IKEv2 VPN on macOs 10.12 Sierra

When I try to configure an IKEv2 VPN on macOs Sierra the following errors occur:

nesessionmanager    Failed to find the VPN app for plugin type com.apple.neplugin.IKEv2
neagent Failed to process IKE SA Init packet

From the first line it seems it's not supported at all.

Have you experienced the same issue?


Solution 1:

In my situation, setting server-side in ipsec.conf:

 leftsendcert=always

solved the problem.

From ipsec.conf documentation:

left|rightsendcert = never | no | ifasked | always | yes

Accepted values are never or no, always or yes, and ifasked, the latter meaning that the peer must send a certificate request (CR) payload in order to get a certificate in return.

Moreover, I had to add to the Keychain the root certificate and trust it in order to validate the certificate sent by the server and I read that if you have intermediate certificates you have to trust them too.