Zyxel Firewall [VPN] - Why can't I establish a VPN connection after updating to macOS Sonoma

This article guides resolving VPN connection issues that may arise after upgrading to macOS Sonoma. It applies to the following Zyxel Firewall series: ATP, USG FLEX, and USG FLEX H. And answers the question Why can't I establish a VPN connection after upgrading to macOS Sonoma? How to solve this problem?

topology.png

Answer :

Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work.

USG Flex/ATP firewall model settings:

Please navigate to Configuration > VPN > IPsec > VPN Gateway > To add the VPN phase 1 setting. Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH19.

VPN_Gateway_phase1.png

Please navigate to Configuration > VPN > IPsec > VPN Connection > To add the VPN phase 2 setting. Please configure Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.

VPN_Connection_phase2.png

USG Flex H firewall model settings:

Please navigate to VPN > IPsec VPN > To set the IKEv2 related information, as shown below:

gui.png
gui-2--.png

 

Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH21 and Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.

gui-2_.png

Download the VPN configuration script .mobileconfig file to the Mac device.

download VPN script.png

Mac device settings:

Please navigate to System Settings > Privacy & Security to install the profile.

image.png

Allow to install the script file.

image.png

Edit the IKEv2 VPN profile, select 'User authentication,' and then choose 'Username.' After that, input the username and password.

image.png

Type the Mac device's password and click OK.

image-cef24aad600ab-0876.png

Please navigate to System Settings > VPN and edit the profile.

image-ede49e8b35da2-75a6.png

Choose User authentication to Username and type the username and password.

image-919288b5e499d-39ec.png

Dial the IKEv2 VPN connection successfully.

image-eeb04fae426d9-25d0.png

How to verify the result?

USG Flex/ATP firewall:

Please navigate to the path: Monitor > VPN Monitor> IPSec, you will find that the IKEv2 VPN connection has been established.

vpn connection.png

USG Flex H firewall:

Please navigate to the path: VPN Status > IPsec VPN > Remote Access VPN, you will find that the IKEv2 VPN connection has been established.

vpn result.png

Articles in this section

Was this article helpful?
0 out of 2 found this helpful
Share