Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile Ipsec VPN Apple Mac client settings

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 2 Posters 848 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cre8toruk
      last edited by

      Hi All, I've got my Windows clients all connecting no problem to my ipsec vpn.
      Now I'm trying to get some Apple Max OSX (10.x) clients to connect.
      I've followed the instructions but all i get is an authentication failure... and 11[IKE] <bypasslan|13> peer requested EAP, config inacceptable in the log.

      I'm trying to get it to authenticate via our RADIUS which is all setup and working for the windows clients... I'm googling all over the place trying to figure it out, but if anyone can save me some time that'd be great...

      Kind regards.

      Paul.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Anything in the OSX logs?

        What settings are you using now in pfSense?
        Still close to this?: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ikev2-with-eap-radius.html

        Steve

        C 1 Reply Last reply Reply Quote 0
        • C
          cre8toruk @stephenw10
          last edited by

          @stephenw10 Hi, yes exactly as per.... windows clients work no problem Mac native client prompts for username and passwords no checked logs on the Mac not sure I know where to go to do find them

          1 Reply Last reply Reply Quote 1
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Have a look at the hangout we did on this:
            https://youtu.be/iJ5GACqfIGs?t=1847

            I suspect some of the default ciphers used may have been set to high levels since then in OSX but the error you're seeing seems more like an authentication issue.

            Steve

            C 1 Reply Last reply Reply Quote 1
            • C
              cre8toruk @stephenw10
              last edited by

              @stephenw10 hi, the video seems to show using the OpenVPN client.. the mac's in question have viscosity and can connect with OpenVPN. What I'm looking to do is use an Ipsec vpn client with radius for the authentication.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                The point where I linked to in the video is covering mobile IPSex IKEv2 EAP to OSX/iOS. OpenVPN was covered in the first part of the hangout.

                Steve

                C 1 Reply Last reply Reply Quote 1
                • C
                  cre8toruk @stephenw10
                  last edited by

                  @stephenw10 Ahh sorry my apologies... so in your setup you're using SHA1 and 3DES, however I've already got this setup for my windows clients and they're using SHA256 and AES 256 oh and DH group 14 (2048)... is there a way of forcing that on OSX that you've come across or do I need to "downgrade" it for OSX?

                  thanks again for your help.

                  Paul.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    It's been while since I tried it but I think you had to deploy it as a profile to OSX to use anything but the default options there.

                    However since that hangout was made I also think OSX may have stepped up the encryption levels it uses by default... so maybe a bit of both in play here. I know at the time we chose those settings as the only thing that would work with everything.

                    Try setting it to the values in the hangout to make sure it connects and it is a encryption settings issue. If so look at deploying via a profile.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.