Hi,
I made some progress on this issue. As I said, I opened two bug reports, and got help on the MAC OS X.
In short:
1. LocalIdentifier within VPN Profile, cannot be set as of type ASN1DN (I was using that one). This is incorrect information that can be found at both: Configuration Profile Key Reference, and also within Apple Configurator GUI.
2. Certificate used (client side) must contain Subject Alternative Name, and that name should be then used as LocalIdentifier (in case where certificate authentication is used).
After making new client certificate, and reconfiguring VPN connection details (on VPN server and client's VPN Profile), I got working VPN, for the moment on MAX OS X. But still then, the "error" is again present:
15/02/16 16:57:08,292 nesessionmanager[3793] NESMIKEv2VPNSession[appletest:F456A429-EE4B-4BC1-8D4A-16237AE707A1]: Received a start command from com.apple.preference.network.re[3786]
15/02/16 16:57:08,294 nesessionmanager[3793] NESMIKEv2VPNSession[appletest:F456A429-EE4B-4BC1-8D4A-16237AE707A1]: status changed to connecting
15/02/16 16:57:08,301 nesessionmanager[3793] Failed to find the VPN app for plugin type com.apple.neplugin.IKEv2
15/02/16 16:57:08,333 neagent[3835] IKEv2 Plugin: ikev2_dns_callback: Error -65554
15/02/16 16:57:08,000 kernel[0] ipsec_ctl_connect: creating interface ipsec0
15/02/16 16:57:08,338 configd[56] network changed
15/02/16 16:57:08,566 ApplicationManager[3834] [EventWatchFile] open(/Users/fmc01/Library/Application Support/Firefox/(null)/prefs.js) has failed: No such file or directory
15/02/16 16:57:08,567 com.apple.xpc.launchd[1] (com.spigot.ApplicationManager[3834]) Service exited due to signal: Trace/BPT trap: 5
15/02/16 16:57:08,567 diagnosticd[127] error evaluating process info - pid: 3834, puniqueid: 3834
15/02/16 16:57:08,567 com.apple.xpc.launchd[1] (com.spigot.ApplicationManager) Service only ran for 1 seconds. Pushing respawn out by 9 seconds.
15/02/16 16:57:08,711 ReportCrash[3820] Saved crash report for ApplicationManager[3834] version 1.1 (1.1.20) to /Users/fmc01/Library/Logs/DiagnosticReports/ApplicationManager_2016-02-15-16570 8_mac-00363.crash
15/02/16 16:57:08,712 ReportCrash[3820] Removing excessive log: file:///Users/fmc01/Library/Logs/DiagnosticReports/ApplicationManager_2016-02-1 5-165346_mac-00363.crash
15/02/16 16:57:08,000 kernel[0] ipsec0: is now delegating en0 (type 0x6, family 2, sub-family 3)
15/02/16 16:57:08,772 acvpnagent[52] A new network interface has been detected.
15/02/16 16:57:08,772 acvpnagent[52] Function: logInterfaces File: ../../vpn/AgentUtilities/Routing/InterfaceRouteMonitorCommon.cpp Line: 477 IP Address Interface List: FE80:0:0:0:A65E:60FF:FECA:4721 130.243.67.160 FE80:0:0:0:9C69:62FF:FEB3:410B 172.21.10.105
15/02/16 16:57:08,772 acvpnagent[52] Function: netInterfaceNoticeCategoryHandler File: ../../vpn/Agent/MainThread.cpp Line: 7496 Network Interface change detected, refreshing physical MAC addresses
15/02/16 16:57:08,786 configd[56] network changed: v4(en0:130.243.67.160, ipsec0+:172.21.10.105) DNS Proxy SMB
15/02/16 16:57:09,111 nesessionmanager[3793] NESMIKEv2VPNSession[appletest:F456A429-EE4B-4BC1-8D4A-16237AE707A1]: status changed to connected
15/02/16 16:57:13,853 acvpnagent[52] Function: GetPrimaryInterfaceIndex File: ../../vpn/Common/Utility/NetInterface_unix.cpp Line: 422 Unable to get global IPv6 information from system configuration.
15/02/16 16:57:13,854 acvpnagent[52] Function: determinePublicAddrCandidateFromDefRoute File: ../../vpn/AgentUtilities/HostConfigMgr.cpp Line: 1769 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface Return Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
...
On the other side, with same VPN Profile, and same certificates uses as I am using on MAC, iOS now complains about certificate:
Feb 16 17:52:34 Gorans-iPhone Preferences[7970] <Warning>: +[VPNBundleController networkingIsDisabled]: Airplane mode: 0, WiFi Enabled: 1
Feb 16 17:52:34 Gorans-iPhone nesessionmanager[5631] <Notice>: NESMIKEv2VPNSession[vpntest:1BABAB0B-84B6-400E-B942-E1FC120C7EAB]: Received a start command from Preferences[7970]
Feb 16 17:52:34 Gorans-iPhone nesessionmanager[5631] <Notice>: NESMIKEv2VPNSession[vpntest:1BABAB0B-84B6-400E-B942-E1FC120C7EAB]: status changed to connecting
Feb 16 17:52:34 Gorans-iPhone nesessionmanager[5631] <Error>: Plugin com.apple.neplugin.IKEv2 does not have a bundle URL
Feb 16 17:52:34 Gorans-iPhone neagent[8091] <Error>: IKEv2 Plugin: ikev2_dns_callback: Error -65554
Feb 16 17:52:34 Gorans-iPhone configd[5547] <Notice>: network changed
Feb 16 17:52:35 Gorans-iPhone neagent[8091] <Error>: SecTrustEvaluate [root AnchorTrusted]
Feb 16 17:52:35 Gorans-iPhone neagent[8091] <Error>: Certificate authentication data could not be verified
Feb 16 17:52:35 Gorans-iPhone neagent[8091] <Error>: Failed to process IKE Auth packet
Feb 16 17:52:35 Gorans-iPhone neagent[8091] <Notice>: BUG in libdispatch client: kevent[EVFILT_READ] delete: "Bad file descriptor" - 0x9
Feb 16 17:52:35 Gorans-iPhone nesessionmanager[5631] <Notice>: NESMIKEv2VPNSession[vpntest:1BABAB0B-84B6-400E-B942-E1FC120C7EAB]: status changed to disconnecting
Feb 16 17:52:35 Gorans-iPhone configd[5547] <Notice>: network changed
Feb 16 17:52:35 Gorans-iPhone kernel[0] <Notice>: SIOCPROTODETACH_IN6: ipsec0 error=6
Feb 16 17:52:35 Gorans-iPhone nesessionmanager[5631] <Notice>: NESMIKEv2VPNSession[vpntest:1BABAB0B-84B6-400E-B942-E1FC120C7EAB]: status changed to disconnected, last stop reason Stop command received
...
I am using CaCert signed certificates, for both: VPN server and client, so I am not sure what's causing this error. CaCert is public CA, but really not present on iOS list of trusted root CAs. Could it be the cause of the issue? Root CA certificate, that I am using in my tests, are accepted as "trusted" on iOS.
I also made some tests with private (publicly not accessable) CA (my lab Microsoft 2008 CA). MAC OS X is working fine, but iOS again complains and cannot verify certificate. I am even not sure which certificate iOS is complaining about: client or VPN Server?
Any idea how to solve this issue? Must I use root CA from the official List of available trusted root certificates in iOS 9?
Marcony