0

I am writing an ipsec application for iOS using network extension framework with preshared secret. It fails to connect to vpn server with error: "Negotiation failed with vpn server". Server side has an error log as:

Aggressive Mode PSK disabled for security reasons.

But the code only sets authentication method and sharedSecretReference, without setting aggressive mode. As a matter of fact, I read Apple's document, could not find anywhere this mode could be set or disabled.

I understand that aggressive mode PSK is a secret risk and should not be used. My question is, why iOS set aggressive mode by default and how to disable it?

jjin
  • 21
  • 4

1 Answers1

1

regarding to libreswan wiki page it is bug in ios

iOS UserInterface bug: If you ever fill in the "Group Name" and then clear it - the connection remains using Aggressive Mode. If you want to use Main Mode your only choice is to delete the VPN profile and start one from scratch where you never touch the "Group Name" input box.

vvchik
  • 1,210
  • 1
  • 8
  • 16