Project

General

Profile

Bug #6684

Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile

Added by Chris Linstruth about 3 years ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
Category:
IPsec Profile Wizard
Target version:
-
Start date:
08/07/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Setting "Phase2 PFS Group - Provide the Phase2 PFS group to clients (overrides all mobile phase2 settings)" in Mobile Clients settings on at least IKEv2 appears to generate an invalid mobileconfig profile using the Apple IPsec Profile factory package (ipsec-profile-exporter).

Culprit is probably:

<key>DiffieHellmanGroup</key>
<integer></integer>

in the child SA config.

Workaround: disable in Mobile Clients config and enable DH group in Phase 2.

History

#1 Updated by Jim Thompson almost 3 years ago

  • Assignee set to Matthew Smith

#2 Updated by Jim Pingle about 1 month ago

  • Category set to IPsec Profile Wizard

Also available in: Atom PDF