Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article helps you troubleshoot point-to-site connectivity issues from macOS X clients that use the native macOS X VPN client and IKEv2. VPN client configuration in macOS X is very basic for IKEv2 connections and doesn't allow for much customization. There are only four settings that need to be checked:
- Server Address
- Remote ID
- Local ID
- Authentication Settings
- OS Version (10.11 or higher)
- Check the VPN client settings. Go to Settings and locate VPN.
- From the list, click the i next to the VPN entry that you want to investigate. This opens the settings configuration for the VPN connection.
- Verify that the Server Address is the complete FQDN and includes the cloudapp.net.
- The Remote ID should be the same as the Server Address (Gateway FQDN).
- The Local ID should be the same as the Subject of the client certificate.
- For Authentication, verify that "Certificate" is selected.
- Click the Select button and verify that the correct certificate is selected.
- Click OK to save any changes.
If you're still having issues, see the IKEv2 packet capture section.
- Check the VPN client settings. Go to Settings and locate VPN.
- From the list, click the i next to the VPN entry that you want to investigate. This opens the settings configuration for the VPN connection.
- Verify that the Server Address is the complete FQDN and includes the cloudapp.net.
- The Remote ID should be the same as the Server Address (Gateway FQDN).
- The Local ID can be blank.
- For Authentication, verify that "Username" is selected.
- Verify that the correct credentials are entered.
- Click OK to save any changes.
If you're still having issues, see the IKEv2 packet capture section.
Download Wireshark and perform a packet capture.
- Filter on isakmp and look at the IKE_SA packets. You should be able to look at the SA proposal details under the Payload: Security Association.
- Verify that the client and the server have a common set.
- If there's no server response on the network traces, verify you enabled IKEv2 protocol on the Azure VPN gateway. You can check by going to the Azure portal, selecting the VPN gateway, and then selecting Point-to-site configuration.
For more help, see Azure Support.