Not cool Apple... You've change the supported ciphers on iOS 14 and didn't even mention it in your release notes or the following documentation which can now be considered outdated: https://developer.apple.com/documentation/devicemanagement/vpn/ikev2/ikesecurityassociationparameters After manually tracing the packets, I found out that these are the accepted cipher proposals on iOS 14: Transform Type: Encryption Algorithm (ENCR) Transform ID (ENCR): ENCR_AES_CBC Transform Type: Pseudo-random Function (PRF) Transform ID (PRF): PRF_HMAC_SHA2_256 Transform Type: Integrity Algorithm (INTEG) Transform ID (INTEG): AUTH_HMAC_SHA2_256_128 Transform Type: Diffie-Hellman Group (D-H) Transform ID (D-H): 2048 bit MODP group And these are the accepted ciphers, tested on iOS 13.7: Transform Type: Encryption Algorithm (ENCR) Transform ID (ENCR): ENCR_3DES Transform Type: Pseudo-random Function (PRF) Transform ID (PRF): PRF_HMAC_SHA1 Transform Type: Integrity Algorithm (INTEG) Transform ID (INTEG): AUTH_HMAC_SHA1_96 Transform Type: Diffie-Hellman Group (D-H) Transform ID (D-H): Alternate 1024-bit MODP group If this is not meant to be, then it needs to be patched asap. Otherwise, please document the changes properly.