L2TP over IPSec Update For Sonicwall VPN for MacOS Big Sur/Monterey

We had a user that upgraded there Mac to Monterey and the VPN stopped working. I believe it probably due to the L2TP update they did on there end which now requires us to switch L2TP to SHA-256 to 128 Bit.

" Starting with iOS 14 and macOS Big Sur (coming soon), IPsec supports HMAC-SHA-256 with L2TP VPN. To make sure that VPN client devices running iOS 14 and macOS Big Sur can connect to your L2TP VPN server, configure the server to truncate the output of the SHA-256 hash to 128 bits. Truncating to fewer than 128 bits will result in L2TP VPN failing to connect. "

How exactly do we have to changed to fix this with the L2TP over IPSEC settings to do this as I can’t find 128 bit anywhere in the profile settings for VPN or L2TP settings on the sonicwall.

I assume do I just changed the IKE Proposal 2 to AES-128 or is there soemthing else I need to do?

Also wondering what kind of affect this could have on other users running older Macs or Windows clients (global VPN client) would have

“configure the server to truncate the output of the SHA-256 hash to 128 bits.”

What the heck does that mean? are we forcing a 256 hash into a 128? I have never seen that option on any VPN server.

Where did you get that quote from? does it have examples on how to accomplish this truncation in other VPN services? like Microsoft/Windows or something?

I’ve had managers and vendors tell me to do stuff that’s literally impossible to accomplish before.

Have you compared to the SonicWall KB? No issues my side. https://www.sonicwall.com/support/knowledge-base/l2tp-vpn-configuration-on-mac-os-x/170505942152169/

From Apple website: Configuring L2TP VPN servers to work with iOS 14 and macOS Big Sur client devices - Apple Support

That is a very terse article. I have no idea what they mean. I have not heard of truncating a SHA hash either on the client or server side.

Personally, this is why I don’t use L2TP.