Bug #6684: Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #6684

closed

Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile

Added by Chris Linstruth over 7 years ago. Updated over 4 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Matthew Smith

Category:

IPsec Profile Wizard

Target version:

Start date:

08/07/2016

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

Setting "Phase2 PFS Group - Provide the Phase2 PFS group to clients (overrides all mobile phase2 settings)" in Mobile Clients settings on at least IKEv2 appears to generate an invalid mobileconfig profile using the Apple IPsec Profile factory package (ipsec-profile-exporter).

Culprit is probably:

<key>DiffieHellmanGroup</key>
<integer></integer>

in the child SA config.

Workaround: disable in Mobile Clients config and enable DH group in Phase 2.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #6684

Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile

Updated by Jim Thompson over 7 years ago

Updated by Jim Pingle over 4 years ago

Updated by Viktor Gurov over 4 years ago

Updated by Jim Pingle over 4 years ago