USG FLEX H Series [Firewall] - How to Configure IKEv2 Remote Access VPN with Apple MAC OS Sonoma native VPN client?

Created - Updated
Serhii Boiarynov
Print Friendly and PDF
Have more questions? Submit a request

This article provides a step-by-step guide on configuring IKEv2 Remote Access VPN for Apple macOS Sonoma devices. Due to the elevated encryption requirements of the macOS Sonoma native VPN client, it becomes essential to adjust the default encryption algorithm from AES128 to AES256 for the successful establishment of the remote VPN connection. After installing the provisioning file on the MAC device, users are prompted to modify the user authentication settings to include a username and password. This step ensures a secure and tailored authentication process for accessing the VPN connection.

Disclaimer!  This article offers a general overview of the series and may not apply uniformly to every model, 
software/firmware version. Before purchasing or using the device, please consult the 
model/version-specific documentation or contact technical support for accurate information.

Note: If you can't establish a VPN connection after upgrading to macOS Sonoma? To solve this problem, please read this article: Zyxel USG FLEX H Series [VPN] - Why can't I establish a VPN connection after updating to macOS Sonoma


topology.png

  • Log in to the web GUI of your firewall
Go to VPN > IPsec VPN > To set the IKEv2 related information, as shown below:

Scroll down the page until you see "Advanced Settings"

To ensure optimal security, please set both Phase 1 and Phase 2 Encryption and Authentication settings to AES256/SHA256. In the case of the Apple MAC OS Sonoma native VPN client, this is a must. 

Вownload the "VPN Configuration Script Download" file to your macOS device and install it

  • To set the profile on your MAC OS
Go to System Preferences > Privacy and Security

install profile.png

  • Double-click on the downloaded profile and install it

install profile_2.png

install profile_3.png

MAC may prompt for an administrator username and password to set the profile, enter the details, and click "OK"

Go to System Settings > VPN and edit the profile

  • Choose User authentication to Username and type the username and password

user authentication.png

  • Enable VPN connections and you're done

dial VPN.png

To verify the successful configuration and establishment of the IKEv2 VPN connection with the specified settings, follow these steps:

  • Navigate to the USG Flex H graphical user interface (GUI)
  • Access the VPN Status section
  • Within the VPN Status, go to IPsec VPN
  • Select Remote Access VPN

Upon reaching this location, you should observe that the IKEv2 VPN connection has been successfully established

 

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful
Share