VPN connection fails with IKEv2

App & System Services Networking
ta00 OP
Created Nov ’20
Replies 2
Boosts 0
Views 2.3k
Participants 2
I am trying to connect to my VPN router with IKEv2, but I get an error and cannot connect.
The VPN router's log shows that the IKE_AUTH sequence completed successfully. However, the "User Authentication error" pops up on my iPhone.
Does anyone have any idea what is causing the error?

Here is the iPhone log related to the VPN.
"<Error>: Plugin com.apple.neplugin.IKEv2 does not have a bundle URL", what does it mean?

Code Block 
    Nov 10 18:43:39 iPhone Preferences(VPNPreferences)[174] <Notice>: +[VPNBundleController networkingIsDisabled]: Airplane mode: 0, WiFi Enabled: 1
    Nov 10 18:43:39 iPhone nesessionmanager[303] <Notice>: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]: Received a start command from Preferences[174]
    Nov 10 18:43:39 iPhone nesessionmanager[303] <Notice>: Registering session NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]
    Nov 10 18:43:39 iPhone nesessionmanager[303] <Notice>: <NESMServer: 0x100406600>: Register Enterprise VPN Session: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]
    Nov 10 18:43:39 iPhone nesessionmanager[303] <Notice>: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]: Successfully registered
    Nov 10 18:43:39 iPhone nesessionmanager[303] <Notice>: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]: status changed to connecting
    Nov 10 18:43:39 iPhone nesessionmanager[303] <Error>: Plugin com.apple.neplugin.IKEv2 does not have a bundle URL
    Nov 10 18:43:39 iPhone Preferences(VPNPreferences)[174] <Notice>: Autoconnect VPN IKEv2 state is now Connecting
    Nov 10 18:43:39 iPhone neagent[307] <Notice>: Verifying the signature of plugin at file:///System/Library/Frameworks/NetworkExtension.framework/PluginIKEv2.vpnplugin/
    Nov 10 18:43:40 iPhone neagent(NetworkExtension)[307] <Error>: Authentication data could not be verified
    Nov 10 18:43:40 iPhone neagent(NetworkExtension)[307] <Error>: Failed to process IKE Auth packet (connect)
    Nov 10 18:43:40 iPhone nesessionmanager[303] <Notice>: <NESMServer: 0x100406600>: Request to uninstall session: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]
    Nov 10 18:43:40 iPhone nesessionmanager[303] <Notice>: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]: status changed to disconnecting
    Nov 10 18:43:40 iPhone nesessionmanager[303] <Notice>: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]: Updated network agent (inactive)
    Nov 10 18:43:40 iPhone Preferences(VPNPreferences)[174] <Notice>: Autoconnect VPN IKEv2 state is now Disconnecting
    Nov 10 18:43:40 iPhone nesessionmanager[303] <Notice>: NESMIKEv2VPNSession[Autoconnect VPN IKEv2:9133F845-6E85-4989-A673-C83FF31C4CA7]: status changed to disconnected, last stop reason Authentication failed
    Nov 10 18:43:40 iPhone SpringBoard[52] <Notice>: Received request to activate alertItem: <SBUserNotificationAlert: 0x10bf47b80; title: VPN Connection; source: nesessionmanager; pid: 303>
    Nov 10 18:43:40 iPhone SpringBoard[52] <Notice>: Activation - Presenting <SBUserNotificationAlert: 0x10bf47b80; title: VPN Connection; source: nesessionmanager; pid: 303> with presenter: <SBUnlockedAlertItemPresenter: 0x2810696c0>
    Nov 10 18:43:40 iPhone Preferences(VPNPreferences)[174] <Notice>: Autoconnect VPN IKEv2 state is now Disconnected


Thank you.


Replies  2
Boosts  0
Views  2.3k
Participants  2
ta00 OP
Nov ’20
My environment is as follows.

  • iPhone 7

  • iOS version: 12.4

Profile is as follows:
Code Block xml
                <key>VPNType</key>
                <string>IKEv2</string>
                <key>IKEv2</key>
                <dict>
                    <key>AuthName</key>
                    <string></string>
                    <key>AuthPassword</key>
                    <string></string>
                    <key>AuthenticationMethod</key>
                    <string>SharedSecret</string>
                    <key>SharedSecret</key>
                    <string>Client1PreSharedKey12345678</string>
                    <key>DeadPeerDetectionRate</key>
                    <string>Low</string>
                    <key>DisableMOBIKE</key>
                    <integer>1</integer>
                    <key>DisableRedirect</key>
                    <integer>1</integer>
                    <key>EnablePFS</key>
                    <integer>0</integer>
                    <key>EnableCertificateRevocationCheck</key>
                    <integer>0</integer>
                    <key>IKESecurityAssociationParameters</key>
                    <dict>
                        <key>EncryptionAlgorithm</key>
                        <string>AES-256</string>
                        <key>IntegrityAlgorithm</key>
                        <string>SHA2-256</string>
                        <key>DiffieHellmanGroup</key>
                        <integer>14</integer>
                        <key>LifeTimeInMinutes</key>
                        <integer>480</integer>
                    </dict>
                    <key>ChildSecurityAssociationParameters</key>
                    <dict>
                        <key>EncryptionAlgorithm</key>
                        <string>AES-256</string>
                        <key>IntegrityAlgorithm</key>
                        <string>SHA2-256</string>
                        <key>DiffieHellmanGroup</key>
                        <integer>14</integer>
                        <key>LifeTimeInMinutes</key>
                        <integer>480</integer>
                    </dict>
                    <key>LocalIdentifier</key>
                    <string>client1.vpn.com</string>
                    <key>RemoteAddress</key>
                    <string>my.vpn.server.address</string>
                    <key>RemoteIdentifier</key>
                    <string>server.vpn.com</string>
                    <key>UseConfigurationAttributeInternalIPSubnet</key>
                    <integer>0</integer>
                </dict>
                <key>IPv4</key>
                <dict>
                    <key>OverridePrimary</key>
                    <integer>1</integer>
                </dict>
                <key>OnDemandEnabled</key>
                <integer>1</integer>
                <key>OnDemandRules</key>
                <array>
                    <dict>
                        <!-- VPN Default state -->
                        <key>Action</key>
                        <string>Connect</string>
                        <key>InterfaceTypeMatch</key>
                        <string>Cellular</string>
                    </dict>
                </array>
                <key>PayloadType</key>
                <string>com.apple.vpn.managed</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
            </dict>
        </array>


0
Systems Engineer OP
Apple
Nov ’20
These errors mean that you are failing to authenticate when IKEv2 Authentication is negotiating Security Association preferences for your VPN tunnel:

Code Block 
Nov 10 18:43:40 iPhone neagent(NetworkExtension)[307] <Error>: Authentication data could not be verified
Nov 10 18:43:40 iPhone neagent(NetworkExtension)[307] <Error>: Failed to process IKE Auth packet (connect)

Check this out between your VPN server and client.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
VPN connection fails with IKEv2
First post date Last post date
 
 
Q