IPSec IKEv2 not connect!

Hi,

Even i'm facing a similar issue when i choose the Authentication method as Certificate. The same seems to be working if i use a Shared Secret option

Below are the logs that i see.

Nov 24 03:02:40 Madhus-Mac-mini kernel[0]: ipsec_ctl_connect: creating interface ipsec0

Nov 24 03:02:40 Madhus-Mac-mini configd[49]: network changed

Nov 24 03:02:40 Madhus-Mac-mini neagent[3332]: BUG in libdispatch client: kevent[EVFILT_READ] delete: "Bad file descriptor" - 0x9

Nov 24 03:02:40 Madhus-Mac-mini kernel[0]: SIOCPROTODETACH_IN6: ipsec0 error=6

Nov 24 03:02:40 Madhus-Mac-mini configd[49]: network changed

Nov 24 03:02:40 Madhus-Mac-mini symptomsd[197]: nw_interface_create_with_name netutil_ifname_to_ifindex(ipsec0) failed, dumping backtrace:

[x86_64] libnetcore-582.1.4

I'm also running OS X El Capitan (10.11.1)

Could you post what was the problem and how did you fix it ?

We also encountered the problem with "Certificate authentication data could not be verified" message for some of our Mac OS El Capitan clients, but all our iOS and Android (strongSwan) clients connected fine. After troubleshooting, we discovered that Mac OS didn't validate the full certificate chain (intermediate certificates).

We're running the IPsec strongSwan server on pfSense configured with IKEv2 EAP-MSChapv2 (user+password authentication). The server is configured with a Comodo PositiveSSL certificate, with two intermediate certificates between our certificate and the root certificate http://i.imgur.com/rdGzIFW.png One thing we missed during configuration, was that the strongSwan needs the intermediate certificates as well. This was solved by exporting the two certificates (see screenshot above) and placing in /etc/ipsec.d/cacerts/ (of in the case of pfSense, importing both certificates as CA Certificates in the Certificate Manager and simply restarting the IPsec service, since this automatically copies the certs to the proper ipsec.d/cacerts directory).

The problem could also be solved by manually importing the two intermediate certificates to the client Mac OS Login Keychain (no custom trust settings).

Same problem 😟

IKEv2 EAP, Strongswan, OS X 10.11.5

Works fine few day (wife's mac still connects without any problem), but suddenly stop connecting:

28/06/16 21:06:50,728 nesessionmanager[541]: NESMIKEv2VPNSession[A:FC41EC93-DE7A-4B11-934C-409E9D2F229B]: Received a start command from com.apple.preference.network.re[369]

28/06/16 21:06:50,728 nesessionmanager[541]: NESMIKEv2VPNSession[A:FC41EC93-DE7A-4B11-934C-409E9D2F229B]: status changed to connecting

28/06/16 21:06:50,737 nesessionmanager[541]: Failed to find the VPN app for plugin type com.apple.neplugin.IKEv2

28/06/16 21:06:50,000 kernel[0]: ipsec_ctl_connect: creating interface ipsec0

28/06/16 21:06:50,768 racoon[412]: caught rtm:14, need update interface address list

28/06/16 21:06:50,769 racoon[412]: configuring default isakmp port.

28/06/16 21:06:50,770 racoon[412]: 16 addrs are configured successfully

28/06/16 21:06:50,772 configd[56]: network changed

28/06/16 21:06:50,774 racoon[412]: unsupported PF_KEY message REGISTER

28/06/16 21:06:50,774 racoon[412]: unsupported PF_KEY message REGISTER

28/06/16 21:06:50,929 neagent[585]: Failed to process IKE SA Init packet

28/06/16 21:06:50,929 racoon[412]: SADB delete message: proto-id 3

28/06/16 21:06:50,930 racoon[412]: src: xxx.xxx.xxx.xxx[0]

28/06/16 21:06:50,930 racoon[412]: dst: yyy.yyy.yyy.yyy[0]

28/06/16 21:06:50,930 racoon[412]: no iph2 found: ESP xxx.xxx.xxx.xxx[0]->yyy.yyy.yyy.yyy[0] spi=50113881(0x2fcad59)

28/06/16 21:06:50,930 racoon[412]: SADB delete message: proto-id 3

28/06/16 21:06:50,930 racoon[412]: src: xxx.xxx.xxx.xxx[0]

28/06/16 21:06:50,930 racoon[412]: dst: yyy.yyy.yyy.yyy[0]

28/06/16 21:06:50,930 racoon[412]: no iph2 found: ESP xxx.xxx.xxx.xxx[0]->yyy.yyy.yyy.yyy[0] spi=128599170(0x7aa4482)

28/06/16 21:06:50,930 racoon[412]: SADB delete message: proto-id 3

28/06/16 21:06:50,930 racoon[412]: src: xxx.xxx.xxx.xxx[0]

28/06/16 21:06:50,930 racoon[412]: dst: yyy.yyy.yyy.yyy[0]

28/06/16 21:06:50,930 racoon[412]: no iph2 found: ESP xxx.xxx.xxx.xxx[0]->yyy.yyy.yyy.yyy[0] spi=4750648(0x487d38)

