This article guides resolving VPN connection issues that may arise after upgrading to macOS Sonoma. It applies to the following Zyxel Firewall series: ATP, USG FLEX, and USG FLEX H. And answers the question Why can't I establish a VPN connection after upgrading to macOS Sonoma? How to solve this problem?
Answer :
Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work.
USG Flex/ATP firewall model settings:
Please navigate to Configuration > VPN > IPsec > VPN Gateway > To add the VPN phase 1 setting. Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH19.
Please navigate to Configuration > VPN > IPsec > VPN Connection > To add the VPN phase 2 setting. Please configure Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.
USG Flex H firewall model settings:
Please navigate to VPN > IPsec VPN > To set the IKEv2 related information, as shown below:
Please configure Phase 1 Encryption and Authentication settings to AES256/SHA256 DH2/DH14/DH21 and Phase 2 Encryption and Authentication settings to AES256/SHA256 Perfect Forward Secrecy(PFS) : None.
Download the VPN configuration script .mobileconfig file to the Mac device.
Mac device settings:
Please navigate to System Settings > Privacy & Security to install the profile.
Allow to install the script file.
Edit the IKEv2 VPN profile, select 'User authentication,' and then choose 'Username.' After that, input the username and password.
Type the Mac device's password and click OK.
Please navigate to System Settings > VPN and edit the profile.
Choose User authentication to Username and type the username and password.
Dial the IKEv2 VPN connection successfully.
How to verify the result?
USG Flex/ATP firewall:
Please navigate to the path: Monitor > VPN Monitor> IPSec, you will find that the IKEv2 VPN connection has been established.
USG Flex H firewall:
Please navigate to the path: VPN Status > IPsec VPN > Remote Access VPN, you will find that the IKEv2 VPN connection has been established.