Cant connect to Azure VPN from MacBook Pro

Question

Hi,
Our client using a point to site VPN, and using certificate base authentication and working fine in windows machines.
But, when tryting to conenct from MacBook, some configuration is missing and not able to connect to VPN.
Kindly help.

Answer 1

Hello @Rupendra Sagar ,

You are using a point to site VPN with certificate based authentication and it is working fine in windows machines. But, when you try to connect from MacBook, you are unable to connect to VPN.

MacOS works on IKEv2 or OpenVPN protocol. MacOS version 10.11 or above are supported with Azure point to site VPN.

So you need to enable IKEv2 on the tunnel type along with SSTP as below, if it is not done yet:

Adding IKEv2 to an existing SSTP VPN gateway will not affect existing clients and you can configure them to use IKEv2 in small batches or just configure the new clients to use IKEv2.
Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/ikev2-openvpn-from-sstp#option-1---add-ikev2-in-addition-to-sstp-on-the-gateway

IKEv2 connections are not supported on Basic SKU VPN gateway. So, if you have a Basic SKU VPN gateway, you need to upgrade your VPN gateway.

With the exception of the Basic SKU, you can resize your gateway to a gateway SKU within the same SKU family. For example, if you have a Standard SKU, you can resize to a HighPerformance SKU. However, you can't resize your VPN gateway between the old SKUs and the new SKU families. For example, you can't go from a Standard SKU to a VpnGw2 SKU, or a Basic SKU to VpnGw1.
Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-skus-legacy#resize

To change to the new gateway SKU, you need to delete the existing VPN gateway and create a new VPN gateway.
Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-skus-legacy#change

Please refer the below troubleshooting doc for Point-to-Site VPN issues on Mac OS X VPN clients? If not, please go through it to check the settings.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-point-to-site-osx-ikev2

Also, you could try changing the Authentication Settings to None & select the certificate manually as described below:

• Click on Authentication Settings to open the Authentication Settings.
• Set Authentication settings to "none"
• Select certificate
• Select your client certificate as you would normally.
• And try again.

See the below screenshot for reference:

Kindly let us know if the above helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hi @Rupendra Sagar ,

I had a similar issue (similarly on a MBP, but also from iOS so that's why I looked into it further as it was working fine from a Windows 11 computer) - I wonder if you are using the Basic VPN SKU? If so, it's because the Basic VPN doesn't support IKEv2 which is required by MacOS. Delete your VPN Gateway (it can't be upgraded because Microsoft do not support switching from the Basic SKU) and recreate with an SKU that supports IKEv2 (such as VpnGw1). Alternatively the OpenVPN Appliance is very good and cost effective.

Hopefully that fixes your problem.

Chris

Answer 3

Hi @GitaraniSharma-MSFT,

I got the same issue on the macOs Ventura 13, but it works fine on both my iOS and macOS Monterey (12).
Do you have any suggestion to solve this issue.

Thanks,