28/06/16 21:06:50,930 neagent[585]: BUG in libdispatch client: kevent[EVFILT_READ] delete: "Bad file descriptor" - 0x9

28/06/16 21:06:50,930 racoon[412]: SADB delete message: proto-id 3

28/06/16 21:06:50,930 racoon[412]: src: xxx.xxx.xxx.xxx[0]

28/06/16 21:06:50,930 racoon[412]: dst: yyy.yyy.yyy.yyy[0]

28/06/16 21:06:50,930 racoon[412]: no iph2 found: ESP xxx.xxx.xxx.xxx[0]->yyy.yyy.yyy.yyy[0] spi=245150831(0xe9cb46f)

28/06/16 21:06:50,930 nesessionmanager[541]: NESMIKEv2VPNSession[A:FC41EC93-DE7A-4B11-934C-409E9D2F229B]: status changed to disconnecting

28/06/16 21:06:50,931 racoon[412]: SADB delete message: proto-id 3

28/06/16 21:06:50,931 racoon[412]: src: xxx.xxx.xxx.xxx[0]

28/06/16 21:06:50,931 racoon[412]: dst: yyy.yyy.yyy.yyy[0]

28/06/16 21:06:50,932 racoon[412]: no iph2 found: ESP xxx.xxx.xxx.xxx[0]->yyy.yyy.yyy.yyy[0] spi=196172545(0xbb15b01)

28/06/16 21:06:50,000 kernel[0]: SIOCPROTODETACH_IN6: ipsec0 error=6

28/06/16 21:06:50,935 racoon[412]: caught rtm:14, need update interface address list

28/06/16 21:06:50,935 nesessionmanager[541]: NESMIKEv2VPNSession[A:FC41EC93-DE7A-4B11-934C-409E9D2F229B]: status changed to disconnected, last stop reason Stop command received

28/06/16 21:06:50,939 configd[56]: network changed

28/06/16 21:06:50,939 racoon[412]: configuring default isakmp port.

28/06/16 21:06:50,939 racoon[412]: 16 addrs are configured successfully

28/06/16 21:06:50,956 symptomsd[215]: nw_interface_create_with_name netutil_ifname_to_ifindex(ipsec0) failed, dumping backtrace:

[x86_64] libnetcore-583.50.1

0 libsystem_network.dylib 0x00007fff8a8c0de9 __nw_create_backtrace_string + 123

1 libsystem_network.dylib 0x00007fff8a8e31f3 nw_interface_create_with_name + 179

2 Network 0x00007fff8e2b7edc -[NWInterface initWithInterfaceName:] + 120

3 SymptomEvaluator 0x00007fff8e5522fc config_callback + 874

4 SystemConfiguration 0x00007fff91ea7faf rlsPerform + 184

5 SystemConfiguration 0x00007fff91ebb3ab __SCDynamicStoreSetDispatchQueue_block_invoke_2 + 52

6 libdispatch.dylib 0x00007fff89b8993d _dispatch_call_block_and_release + 12

7 libdispatch.dylib 0x00007fff89b7e40b _dispatch_client_callout + 8

8 libdispatch.dylib 0x00007fff89b8303b _dispatch_queue_drain + 754

9 libdispatch.dylib 0x00007fff89b89707 _dispatch_queue_invoke + 549

10 libdispatch.dylib 0x00007fff89b81d53 _dispatch_root_queue_drain + 538

11 libdispatch.dylib 0x00007fff89b81b00 _dispatch_worker_thread3 + 91

12 libsystem_pthread.dylib 0x00007fff8c4944de _pthread_wqthread + 1129

13 libsystem_pthread.dylib 0x00007fff8c492341 start_wqthread + 13

28/06/16 21:06:50,956 symptomsd[215]: -[NWInterface initWithInterfaceName:] nw_interface_create_with_name(ipsec0) failed, dumping backtrace:

[x86_64] libnetcore-583.50.1

0 libsystem_network.dylib 0x00007fff8a8c0de9 __nw_create_backtrace_string + 123

1 Network 0x00007fff8e2b7f46 -[NWInterface initWithInterfaceName:] + 226

2 SymptomEvaluator 0x00007fff8e5522fc config_callback + 874

3 SystemConfiguration 0x00007fff91ea7faf rlsPerform + 184

4 SystemConfiguration 0x00007fff91ebb3ab __SCDynamicStoreSetDispatchQueue_block_invoke_2 + 52

5 libdispatch.dylib 0x00007fff89b8993d _dispatch_call_block_and_release + 12

6 libdispatch.dylib 0x00007fff89b7e40b _dispatch_client_callout + 8

7 libdispatch.dylib 0x00007fff89b8303b _dispatch_queue_drain + 754

8 libdispatch.dylib 0x00007fff89b89707 _dispatch_queue_invoke + 549

9 libdispatch.dylib 0x00007fff89b81d53 _dispatch_root_queue_drain + 538

10 libdispatch.dylib 0x00007fff89b81b00 _dispatch_worker_thread3 + 91

11 libsystem_pthread.dylib 0x00007fff8c4944de _pthread_wqthread + 1129

12 libsystem_pthread.dylib 0x00007fff8c492341 start_wqthread + 13

Hello,

Anyone from Apple can answer this question? I have exact same problem on El Captain 10.11.6: