When I setup an IKEv2 VPN, which I use from Windows without issues, on OSX 10.11.1 it refuses to connect. I looked at /var/log/system.log and it seems like it's saying one of the IKEv2 components is missing. Has anyone gotten a certificate authenticated IKEv2 connection working in OSX? The VPN server is StrongSwan.
/var/log/system.log:Nov 27 09:16:09 Jeremiahs-MacBook-Pro nesessionmanager[608]: NESMIKEv2VPNSession[VPN (IKEv2):0EE0F0F7-F55C-4657-ABCB-9B51583F1D22]: Received a start command from com.apple.preference.network.re[868]
/var/log/system.log:Nov 27 09:16:09 Jeremiahs-MacBook-Pro nesessionmanager[608]: NESMIKEv2VPNSession[VPN (IKEv2):0EE0F0F7-F55C-4657-ABCB-9B51583F1D22]: status changed to connecting
/var/log/system.log:Nov 27 09:16:09 Jeremiahs-MacBook-Pro nesessionmanager[608]: Failed to find the VPN app for plugin type com.apple.neplugin.IKEv2
/var/log/system.log:Nov 27 09:16:09 Jeremiahs-MacBook-Pro neagent[2019]: Failed to process IKE SA Init packet
/var/log/system.log:Nov 27 09:16:09 Jeremiahs-MacBook-Pro nesessionmanager[608]: NESMIKEv2VPNSession[VPN (IKEv2):0EE0F0F7-F55C-4657-ABCB-9B51583F1D22]: status changed to disconnecting
/var/log/system.log:Nov 27 09:16:09 Jeremiahs-MacBook-Pro nesessionmanager[608]: NESMIKEv2VPNSession[VPN (IKEv2):0EE0F0F7-F55C-4657-ABCB-9B51583F1D22]: status changed to disconnected, last stop reason Stop command received
Best Answer
A little late , but I did get this working.
In
ipsec.conf, I had to update the ciphers and the rightauth. I'd prefer to use something better, but at the time it connects.BTW: even with connecting, I still get the above errors/warnings.
Update: I found that the mobileconfig profile needed for iOS can be used for OS X also, which will allow you to define and update the encryption algorithm, integrity algorithm and diffiehellman group. You can read about all the config settings on Apple's Developer site. It looks like you can max everything out at at AES-256/SHA2-512/18 (modp_8192)