #6684

Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile

Added by Chris Linstruth almost 3 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
08/07/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Setting "Phase2 PFS Group - Provide the Phase2 PFS group to clients (overrides all mobile phase2 settings)" in Mobile Clients settings on at least IKEv2 appears to generate an invalid mobileconfig profile using the Apple IPsec Profile factory package (ipsec-profile-exporter).

Culprit is probably:

<key>DiffieHellmanGroup</key>
<integer></integer>

in the child SA config.

Workaround: disable in Mobile Clients config and enable DH group in Phase 2.

History

#1 Updated by Jim Thompson over 2 years ago

  • Assignee set to Matthew Smith

Also available in: Atom PDF