IKEv2 and iOS
While this is not about Apple's Server.app specifically I suspect the people best able to comment on it will be experienced server admins i.e. those who are following this forum.
I am trying to 'upgrade' my currently working StrongSwan5 IKEv1 configuration as used with iOS devices and certificate based authentication to use IKEv2 as well/instead. I have got partly there in that I have added an IKEv2 config to StrongSwan and I can see in the log the connection attempt by the iOS 9.2.1 client and the client seems to be able to partially connect but it seems that the client i.e. iPhone is for some reason trying to use IKEv2 with EAP rather than as I want plain IKEv2 with no EAP. Here is a snippet from the log
Mar 2 12:52:59 ubuntu charon: 02[CFG] selected peer config 'IPSec-IKEv2'
Mar 2 12:52:59 ubuntu charon: 02[IKE] peer requested EAP, config inacceptable
Mar 2 12:52:59 ubuntu charon: 02[CFG] switching to peer config 'IPSec-IKEv2-EAP'
Mar 2 12:52:59 ubuntu charon: 02[IKE] initiating EAP_IDENTITY method (id 0x00)
Mar 2 12:52:59 ubuntu charon: 02[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
At the moment I am just using a manually entered IKEv2 configuration on the iPhone which is running iOS 9.2.1. I am not pushing the settings in a mobileconfig file. I know the certificates are correct and they do work in IKEv1 mode. In theory with plain IKEv2 and certificates there should be no use of username/password or a pre-shared-key. While in a mobileconfig there is a flag to set no extended authentication for IKEv2 i.e. no EAP, there is no option for this in the GUI, I am wondering if this is the problem, even though the GUI is not showing any boxes for a username/password.
I have entered valid details for Remote ID and Local ID.
On the iPhone itself when to ask it to connect it appears to immediately disconnect with no error shown on the iPhone screen, i.e. when you press the connect button to turn it green, it immediately unsets itself to not-green which is the disconnected state.