macos Sonoma broke IKEv2, reconnects every 24-48 minutes #1486

0x-2a · 2023-11-08T16:53:41Z

Checklist

I read the README
I read the Important notes
I followed instructions to configure VPN clients
I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status
I searched existing Issues
This bug is about the VPN setup scripts, and not IPsec VPN itself

Describe the issue
It seems to be the case only with the new ikev2 vpn profiles created after Sonoma upgrade. The old profiles installed before continue to work fine. VPN disconnects and reconnects once every 24-48 minutes (even with 14.1.1 update). Many issues reported for other VPNs running ikev, e.g. a quick search.

To Reproduce
Steps to reproduce the behavior:

Create new AWS instance, run install script, download profile (do not reuse old profile)
Install on mac running Sonoma
Connect to vpn
Wait 24-48 minutes
See disconnect and reconnet

Expected behavior
No reconnects

Logs

Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174 #104: proposal number was 3 but 1 expected
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174 #104: partial list of remote proposals: 3:IKE:[wrong-protonum]
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174 #104: responding to CREATE_CHILD_SA message (ID 8) from 172.217.0.174:4500 with encrypted notification INVALID_SYNTAX
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174 #101: encountered fatal error in state STATE_V2_ESTABLISHED_IKE_SA
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174 #103: ESP traffic information: in=2MiB out=16MiB
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174 #101: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2880.313623s and NOT sending notification
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[45] 172.217.0.174: deleting connection instance with peer 172.217.0.174 {isakmp=#0/ipsec=#0}
Nov  9 09:31:04 ip-10-0-0-4 pluto[1299]: packet from 172.217.0.174:4500: INFORMATIONAL request has no corresponding IKE SA; message dropped
Nov  9 09:31:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #105: proposal 3:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256[first-match] 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048
Nov  9 09:31:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #105: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=DH19}
Nov  9 09:31:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #105: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov  9 09:31:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #105: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov  9 09:31:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #106: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=0d9dc64c chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Nov  9 09:31:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #106: responder established Child SA using #105; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0d9dc64c <0x18341399 xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}

Nov  9 09:55:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #107: proposal 2:ESP=AES_GCM_C_256-DISABLED SPI=01e6bb1f chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=ECP_256;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]
Nov  9 09:55:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #107: responder rekeyed Child SA #106 using #105; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x01e6bb1f <0xff1f1485 xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}
Nov  9 09:55:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #106: ESP traffic information: in=1MiB out=3MiB

Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #108: proposal number was 3 but 1 expected
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #108: partial list of remote proposals: 3:IKE:[wrong-protonum]
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #108: responding to CREATE_CHILD_SA message (ID 8) from 172.217.0.174:4500 with encrypted notification INVALID_SYNTAX
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #105: encountered fatal error in state STATE_V2_ESTABLISHED_IKE_SA
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #107: ESP traffic information: in=6MiB out=83MiB
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174 #105: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2880.299126s and NOT sending notification
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[46] 172.217.0.174: deleting connection instance with peer 172.217.0.174 {isakmp=#0/ipsec=#0}
Nov  9 10:19:05 ip-10-0-0-4 pluto[1299]: packet from 172.217.0.174:4500: INFORMATIONAL request has no corresponding IKE SA; message dropped
Nov  9 10:19:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #109: proposal 3:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256[first-match] 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048
Nov  9 10:19:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #109: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=DH19}
Nov  9 10:19:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #109: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov  9 10:19:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #109: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov  9 10:19:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #110: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=0316c9d2 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Nov  9 10:19:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #110: responder established Child SA using #109; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0316c9d2 <0x0c0da710 xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}

Nov  9 10:43:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #111: proposal 2:ESP=AES_GCM_C_256-DISABLED SPI=00e3cf49 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=ECP_256;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]
Nov  9 10:43:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #111: responder rekeyed Child SA #110 using #109; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x00e3cf49 <0x87ebb4cf xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}
Nov  9 10:43:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #110: ESP traffic information: in=9MiB out=62MiB

Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #112: proposal number was 3 but 1 expected
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #112: partial list of remote proposals: 3:IKE:[wrong-protonum]
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #112: responding to CREATE_CHILD_SA message (ID 8) from 172.217.0.174:4500 with encrypted notification INVALID_SYNTAX
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #109: encountered fatal error in state STATE_V2_ESTABLISHED_IKE_SA
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #111: ESP traffic information: in=5MiB out=48MiB
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174 #109: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2880.274904s and NOT sending notification
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[47] 172.217.0.174: deleting connection instance with peer 172.217.0.174 {isakmp=#0/ipsec=#0}
Nov  9 11:07:07 ip-10-0-0-4 pluto[1299]: packet from 172.217.0.174:4500: INFORMATIONAL request has no corresponding IKE SA; message dropped
Nov  9 11:07:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #113: proposal 3:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256[first-match] 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048
Nov  9 11:07:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #113: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=DH19}
Nov  9 11:07:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #113: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov  9 11:07:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #113: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov  9 11:07:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #114: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=07c9aaa4 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Nov  9 11:07:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #114: responder established Child SA using #113; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x07c9aaa4 <0x3d932aba xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}

Nov  9 11:31:09 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #115: proposal 2:ESP=AES_GCM_C_256-DISABLED SPI=086d93da chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=ECP_256;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]
Nov  9 11:31:09 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #115: responder rekeyed Child SA #114 using #113; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x086d93da <0x2347f691 xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}
Nov  9 11:31:09 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #114: ESP traffic information: in=2MiB out=63MiB
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #116: proposal number was 3 but 1 expected
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #116: partial list of remote proposals: 3:IKE:[wrong-protonum]
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #116: responding to CREATE_CHILD_SA message (ID 8) from 172.217.0.174:4500 with encrypted notification INVALID_SYNTAX
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #113: encountered fatal error in state STATE_V2_ESTABLISHED_IKE_SA
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #115: ESP traffic information: in=49MiB out=160MiB
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174 #113: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2880.290151s and NOT sending notification
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[48] 172.217.0.174: deleting connection instance with peer 172.217.0.174 {isakmp=#0/ipsec=#0}
Nov  9 11:55:08 ip-10-0-0-4 pluto[1299]: packet from 172.217.0.174:4500: INFORMATIONAL request has no corresponding IKE SA; message dropped
Nov  9 11:55:10 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[49] 172.217.0.174 #117: proposal 3:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256[first-match] 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048
Nov  9 11:55:10 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[49] 172.217.0.174 #117: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=DH19}
Nov  9 11:55:10 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[49] 172.217.0.174 #117: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov  9 11:55:10 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[49] 172.217.0.174 #117: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov  9 11:55:10 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[49] 172.217.0.174 #118: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=0222cacb chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Nov  9 11:55:10 ip-10-0-0-4 pluto[1299]: "ikev2-cp"[49] 172.217.0.174 #118: responder established Child SA using #117; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0222cacb <0xef2933b3 xfrm=AES_GCM_16_256-NONE NATD=172.217.0.174:4500 DPD=active}

Server (please complete the following information)

OS: Amazon Linux 2
Hosting provider (if applicable): AWS

Client (please complete the following information)

Device: mac
OS: 14.1.1
VPN mode: [IPsec/L2TP, IPsec/XAuth ("Cisco IPsec") or IKEv2]

Additional context
After some searching around the web, I found this, which mentions:

For new profiles, Sonoma will not consider the SecurityAssociationParameters and force to use Opportunistic PFS = YES and DH = (RandomECP256).

The text was updated successfully, but these errors were encountered:

hwdsl2 · 2023-11-10T03:14:36Z

@0x-2a Thank you for reporting and providing details in this issue. Looking at the related discussion thread and provided logs, this is most likely a bug in macOS Sonoma, which might be sending incorrect parameters during IKEv2 rekey. Libreswan may have rejected the rekey request because it is incorrect.

