L2TP VPN configuration iOS 14

Same issue here when trying to a Draytek 2820 that worked fine on 13.7. It does work fine on other L2TP VPN’s I have setup with other routers, mainly Draytek 2860’s. iPhone 11 & iPhone 7

Apple responded to my report with the following:

This will need to be resolved by the server administrator.

We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is assuming a SHA-256 HMAC with 96 bits instead of the standard 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits should fix this issue.

Thank you for your feedback.

I have now disabled the SHA-256 compatible mode (96 bit) on my VPN server and now it works.

@dominikconrads, it is nice that it works for you.
But all other still have the issue, so i would say apple should test that, and bring a solution.
In my case, we have sophos utm 9 in our company, and on all updated iphones and ipads
L2TP doesn't work anymore.

BR
Frank

Draytek have no plans to update this for the older routers 2820 model. I can connect to the newer models of Draytek's 2860 e.t.c.

I'm sure there are plenty of older routers that would not support this. Could this get changed back at all Apple and everyone should be happy:) ? Especially with a lot of people trying to work from home at the mo.


"This will need to be resolved by the server administrator.
We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is assuming a SHA-256 HMAC with 96 bits instead of the standard 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits should fix this issue."

Same issue on iPhone XR and iPad Pro with iOS 14.
I am not able to connect to our L2TP-VPN.
Other Devices with iOS 13 work fine.

Sadly that 14.0.1 still not fixed. I need to change my devices to android system. My router is Draytek 2906 but official support do not know if the latest firmware can support IOS14 or not.

Same issue with iPhone SE 2. Nothing best with upgrade IOS 14.0.1

Same issue here! No more connection to our VPN for those who updated to iOS 14 :-( very annoying even more with the current situation where we have to remote work!

I think that when the VPN is connected, the iPhone’s network is interrupted and then reconnected when the VPN tunnel is successfully established, and iOS14 may not interrupt the network connection.
After testing, I found that if after the first VPN connection, if the network is found to be interrupted, then turn on the airplane mode, and then immediately turn off the airplane mode, which is equivalent to the user manually disconnecting and reconnecting, then the VPN network is immediately available.

The same issue with iPhone X 😔

i have an sophos UTM with L2TP over IPsec VPN and IOS 14.0.1 (IPhone se2020)

so i change the IPsec Policy in "Remote Access -> IPsec -> L2TP-over-IPsec (Policy used for L2TP-over-IPsec)"

• --> IPsec encryption algorithm: 3DES

• --> IPsec authentication algorithm: SHA2 256

Restart the L2TP over IPsec VPN with the switch and
now it works

Same problem with iPadOs 14.0.1

On my VPN server, i desactivate SHA-256 compatible mode (96 bits), and it’s OK now

Disable SHA-256 compatible mode (96 bits) works for me

Disable SHA-256 compatible mode doesn’t work on my iPad Pro and on my iPhone XS (VPN on Synology). 😔