VPN client-to-site settings for MacOS 15 (Sequoia)

MarkoD · October 2024

Hi, I'm currently using these settings for a working VPN connection from Windows native clients:

Gateway:
- SA Lifetime: 86400
- Negotiation mode: Main
- Proposal (enc/auth): 3DES/SHA1
- Key Group: DH2

Connection:
- SA Lifetime: 3600
- Active Protocol: ESP
- Encapsulation: Transport (L2TP/IPSec) or Tunnel (IKEv2)
- Proposal (enc/auth): AES256/SHA1
- PFS: None

These settings have proven stable and widely supported in Windows' native VPN client and work for both L2TP/IPSec and IKEv2. I now have to connect a new Mac with macOS 15 (Sequoia) via VPN and I'm looking for a minimal change to the above settings in order for the native Mac client to successfully connect.

If anyone has the working settings for the newsest MacOS, please share. I cannot find the supported protocols for Sequoia anywhere online.

Thanks!

PS: I'd like to use the native client on the Mac (or a free alternative), not a paid VPN client.

MarkoD · October 2024

For anyone interested, the native macOS 15 Sonoma VPN client works with the settings that I have posted. No need to do any adjustements, L2TP/IPSec with pre-shared key worked flawlessly.

Zyxel_Kay · October 2024

Hi @MarkoD

Thank you for sharing your experience and the successful VPN settings for macOS 15 (Sonoma)!

To confirm, the default L2TP VPN setup using the Zyxel VPN wizard can indeed work with the following encryption settings:

Phase 1: 3DES/SHA1/DH2
Phase 2: 3DES/SHA1/None

Zyxel_Kay · October 2024

Hi @MarkoD

Thank you for sharing this valuable insight!

We've tested the following configuration for IKEv2 VPN between the USG60 and macOS 15, and it works with the native client:

Phase 1: AES256, SHA256, DH19
Phase 2: AES256, SHA256, PFS: None

Caroll · October 2024

Hi @MarkoD, which firewall model are you using?

MarkoD · October 2024

https://community.zyxel.com/en/discussion/comment/70604#Comment_70604

USG60

MarkoD · October 2024

For anyone interested, the native macOS 15 Sonoma VPN client works with the settings that I have posted. No need to do any adjustements, L2TP/IPSec with pre-shared key worked flawlessly.

Zyxel_Kay · October 2024

Hi @MarkoD

Thank you for sharing your experience and the successful VPN settings for macOS 15 (Sonoma)!

To confirm, the default L2TP VPN setup using the Zyxel VPN wizard can indeed work with the following encryption settings:

Phase 1: 3DES/SHA1/DH2
Phase 2: 3DES/SHA1/None

MarkoD · October 2024

Dear @Zyxel_Kay, you can bump up security by using SHA256 instead of 3DES in Phase 2. It works for built-in clients in Windows and also Mac.

Zyxel_Kay · October 2024

Hi @MarkoD

Thank you for sharing this valuable insight!

We've tested the following configuration for IKEv2 VPN between the USG60 and macOS 15, and it works with the native client:

Phase 1: AES256, SHA256, DH19
Phase 2: AES256, SHA256, PFS: None

MatteoFF · April 6

Sorry ... but I entered the parameters you indicated and nothing works. I have the client-gateway connection but there is no packet traffic. I can't ping, connect to an internal website or to the NAS via SMB/AFP. Can you help me?

MarkoD · April 6

@MatteoFF If you can establish the VPN connection but there is no packet flow, then you need to check your Policy Routes and/or firewall rules.

MatteoFF · April 8

https://community.zyxel.com/en/discussion/comment/76443#Comment_76443

I tried disabling "Policy Route" but it doesn't change anything. With Microsoft Windows 10/11 everything works perfectly.

Whit IPSec IKEv2 of Mac, the connection don't start; whit Zyxel SecuExtender IPSec the connection start but there is no packet traffic. And this only happens on Mac.

VPN client-to-site settings for MacOS 15 (Sequoia)

Best Answers

All Replies

Categories

Security Help Center