I am not sure if this issue can be worked around on the VPN server side. I would suggest that you instead report this bug to Apple and ask for a fix on their side.

@letoams Please take a look to see if you have any suggestions on this issue.

hwdsl2 · 2023-11-10T05:52:10Z

@0x-2a As a workaround, try:

Edit /etc/ipsec.d/ikev2.conf on your VPN server. Find the lines ike=... and phase2alg=..., and replace them with the following, indented by two spaces:

  ike=aes256-sha2_256;dh19,aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
  phase2alg=aes256-sha2_256,aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2

In the same file, change pfs=no to pfs=yes.
Save the file and run sudo service ipsec restart.

Let us know if this workaround works for you.

References: [1] [2]

0x-2a · 2023-11-10T22:18:11Z

@hwdsl2 had some disconnects with that, but after playing with it a bit and reading some apple docs I was able to get a stable connection for 5+ hours now... edit ... still seem to get random disconnects when protocol 3 resolves instead of 1

On the server I set these values in /etc/ipsec.d/ikev2.conf

  # EDIT these did not work
  #pfs=yes
  #ike=aes256-sha2_256;dh19  
  #phase2alg=aes256-sha2_256
  
  ### EDIT this did!
  pfs=no
  ike=AES_GCM_C_256-HMAC_SHA2_256-ECP_256
  phase2alg=AES_GCM_C_256

And then locally on vpnclient.mobileconfig I changed these three keys' values:

        <key>ChildSecurityAssociationParameters</key>
        <dict>
          <key>DiffieHellmanGroup</key>
          <integer>19</integer>
          <key>EncryptionAlgorithm</key>
          <string>AES-256</string>
          <key>IntegrityAlgorithm</key>
          <string>SHA2-256</string>
          <key>LifeTimeInMinutes</key>
          <integer>1440</integer>
        </dict>

        <key>EnablePFS</key>
        <integer>1</integer>

        <key>IKESecurityAssociationParameters</key>
        <dict>
          <key>DiffieHellmanGroup</key>
          <integer>19</integer>
          <key>EncryptionAlgorithm</key>
          <string>AES-256</string>
          <key>IntegrityAlgorithm</key>
          <string>SHA2-256</string>
          <key>LifeTimeInMinutes</key>
          <integer>1440</integer>
        </dict>

https://developer.apple.com/documentation/devicemanagement/vpn/ikev2/ikesecurityassociationparameters
https://developer.apple.com/documentation/devicemanagement/vpn/ikev2/childsecurityassociationparameters

hwdsl2 · 2023-11-11T04:09:01Z

@0x-2a Thank you for the update. Just to confirm: You did not need to append ;dh19 to the end of ike=aes256-sha2_256 for it to work, right? I plan to add this to the troubleshooting section.

@0x-2a

- Add a troubleshooting section on macOS Sonoma disconnect issues. Ref: #1486. Thanks @0x-2a!

0x-2a · 2023-11-13T19:01:41Z

@hwdsl2 I've retested today, and indeed the ;dh19 is required. It is important to delete the old Profile on macos, because macos seems to cache some part of the old profile. I've updated my comment above. After the profile is cached, it seems somewhat random that macos client connects with protocol 1 instead of 3. Still getting disconnects, but somewhat random.

Edit: server logs should show proposal 1 accepted, not 3

# On VPN Server
# Pull last 3 proposal lines
sudo grep pluto /var/log/secure | grep proposal | tail -3

# Correct Output
 proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_256-ECP_256 SPI=747501102a70bac7 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256[first-match]
 proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=00da11ad chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]

DunhamGitHub · 2023-11-24T13:16:10Z

Short: I downgraded to Monterey because of this (Ventura is to buggy)

Long:
For me, these (multiple) problems with Sonoma (and every buggy minor and major release) and VPN are just the tip of the ice berg. I can't just request my IT department (which is I) and its 100 connected employees to update the old-school Zyxel Routers to support DH >14 (that's just ridiculous). Max is DH 14, which Sonoma does not support.
I am just so fed up with these untested releases ...beta releases are available, it seems though no-one tests them. I have waited until 14.1.1 to upgrade from Ventura, still, forced to downgrade (wipe my whole SSD and waste 1-work-day to reinstall all the Apps and configs).

