<div dir="ltr"><div class="gmail_quote"><div dir="ltr">Johannes Kastl <<a href="mailto:mail@ojkastl.de">mail@ojkastl.de</a>> wrote:<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> Everything worked fine until I<br class="gmail_msg">
> upgrade to Sierra and now I can't get this back to work. Right now<br class="gmail_msg">
> I'm assuming that MacOS Sierra indeed has some serious problems<br class="gmail_msg">
> with IKEv2.<br class="gmail_msg"></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I can get IKEv2 with EAP (username and password) working trough the<br class="gmail_msg">
GUI just fine. Does that not work for you? Or did you just try<br class="gmail_msg">
certificates?<br class="gmail_msg"></blockquote><div><br></div><div>I haven't tried the password based authentication with Sierra as I prefer certificates. But I might think about it if everything else fails.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
As OSX apparently did not understand certificates before Sierra, what<br class="gmail_msg">
kind of connection did you have before Sierra?<br></blockquote><div><br></div><div>eap-tls – and it worked fine until I upgraded to Sierra. The first problem was that the upgrade to Sierra discarded our CA certificate without telling so. That was big fun. But even after trusting the CA again the connection didn't work. The connection would be established but not traffic appeared anywhere.</div><div><br></div><div>There are other funny problems of course. Another Sierra based Mac can connect and routes everything fine but loses its connection every 8 minutes like described here:<br><br><a href="https://forum.pfsense.org/index.php?topic=118731.0">https://forum.pfsense.org/index.php?topic=118731.0</a><br></div><div><br></div><div>Exactly every 8 minutes. And we have no clue why this is happening. According to the logs on the server and the client they just disconnect without any errors. Changing the dpd values had no effect. </div></div></div>