iOS14 Apple devices cannot connect Windows Server 2016 - RRAS - L2TP VPN - encryption issue

Question

Hello,

After updating our Apple devices with new IOS14, they cannot connect to MS RRAS - L2TP VPN. Older versions works fine.
Apple supports statement says.

"This will need to be resolved by the server administrator.
We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is assuming a SHA-256 HMAC with 96 bits instead of the standard 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits should fix this issue."

Can I fix this from the MS Server side, please?

Thank you

Answer 1

Hi ,

Since I did not find any related Microsoft official document, I am afraid there is no such way could switch the SHA-256 HMAC output from 96 to 128 bits.

UserVoice is where you can provide feedback to the Microsoft Product Groups who are now monitoring these forums. You could post the feedback in our UserVoice, here is the link:

https://windowsserver.uservoice.com/forums/295047-general-feedback

Best Regrads,
Candy

--------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.