0x-2a · 2023-11-26T18:30:23Z

@DunhamGitHub agreed. After letting some time go by, this is not the full fix because we're still seeing somewhat arbitrary disconnects, just less than the first every-24-minute issue.

0x-2a · 2023-12-06T20:43:51Z

Edit later: removing the xml values works better

@hwdsl2 @DunhamGitHub finally solved this with some help from @cagney over at libreswan libreswan/libreswan#1450

In my /etc/ipsec.d/ikev2.conf I set:

  rekey=no
  pfs=no

  # Choose ike based on logs 
  #   `sudo grep pluto /var/log/secure | grep pluto | grep proposal`
  # 
  # Sonoma may send proposal without integrity algorithm, some variants I tested:
  #  XML with AES-256, SHA2-256, dh14
  #     ike=AES_CBC_256-HMAC_SHA2_256_128-HMAC_SHA2_256-MODP2048
  #  XML with AES-256, SHA2-256, dh19
  #     ike=AES_GCM_C_256-HMAC_SHA2_256-ECP_256
  #     ike=AES_CBC_256-HMAC_SHA2_256_128-HMAC_SHA2_256-ECP_256
  # 
  # NOTE: this is technically wrong, intentionally mismatching to workaround the bug
  #   other clients (e.g. iOS) working properly will not be able to connect
  ike=AES_GCM_C_256-HMAC_SHA2_256-ECP_256
  esp=AES_GCM_C_256 
  #phase2alg is same as esp

In our macos/ios vpn profiles remove these sections to allow defaults

<key>EnablePFS</key>
<integer>0</integer>

<key>IKESecurityAssociationParameters</key>
<dict>
  <key>DiffieHellmanGroup</key>
  <integer>19</integer>
  <key>EncryptionAlgorithm</key>
  <string>AES-256</string>
  <key>IntegrityAlgorithm</key>
  <string>SHA2-256</string>
  <key>LifeTimeInMinutes</key>
  <integer>1440</integer>
</dict>

<key>ChildSecurityAssociationParameters</key>
<dict>
  <key>DiffieHellmanGroup</key>
  <integer>19</integer>
  <key>EncryptionAlgorithm</key>
  <string>AES-256</string>
  <key>IntegrityAlgorithm</key>
  <string>SHA2-256</string>
  <key>LifeTimeInMinutes</key>
  <integer>1440</integer>
</dict>

letoams · 2023-12-06T21:28:23Z

On Wed, 6 Dec 2023, Joshua Hibschman wrote: @hwdsl2 @DunhamGitHub finally solved this with some help from libreswan libreswan/libreswan#1450 In my /etc/ipsec.d/ikev2.conf I set: rekey=no pfs=no ike=AES_GCM_C_256-HMAC_SHA2_256-ECP_256 phase2alg=AES_GCM_C_256 In our macos/ios vpn profiles I set these xml values: <key>EnablePFS</key> <integer>0</integer> <key>ChildSecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>19</integer> <key>EncryptionAlgorithm</key> <string>AES-256</string>

That should be: AES-256-GCM

<key>IntegrityAlgorithm</key> <string>SHA2-256</string>

This should be removed.

<key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>IKESecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>19</integer> <key>EncryptionAlgorithm</key> <string>AES-256</string>

This should be AES-256-GCM

<key>IntegrityAlgorithm</key> <string>SHA2-256</string>

This technically is wrong and should be removed, but apple seems to reuse- integrity as the PRF. so leave it. Although on my servers I have SHA2-512 here. Paul

0x-2a · 2023-12-06T22:29:20Z

@letoams updated with words of caution

hwdsl2 · 2023-12-07T02:52:50Z

@0x-2a Thank you for the update. By the way, do you have an example mobileconfig file for "always-on VPN" (instead of "VPN on demand")? I think @cpujoe was looking for an example earlier.

