Discussion:
IKEv2 cisco anyconnect app
Claude Tompers
2012-08-21 12:09:56 UTC
Permalink
Hi,

I did just stumble over the Cisco Anyconnect App for iPhone and I
wondered if (and I may be completely wrong) that app does IKEv2 ?
As far as I know, the 'normal' Anyconnect client is capable to connect
with IKEv2.

If so, is it compatible with strongswan ?

kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
Martin Willi
2012-08-21 12:27:04 UTC
Permalink
Hi Claude,
Post by Claude Tompers
I did just stumble over the Cisco Anyconnect App for iPhone and I
wondered if (and I may be completely wrong) that app does IKEv2 ?
As far as I know, the 'normal' Anyconnect client is capable to connect
with IKEv2.
Yes, the Anyconnect Desktop client should support IKEv2, but I've never
tested it.

As far as I know, the iPhone Anyconnect supports SSL-VPN only, no plain
IPsec.

Regards
Martin
Igor
2012-12-11 02:22:59 UTC
Permalink
The newest iOS app seems added IPSec and IKEv2 support, is it possible
to make it compatible with Strongswan? I may be complete wrong…

Error like:

Dec 11 02:00:14 14[NET] received packet: from 21.21.177.137[58089] to
16.18.92.09[500]
Dec 11 02:00:14 14[ENC] unknown attribute type (28728)
Dec 11 02:00:14 14[ENC] payload type CONFIGURATION was not encrypted
Dec 11 02:00:14 14[ENC] could not decrypt payloads
Dec 11 02:00:14 14[IKE] integrity check failed
Dec 11 02:00:14 14[IKE] IKE_SA_INIT request with message ID 0 processing failed

Bests,
-Igor
Post by Martin Willi
Hi Claude,
Post by Claude Tompers
I did just stumble over the Cisco Anyconnect App for iPhone and I
wondered if (and I may be completely wrong) that app does IKEv2 ?
As far as I know, the 'normal' Anyconnect client is capable to connect
with IKEv2.
Yes, the Anyconnect Desktop client should support IKEv2, but I've never
tested it.
As far as I know, the iPhone Anyconnect supports SSL-VPN only, no plain
IPsec.
Regards
Martin
_______________________________________________
Users mailing list
https://lists.strongswan.org/mailman/listinfo/users
Martin Willi
2012-12-11 08:34:31 UTC
Permalink
Hi Igor,
Post by Igor
The newest iOS app seems added IPSec and IKEv2 support
Yes, according to the changelog, IKEv2 support was added in the latest
release of Cisco Anyconnect.
Post by Igor
Dec 11 02:00:14 14[ENC] payload type CONFIGURATION was not encrypted
Seems that this client sends a proprietary unencrypted configuration
payload attribute 28728. However, we reject messages with unencrypted
payloads that should be encrypted, hence the connection attempt fails.
Post by Igor
is it possible to make it compatible with Strongswan?
Probably, yes. But, as with other Cisco clients, its EULA does not allow
you to use it against non-Cisco products. Hence there is not much use
for a compatible strongSwan server.

Regards
Martin

Loading...