strongSwan is effectively incompatible with iOS 10+ and macOS 10.11+ devices. Dead peer detection does not work for these devices and they continually re-establish security associations (SAs) as a result. Please see the issue's described in further detail below:
In order to test this issue:
1. Deploy an Ubuntu 16.04 server with strongSwan via Algo (https://github.com/trailofbits/algo)
2. Connect an iOS client
3. Wait a few minutes for the reconnects to start based on broken dead peer detection
In order to test the fix for this issue:
1. Deploy an Ubuntu 17.04 server with strongSwan via Algo
2. Connect an iOS client
3. Wait the same time period as before and notice that the connection does not drop
Ubuntu 17.04 has packaged strongSwan 5.5.1 which fixes this issue. I would recommend backporting strongSwan 5.5.1 to Ubuntu 16.04.
strongSwan is effectively incompatible with iOS 10+ and macOS 10.11+ devices. Dead peer detection does not work for these devices and they continually re-establish security associations (SAs) as a result. Please see the issue's described in further detail below:
strongSwan confirmed the issue and patched it in 5.5+: /wiki.strongswa n.org/issues/ 2126
https:/
strongSwan recommends a workaround that breaks other functionality: /wiki.strongswa n.org/projects/ strongswan/ wiki/AppleClien ts#IKEv2- on-iOS- 9-and-iOS- 10
https:/
Ubuntu users are running into this bug in normal usage: /github. com/trailofbits /algo/issues/ 430
https:/
In order to test this issue: /github. com/trailofbits /algo)
1. Deploy an Ubuntu 16.04 server with strongSwan via Algo (https:/
2. Connect an iOS client
3. Wait a few minutes for the reconnects to start based on broken dead peer detection
In order to test the fix for this issue:
1. Deploy an Ubuntu 17.04 server with strongSwan via Algo
2. Connect an iOS client
3. Wait the same time period as before and notice that the connection does not drop
Ubuntu 17.04 has packaged strongSwan 5.5.1 which fixes this issue. I would recommend backporting strongSwan 5.5.1 to Ubuntu 16.04.