0x-2a · 2023-12-07T14:22:09Z

@hwdsl2 @cpujoe yeah look for <key>OnDemandEnabled</key> in the vpnprofile mobileconfig xml and set the key after to <integer>1</integer>. Make sure the OnDemandRules after are what you want.

The whole block looks like this, which set "always-on VPN" for all Wifi connections, but not Cellular. Don't enable cellular, if you're in a low-coverage area your phone will work on reconnecting that VPN, causing problems with voice-over-lte (which for US carriers like Verizon is a vpn tunnel itself).

        <key>OnDemandEnabled</key>
        <integer>1</integer>
        <key>OnDemandRules</key>
        <array>
          <dict>
            <key>InterfaceTypeMatch</key>
            <string>WiFi</string>
            <key>URLStringProbe</key>
            <string>http://captive.apple.com/hotspot-detect.html</string>
            <key>Action</key>
            <string>Connect</string>
          </dict>
          <dict>
            <key>InterfaceTypeMatch</key>
            <string>Cellular</string>
            <key>Action</key>
            <string>Disconnect</string>
          </dict>
          <dict>
            <key>Action</key>
            <string>Ignore</string>
          </dict>
        </array>

Or you can do it through the UI, on macOS it's buried under the i.

On iOS, similar route:

Settings > General > VPN & Device > VPN > hit the i next to your VPN > Connect on Demand Toggle

cpujoe · 2023-12-07T15:15:49Z

Here is an example of an "AlwaysOn" configuration that I found. https://github.com/foot-gun/mobileconfig/blob/master/paranoid.mobileconfig /Joe

…

On Thu, Dec 7, 2023 at 9:22 AM Joshua Hibschman ***@***.***> wrote: @hwdsl2 <https://github.com/hwdsl2> @cpujoe <https://github.com/cpujoe> yeah look for <key>OnDemandEnabled</key> in the XML and set the key after to <integer>1</integer>. Make sure the OnDemandRules after are what you want. The whole block looks like this, which set "always-on VPN" for all Wifi connections, but not Cellular. Don't enable cellular, if you're in a low-coverage area your phone will work on reconnecting that VPN, causing problems with voice-over-lte (which for US carriers like Verizon is a vpn tunnel itself). <key>OnDemandEnabled</key> <integer>1</integer> <key>OnDemandRules</key> <array> <dict> <key>InterfaceTypeMatch</key> <string>WiFi</string> <key>URLStringProbe</key> <string>http://captive.apple.com/hotspot-detect.html</string> <key>Action</key> <string>Connect</string> </dict> <dict> <key>InterfaceTypeMatch</key> <string>Cellular</string> <key>Action</key> <string>Disconnect</string> </dict> <dict> <key>Action</key> <string>Ignore</string> </dict> </array> Or you can do it through the UI, on macOS it's buried under the i. Screenshot.2023-12-07.at.9.18.52.AM.png (view on web) <https://github.com/hwdsl2/setup-ipsec-vpn/assets/1032983/305e9d9c-cb78-4587-8dc9-73493ec9d3f6> On iOS, similar route: - Settings > General > VPN & Device > VPN > hit the i next to your VPN > Connect on Demand Toggle — Reply to this email directly, view it on GitHub <#1486 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIKPUER4QO7UIABEEGYPW3YIHGJ3AVCNFSM6AAAAAA7DGQ4WOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBVGQZDSNRWGA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

- Update VPN ciphers for compatibility with macOS 14 (Sonoma). Ref: #1486, libreswan/libreswan#1450

alexeyshurygin · 2024-01-14T12:26:02Z

Here's a solution that works without VPN server changes (you might not have access to it) and any Mac OS configuration.

0x-2a closed this as completed Nov 8, 2023

0x-2a reopened this Nov 9, 2023

0x-2a changed the title ~~macos Sonoma 14.1 broke IKEv2, reconnects every 24 minutes (update: may be fixed already in 14.1.1)~~ macos Sonoma 14.1 broke IKEv2, reconnects every 24 minutes Nov 9, 2023

0x-2a changed the title ~~macos Sonoma 14.1 broke IKEv2, reconnects every 24 minutes~~ macos Sonoma broke IKEv2, reconnects every 48 minutes Nov 9, 2023

0x-2a changed the title ~~macos Sonoma broke IKEv2, reconnects every 48 minutes~~ macos Sonoma broke IKEv2, reconnects every 24-48 minutes Nov 9, 2023

hwdsl2 closed this as completed Nov 10, 2023

hwdsl2 added a commit that referenced this issue Nov 11, 2023

Update docs

9622f72

- Add a troubleshooting section on macOS Sonoma disconnect issues. Ref: #1486. Thanks @0x-2a!

0x-2a mentioned this issue Dec 6, 2023

help: macOS 14 Sonoma bug breaking conns every 24/48 minutes, rekey no proposal libreswan/libreswan#1450

Open

hwdsl2 added a commit that referenced this issue Dec 10, 2023

Improve VPN ciphers

5a9402b

- Update VPN ciphers for compatibility with macOS 14 (Sonoma). Ref: #1486, libreswan/libreswan#1450

0x-2a mentioned this issue Dec 12, 2023

FB13453582: macOS 14 Sonoma ikev2 vpn rekey sends invalid proposals, causing a disconnect every 24/48 minutes, error NoProposalChosen feedback-assistant/reports#448

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

macos Sonoma broke IKEv2, reconnects every 24-48 minutes #1486

macos Sonoma broke IKEv2, reconnects every 24-48 minutes #1486

0x-2a commented Nov 8, 2023 •

edited

hwdsl2 commented Nov 10, 2023

hwdsl2 commented Nov 10, 2023 •

edited

0x-2a commented Nov 10, 2023 •

edited

hwdsl2 commented Nov 11, 2023

0x-2a commented Nov 13, 2023 •

edited

DunhamGitHub commented Nov 24, 2023

0x-2a commented Nov 26, 2023

0x-2a commented Dec 6, 2023 •

edited

letoams commented Dec 6, 2023 via email

0x-2a commented Dec 6, 2023 •

edited

hwdsl2 commented Dec 7, 2023

0x-2a commented Dec 7, 2023 •

edited

cpujoe commented Dec 7, 2023 via email

alexeyshurygin commented Jan 14, 2024

macos Sonoma broke IKEv2, reconnects every 24-48 minutes #1486

macos Sonoma broke IKEv2, reconnects every 24-48 minutes #1486

Comments

0x-2a commented Nov 8, 2023 • edited

hwdsl2 commented Nov 10, 2023

hwdsl2 commented Nov 10, 2023 • edited

0x-2a commented Nov 10, 2023 • edited

hwdsl2 commented Nov 11, 2023

0x-2a commented Nov 13, 2023 • edited

DunhamGitHub commented Nov 24, 2023

0x-2a commented Nov 26, 2023

0x-2a commented Dec 6, 2023 • edited

letoams commented Dec 6, 2023 via email

0x-2a commented Dec 6, 2023 • edited

hwdsl2 commented Dec 7, 2023

0x-2a commented Dec 7, 2023 • edited

cpujoe commented Dec 7, 2023 via email

alexeyshurygin commented Jan 14, 2024

0x-2a commented Nov 8, 2023 •

edited

hwdsl2 commented Nov 10, 2023 •

edited

0x-2a commented Nov 10, 2023 •

edited

0x-2a commented Nov 13, 2023 •

edited

0x-2a commented Dec 6, 2023 •

edited

0x-2a commented Dec 6, 2023 •

edited

0x-2a commented Dec 7, 2023 •

edited