• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

MacOS Ventura and IPSec Mobile Clients

IPsec
4
15
2.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mattsowders1989
    last edited by Jan 17, 2023, 8:52 PM

    cant figure out how to make Ventura connect.login-to-view

    M R N 3 Replies Last reply Jan 17, 2023, 8:55 PM Reply Quote 0
    • M
      mattsowders1989 @mattsowders1989
      last edited by Jan 17, 2023, 8:55 PM

      the only thing i can come up with is an algorithm issue but i cant find any info. Any help would be greatly appreciated. Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @mattsowders1989
        last edited by Jan 17, 2023, 11:10 PM

        @mattsowders1989 I have had no issues getting my Macs to connect on V2... you're using a V1, though.

        Try changing to V2 and enabling MOBIKE and see if that works

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        M 2 Replies Last reply Jan 18, 2023, 1:44 PM Reply Quote 0
        • N
          NogBadTheBad @mattsowders1989
          last edited by Jan 18, 2023, 8:38 AM

          @mattsowders1989 The following works for me with Monterey and IOS:-

          login-to-view

          Could do with tightening up a bit as I don't use any Windows clients anymore.

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • M
            mattsowders1989 @rcoleman-netgate
            last edited by Jan 18, 2023, 1:44 PM

            @rcoleman-netgate I am using IKEv2 and MOBIKE enabled.login-to-view

            1 Reply Last reply Reply Quote 0
            • M
              mattsowders1989 @rcoleman-netgate
              last edited by Jan 18, 2023, 1:47 PM

              @rcoleman-netgate I have no issues with Monterey or iOS either. I do with Ventura though. No error on the Mac side, it just switches back to disconnected right after to try to connect.

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Jan 18, 2023, 2:32 PM

                Use a profile, don't rely on the defaults. If you have plus, use the Apple IPsec Export function to make a profile (VPN > IPsec Export: Apple Profile). If you are on CE, then download the utility from Apple to create a profile manually.

                That's going to be the most reliable way to make sure it uses the appropriate configuration.

                Also it's helpful to review the profile reference to make sure you're using what Apple considers a valid combination of options:

                https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf

                Using a profile, I have no problem getting macOS 13.1 to connect and pass traffic.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                N 1 Reply Last reply Jan 18, 2023, 4:22 PM Reply Quote 0
                • N
                  NogBadTheBad @jimp
                  last edited by NogBadTheBad Jan 18, 2023, 4:26 PM Jan 18, 2023, 4:22 PM

                  @jimp I tried ages back with the profiles and it would only seem to export my self signed CA and not the certificate used in phase 1, maybe I'm just doing it wrong.

                  Andy

                  1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                  J 1 Reply Last reply Jan 18, 2023, 4:27 PM Reply Quote 0
                  • J
                    jimp Rebel Alliance Developer Netgate @NogBadTheBad
                    last edited by Jan 18, 2023, 4:27 PM

                    @nogbadthebad said in MacOS Ventura and IPSec Mobile Clients:

                    @jimp I tried ages back with the profiles and it would only seem to export my self signed CA and not the certificate used in phase 1, maybe I'm just doing it wrong

                    The CA is what gets imported to the client (so it can validate the server cert), the server certificate never gets copied to the client.

                    Client certificates would get copied to the client as well if it's using EAP-TLS.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    N 1 Reply Last reply Jan 18, 2023, 4:29 PM Reply Quote 1
                    • N
                      NogBadTheBad @jimp
                      last edited by Jan 18, 2023, 4:29 PM

                      @jimp Ah I'm using EAP-RADIUS.

                      Andy

                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                      J 1 Reply Last reply Jan 18, 2023, 4:34 PM Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate @NogBadTheBad
                        last edited by Jan 18, 2023, 4:34 PM

                        @nogbadthebad said in MacOS Ventura and IPSec Mobile Clients:

                        @jimp Ah I'm using EAP-RADIUS.

                        Then all you'd need is the CA that signed the server cert so the client can validate it as needed.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • M
                          mattsowders1989
                          last edited by Jan 18, 2023, 9:26 PM

                          I've tried everything to no avail. This is the first time I'm seeing this but when i try to import a vpn profile using Apple Configurator, I get an error "VPN Profile installation failed". Giving up for the day. Been a long one. Will keep digging tomorrow. Thanks everyone.

                          1 Reply Last reply Reply Quote 0
                          • M
                            mattsowders1989
                            last edited by Jan 27, 2023, 5:32 PM

                            Anyone ever experience a similar issue? I am still stumped.

                            1 Reply Last reply Reply Quote 0
                            • J
                              jimp Rebel Alliance Developer Netgate
                              last edited by Jan 27, 2023, 6:04 PM

                              Hard to say what might have happened from that error message. Apple can sometimes be a bit generic/unhelpful in that department.

                              I can say, though, that using our profile export tool on Plus I've generated and imported profiles for EAP-MSCHAPv2, EAP-RADIUS, and EAP-TLS using a variety of different P1/P2 configuration combinations and they all work perfectly with the latest version of the package (1.1_1).

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • M
                                mattsowders1989
                                last edited by Mar 2, 2023, 7:48 PM

                                Turns out my issue was within phase 2 on the tunnel. I mistakenly unchecked "SHA384". Smh...... Just wanted to share.

                                1 Reply Last reply Reply Quote 1
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.