IKEv2 VPN connection fails with IKE_SA_INIT NEIKEv2ProtocolErrorDomain "NoProposalChosen"

Hi, I often use a VPN connection by connecting through my Windows 11 pc. It would be very convenient for me to be able to connect from mac.

The VPN server is a Windows 2012 R2, the connection is created via routing and remote access.

The connection type is IKEv2. Authentication is by username and password only.

As mentioned Windows 11 pcs connect without problems.

If I try to connect from mac (Sonoma 14.0), the connection ends instantly with these errors in the LOG:

>>[IKE_SA_INIT R resp0 994E2089D715CEEC-F426465324CAB801] Initiator init received notify error Error Domain=NEIKEv2ProtocolErrorDomain Code=14 "NoProposalChosen" UserInfo={NSDebugDescription=NoProposalChosen}

>>IKEv2IKESA[1.1, 994E2089D715CEEC-0000000000000000] state Connecting -> Disconnected error (null) -> Error Domain=NEIKEv2ProtocolErrorDomain Code=14 "NoProposalChosen" UserInfo={NSDebugDescription=NoProposalChosen}

>>IKEv2Session[1, 994E2089D715CEEC-0000000000000000] Failed to process IKE SA Init packet (connect)

>>IKEv2IKESA[1.1, 994E2089D715CEEC-0000000000000000] not changing state Disconnected nor error Error Domain=NEIKEv2ProtocolErrorDomain Code=14 "NoProposalChosen" UserInfo={NSDebugDescription=NoProposalChosen} -> Error Domain=NEIKEv2ErrorDomain Code=6 "PeerInvalidSyntax: Failed to process IKE SA Init packet (connect)" UserInfo={NSLocalizedDescription=PeerInvalidSyntax: Failed to process IKE SA Init packet (connect)}

ChildSA[1, (null)-(null)] state Connecting -> Disconnected error (null) -> Error Domain=NEIKEv2ProtocolErrorDomain Code=14 "NoProposalChosen" UserInfo={NSDebugDescription=NoProposalChosen}
Up vote post of mattia.l Down vote post of mattia.l
343 views
Posted by
mattia.l
Reply
Add a Comment

Replies

I tried now to configure the VPN via Apple Configurator, but if I set "machine authentication" to none the profile won't install.

While "certificate" and "shared secret" in my case are not suitable

Posted by
mattia.l
Up vote reply of mattia.l Down vote reply of mattia.l
Add a Comment

DevForums is primary focused on the APIs in Apple’s various platform SDKs. AFAICT you’re trying to configure this directly from the UI, so you might have better luck asking this question over in the Apple Support Community, run by Apple Support, and specifically in the Business and Education topic area. You’re more likely to find folks with VPN experience over there.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment