Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Zyxel Employee
Question :
Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Answer :
Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work.
USG Flex/ATP firewall model settings:
Please navigate to Configuration > VPN > IPsec > VPN Gateway > To add the VPN phase 1 setting. Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH19.
Please navigate to Configuration > VPN > IPsec > VPN Connection > To add the VPN phase 2 setting. Please configure Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.
USG Flex H firewall model settings:
Please navigate to VPN > IPsec VPN > To set the IKEv2 related information, as shown below:
Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH21 and Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.
Download the VPN configuration script .mobileconfig file to the Mac device.
Mac device settings:
Please navigate to System Settings > Privacy & Security to install the profile.
Allow to install the script file.
Edit the IKEv2 VPN profile, select 'User authentication,' and then choose 'Username.' After that, input the username and password.
Type the Mac device's password and click OK.
Please navigate to System Settings > VPN and edit the profile.
Choose User authentication to Username and type the username and password.
Dial the IKEv2 VPN connection successfully.
How to verify the result?
USG Flex/ATP firewall:
Please navigate to the path: Monitor > VPN Monitor> IPSec, you will find that the IKEv2 VPN connection has been established.
USG Flex H firewall:
Please navigate to the path: VPN Status > IPsec VPN > Remote Access VPN, you will find that the IKEv2 VPN connection has been established.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 246 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight