iOS VPN IKEv2 Error

I'm trying to connect to VPN programatically using IKEv2. To rule out configuration / server issue, I first created a VPN profile and tried connecting to the VPN using it. I'm able to connect to the VPN using the VPN Profile.


However, when trying out through code, I get an error with title: VPN Connection and description: An unexpected error occured.


I've posted my source code, along with the VPN profile, to github: https://github.com/liyamahendra/ikev2-vpn


Can anybody assist with fixing this issue?

Replies

To rule out configuration / server issue, I first created a VPN profile and tried connecting to the VPN using it. I'm able to connect to the VPN using the VPN Profile.

Excellent news. Getting a configuration profile working is an important first step.

However, when trying out through code, I get an error …

There are two common causes of problems like this:

  • Server trust evaluation

  • Keychain

I’ll discuss each in turn below.

With regards server trust evaluation, does you configuration profile contain a root certificate (

com.apple.security.root
) payload? If so, remove that payload and see if it still connects. If it doesn’t, you have server trust evaluation problems.

Personal VPN does not let you customise server trust evaluation. If you want your server to work with Personal VPN, you’ll have to get it a system-trusted certificate.

When putting credentials in the keychain, it’s easy to get confused. I posted some code showing how to do this on this thread. I recommend that you use that code to set up your keychain items.

If neither of these suggestions pan out, open a DTS tech support incident and I’ll take an in-depth look at your issue in that context.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you @eskimo for replying to my email and approving this post here.


I confirm that the provisioning profile with which I tested the VPN connection doesn't have a Root Certificate.


I'm going to try out the KeyChain code you referenced from another thread and post an update here.


I did try opening a DTS Tech Support Incident in first place but that didn't work. I was asked to join the MFi program and when I try to enter my email and the code, the form weirdly says email is not valid and then doesn't take up the entered image code. I think there is a bug in the form. Thought would report this. See this screencast: https://screencast.com/t/MJQCrLJJ

I tried with the VPNKeychain shared (referenced in another thread), but couldn't get this to work. Here is my updated code (in Swift): https://github.com/liyamahendra/VpnDemo/tree/master


Also, as mentioned in my previous message, not able to create a DTS Tech Support Incident, as there is some issue with the form which prevents me from joining the MFI program.


Can you advise?

Also, as mentioned in my previous message, not able to create a DTS Tech Support Incident, as there is some issue with the form which prevents me from joining the MFI program.

I’m not sure why you went down the MFi path; the MFi Program is for folks creating hardware accessories. For software questions like this one, you should be a member of the standard Apple Developer Program and then create a DTS incident from there. Specifically, go to the DTS page and click the link entitled Code-level Support.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for pointing it out. I just submitted a Code-Level Support request. My Follow-up number is: 715433261


Thanks,

Mahendra