This is probably more a Mac issue than an IPFire CU201 issue but I am wondering if Mac users in the Community are seeing the same. (There is a small possibility it is related to IPFire but I cannot find it)
I was on Mac OS Tahoe 26.4.1 and my IPSec VPN connections were created on May 8, installed and tested and all worked A-OK.
But after upgrading to MacOS Tahoe 26.5 on May 17, I can no longer get newly installed .mobileconfig IPSec VPN files to connect.
I see these messages on the IPFire CU201 device when I try to connect:
[root@ipfire ~] # tail -f /var/log/messages | grep -i "charon"
May 19 13:28:23 ipfire charon: 14[NET] received packet: from 192.168.60.211[500] to 76.1.2.3[500] (438 bytes)
May 19 13:28:23 ipfire charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
May 19 13:28:23 ipfire charon: 14[IKE] 192.168.60.211 is initiating an IKE_SA
May 19 13:28:23 ipfire charon: 14[IKE] 192.168.60.211 is initiating an IKE_SA
May 19 13:28:23 ipfire charon: 14[CFG] selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
May 19 13:28:23 ipfire charon: 14[IKE] sending cert request for "C=US, O=home, CN=home CA"
May 19 13:28:23 ipfire charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
May 19 13:28:23 ipfire charon: 14[NET] sending packet: from 76.1.2.3[500] to 192.168.60.211[500] (489 bytes)
May 19 13:28:24 ipfire charon: 13[NET] received packet: from 192.168.60.211[4500] to 76.1.2.3[4500] (544 bytes)
May 19 13:28:24 ipfire charon: 13[ENC] parsed IKE_AUTH request 1 [ EF(1/5) ]
May 19 13:28:24 ipfire charon: 13[ENC] received fragment #1 of 5, waiting for complete IKE message
May 19 13:28:24 ipfire charon: 10[NET] received packet: from 192.168.60.211[4500] to 76.1.2.3[4500] (544 bytes)
May 19 13:28:24 ipfire charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/5) ]
May 19 13:28:24 ipfire charon: 10[ENC] received fragment #2 of 5, waiting for complete IKE message
May 19 13:28:24 ipfire charon: 07[NET] received packet: from 192.168.60.211[4500] to 76.1.2.3[4500] (544 bytes)
May 19 13:28:24 ipfire charon: 07[ENC] parsed IKE_AUTH request 1 [ EF(3/5) ]
May 19 13:28:24 ipfire charon: 07[ENC] received fragment #3 of 5, waiting for complete IKE message
May 19 13:28:24 ipfire charon: 01[NET] received packet: from 192.168.60.211[4500] to 76.1.2.3[4500] (544 bytes)
May 19 13:28:24 ipfire charon: 01[ENC] parsed IKE_AUTH request 1 [ EF(4/5) ]
May 19 13:28:24 ipfire charon: 01[ENC] received fragment #4 of 5, waiting for complete IKE message
May 19 13:28:24 ipfire charon: 09[NET] received packet: from 192.168.60.211[4500] to 76.1.2.3[4500] (417 bytes)
May 19 13:28:24 ipfire charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(5/5) ]
May 19 13:28:24 ipfire charon: 09[ENC] received fragment #5 of 5, reassembled fragmented IKE message (2345 bytes)
May 19 13:28:24 ipfire charon: 09[ENC] unknown attribute type INTERNAL_DNS_DOMAIN
May 19 13:28:24 ipfire charon: 09[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) IDr AUTH CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(MOBIKE_SUP) ]
May 19 13:28:24 ipfire charon: 09[IKE] received end entity cert "C=US, O=home, CN=JMM52home"
May 19 13:28:24 ipfire charon: 09[CFG] looking for peer configs matching 76.1.2.3[myDDNS.net]...192.168.60.211[JMM52home]
May 19 13:28:24 ipfire charon: 09[CFG] no matching peer config found
May 19 13:28:24 ipfire charon: 09[IKE] peer supports MOBIKE
May 19 13:28:24 ipfire charon: 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May 19 13:28:24 ipfire charon: 09[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
May 19 13:28:24 ipfire charon: 09[NET] sending packet: from 76.1.2.3[4500] to 192.168.60.211[4500] (65 bytes)
^C
[root@ipfire ~] #
but I cannot decipher the issues.
Note: I did find this but I do not use these algorithms:
Algorithms DES, 3DES, SHA1-96, and SHA1-160, as well as Diffie-Hellman groups less than 14, are no longer supported for IKEv2 VPNs.
What's new for enterprise in macOS Tahoe 26 - Apple Support
Does anyone else use MacOS 26.5 and have IPSec issues?