VPN client-to-site settings for MacOS 15 (Sequoia)
Hi, I'm currently using these settings for a working VPN connection from Windows native clients:
Gateway:
- SA Lifetime: 86400
- Negotiation mode: Main
- Proposal (enc/auth): 3DES/SHA1
- Key Group: DH2
Connection:
- SA Lifetime: 3600
- Active Protocol: ESP
- Encapsulation: Transport (L2TP/IPSec) or Tunnel (IKEv2)
- Proposal (enc/auth): AES256/SHA1
- PFS: None
These settings have proven stable and widely supported in Windows' native VPN client and work for both L2TP/IPSec and IKEv2. I now have to connect a new Mac with macOS 15 (Sequoia) via VPN and I'm looking for a minimal change to the above settings in order for the native Mac client to successfully connect.
If anyone has the working settings for the newsest MacOS, please share. I cannot find the supported protocols for Sequoia anywhere online.
Thanks!
PS: I'd like to use the native client on the Mac (or a free alternative), not a paid VPN client.
Accepted Solution
-
For anyone interested, the native macOS 15 Sonoma VPN client works with the settings that I have posted. No need to do any adjustements, L2TP/IPSec with pre-shared key worked flawlessly.
0
All Replies
-
USG60
0 -
For anyone interested, the native macOS 15 Sonoma VPN client works with the settings that I have posted. No need to do any adjustements, L2TP/IPSec with pre-shared key worked flawlessly.
0 -
Hi @MarkoD
Thank you for sharing your experience and the successful VPN settings for macOS 15 (Sonoma)!
To confirm, the default L2TP VPN setup using the Zyxel VPN wizard can indeed work with the following encryption settings:
- Phase 1: 3DES/SHA1/DH2
- Phase 2: 3DES/SHA1/None
Kay
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0 -
Dear @Zyxel_Kay, you can bump up security by using SHA256 instead of 3DES in Phase 2. It works for built-in clients in Windows and also Mac.
1 -
Hi @MarkoD
Thank you for sharing this valuable insight!
We've tested the following configuration for IKEv2 VPN between the USG60 and macOS 15, and it works with the native client:
- Phase 1: AES256, SHA256, DH19
- Phase 2: AES256, SHA256, PFS: None
Kay
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight