I am trying to establish a connection using NetworkExtension and NEVPNProtocolIKEv2. It needs to work on an iOS device. I have a test.mobileconfig file and I have set up all configurations based on its content. However, I am unsure how to assign the value for identityData. I have tried multiple methods, but each time, I receive the following errors on my server: "ikev2-cp"[200] "my_ip_address" #1387: Peer attempted EAP authentication, but IKE_AUTH is required "ikev2-cp"[200] "my_ip_address" #1387: responding to IKE_AUTH message (ID 1) from "my_ip_address" with encrypted notification AUTHENTICATION_FAILED "ikev2-cp"[200] "my_ip_address" #1387: encountered fatal error in state STATE_V2_PARENT_R1 First of all, I used the first PayloadContent value inside the .mobileconfig file that I tested. I should mention that there is a certificate inside the file. However, the certificate is not password-protected. func getIKEv2Protocol(address: NSString, username: NSString, password: NSString) -> NEVPNProtocolIPSec { let p = NEVPNProtocolIKEv2() let kcs = KeychainService() p.certificateType = .RSA p.authenticationMethod = .certificate kcs.save(key: "ikev2_password", value: password as String) p.passwordReference = kcs.load(key: "ikev2_password") p.identityDataPassword = "cHH....B3" p.ikeSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM p.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA256 p.ikeSecurityAssociationParameters.diffieHellmanGroup = .group19 p.ikeSecurityAssociationParameters.lifetimeMinutes = 1410 p.childSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM p.childSecurityAssociationParameters.integrityAlgorithm = .SHA256 p.childSecurityAssociationParameters.diffieHellmanGroup = .group19 p.childSecurityAssociationParameters.lifetimeMinutes = 1410 if let certData = Data(base64Encoded: base64String) { p.identityData = certData p.authenticationMethod = .certificate } p.serverCertificateIssuerCommonName = "***" p.serverCertificateCommonName = "***-2" p.deadPeerDetectionRate = .medium p.disableRedirect = true p.enableRevocationCheck = false p.useExtendedAuthentication = true p.remoteIdentifier = address as String p.localIdentifier = username as String p.serverAddress = address as String p.enablePFS = false return p; } and let vpnManager = NEVPNManager.shared() // inside > vpnManager.loadFromPreferences { (error) -> Void in let p = self.getIKEv2Protocol(address: address, username: username, password: password) vpnManager.protocolConfiguration = p vpnManager.localizedDescription = "IKEv2 VPN" vpnManager.isEnabled = true vpnManager.saveToPreferences(completionHandler: { (error) -> Void in ... vpnManager.loadFromPreferences(completionHandler: { error in ... try vpnManager.connection.startVPNTunnel() // And this section starts without any errors. How can I properly provide the value for p.identityData and .mobileconfig password? Please explain in detail if there is an answer, as I am inexperienced with Swift and VPNs.