L2TP VPN configuration iOS 14

Same here with a synology diskstation and iOS 14 devices (iphones, ipads).

Switching off "Enable SHA2-256 compatible mode (96 bit)" fixes it.

To conclude: this makes the connection more secure because it doesn't allow a smaller keyed-hash message authentication code of only 96 bits anymore, but will require/use something larger, right?

It won't be fixed by apple update!! i Use iOS 14.2 beta instead. Problem not solved.

We have to change Server Site!
This helpful answer for Sophos Users fixed our Problem for now.
:


i have an sophos UTM with L2TP over IPsec VPN and IOS 14.0.1 (IPhone se2020)

so i change the IPsec Policy in "Remote Access -> IPsec -> L2TP-over-IPsec (Policy used for L2TP-over-IPsec)"

• -> IPsec encryption algorithm: 3DES

• -> IPsec authentication algorithm: SHA2 256

Restart the L2TP over IPsec VPN with the switch and
now it works 
Posted 1 week ago by spin_tb

So why is this working on your synology and not on mine? What exactly did you do? Only disable the chekbox? That's all?
EDIT: Works now. Had to update the synology to DSM 6.2.3-25426 Update 2 and to assign a new shared secret (for what so ever).

same result with IOs14.1 GM
"The l2TP-VPN server is did not respond. try reconnecting. if the problem
continues, verify your settings and contact your admin."
ios 13.7 it connects fine with the same exact settings.
How can I fix that
my VPN provider told me they will not change the settings because of clients which cannot upgrade the chipper.

I looked internally on one of the original bug reports here; Please make sure that you check this on the server side as well:

We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is assuming a SHA-256 HMAC with 96 bits instead of the standard 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits should fix this issue.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Matt Eaton, can this be set back at all?
we have many customers using older routers that do not support this.
Still the same on iOS 14.1

I was really hoping for a change on this.

@Matt Eaton
not all have the chance to edit the server side.
my vpn provider told me they will not change the settings as they have older clients which will then stop working.
so please fix this from the Apple side that the same chipper as in IOs13.7 is allowed.
Thanks

By changing the server settings everything worked for me.

Until today...

Without update to iPadOS 14.1 the VPN connection was disconnected and can't be established anymore with the known error message. Restarting the pad does not help, just like the update afterwards. The connection with a Windows computer works.

What does Apple actually do there?

I want to post a quick clarification about policy. Developer Forums is, as indicated by the name, a site to discuss developer issues. That puts this thread somewhat off topic because L2TP has no API surface. The API we do have for setting up the built-in VPN transports, NEVPNManager aka Personal VPN, does not support legacy VPN protocols like L2TP.

Given that, this discussion would be better suited to Apple Support Communities, run by Apple Support, and specifically the in Business and Education topic areas, where you’re more likely to find folks with L2TP experience.

Having said that, we’re not going to do anything silly here, like lock the thread. While we discourage off-topic conversations, they don’t actually cause that much harm.

However, you’re unlikely to get more answers from DTS here. DTS does not provide formal support via DevForums but, even if we did, we don’t support this. DTS’s role here at Apple is to support the APIs in our platform SDKs, Apple tools, some Apple services (like notarisation), and accessory development. We don’t support the behaviour of built-in system components, like L2TP. That’s the purview of Apple Support.

Finally, if you believe that L2TP is not working correctly, the first thing to do is to file a bug against it. That’s the best way to get your feedback in front of the engineers who have the power to fix such bugs.

So, to summarise:

• If you’d like to see Apple make a change here, please file a bug.

• If you’re seeking informal help, or just want to discuss this issue with your peers, you should pop on over to Apple Support Communities.

• If you’re seeking formal support, you should talk to Apple Support.

Best of luck!

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

Hi
I had same issue with iPhone5 SE updated to IOS 14 this week and VPN server hosted in SYnology.
I solved it in the VPN server settings by unchecking the "enable SHA2-256 compatible mode (96 bits)".
Then it worked OK immediately.

Hope it helps others

Hi I need to L2TP keys for connection to vpn i