IPSec connection failed

[lyker]

The VPN client connection works fine for the first two months after setup on Mac. But it suddenly failed recently. No config changes are made on VPN server and client side, and no VPN software updates.

The client side the /var/log/ppp.log looks like,

Wed Dec 13 22:47:21 2023 : publish_entry SCDSet() failed: Success!
Wed Dec 13 22:47:21 2023 : publish_entry SCDSet() failed: Success!
Wed Dec 13 22:47:21 2023 : l2tp_get_router_address
Wed Dec 13 22:47:21 2023 : l2tp_get_router_address 10.18.0.1 from dict 1
Wed Dec 13 22:47:21 2023 : L2TP connecting to server 'myvpnserver.softether.net' (xxx.xxx.xxx.xxx)...
Wed Dec 13 22:47:21 2023 : IPSec connection started
Wed Dec 13 22:47:21 2023 : IPSec phase 1 client started
Wed Dec 13 22:47:31 2023 : IPSec connection failed

The VPN server_log looks like,

2023-12-14 14:47:21.675 IPsec Client 254 (123.123.123.23:1011 -> 192.168.0.11:500): A new IPsec client is created.
2023-12-14 14:47:21.675 IPsec IKE Session (IKE SA) 225 (Client: 254) (205.175.106.27:1011 -> 192.168.0.11:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x9B2096064E439897, Responder Cookie: 0x34DA6639ED26C15A, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2023-12-14 14:47:24.783 IPsec Client 255 (123.123.123.23:1011 -> 192.168.0.11:500): A new IPsec client is created.
2023-12-14 14:47:24.783 IPsec IKE Session (IKE SA) 226 (Client: 255) (205.175.106.27:1011 -> 192.168.0.11:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x9B2096064E439897, Responder Cookie: 0xF76D6A6AC5AD2EF7, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2023-12-14 14:47:27.892 IPsec Client 256 (123.123.123.23:1011 -> 192.168.0.11:500): A new IPsec client is created.
2023-12-14 14:47:27.892 IPsec IKE Session (IKE SA) 227 (Client: 256) (123.123.123.23:1011 -> 192.168.0.11:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x9B2096064E439897, Responder Cookie: 0xDA2A4527AA9A62B9, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2023-12-14 14:47:30.960 IPsec Client 257 (123.123.123.23:1011 -> 192.168.0.11:500): A new IPsec client is created.
2023-12-14 14:47:30.960 IPsec IKE Session (IKE SA) 228 (Client: 257) (123.123.123.23:1011 -> 192.168.0.11:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x9B2096064E439897, Responder Cookie: 0x828ABF42481153A3, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2023-12-14 14:47:31.677 IPsec IKE Session (IKE SA) 225 (Client: 254) (123.123.123.23:1011 -> 192.168.0.11:500): This IKE SA is deleted.
2023-12-14 14:47:31.677 IPsec Client 254 (123.123.123.23:1011 -> 192.168.0.11:500): This IPsec Client is deleted.
2023-12-14 14:47:34.786 IPsec IKE Session (IKE SA) 226 (Client: 255) (123.123.123.23:1011 -> 192.168.0.11:500): This IKE SA is deleted.
2023-12-14 14:47:34.786 IPsec Client 255 (123.123.123.23:1011 -> 192.168.0.11:500): This IPsec Client is deleted.
2023-12-14 14:47:37.895 IPsec IKE Session (IKE SA) 227 (Client: 256) (123.123.123.23:1011 -> 192.168.0.11:500): This IKE SA is deleted.
2023-12-14 14:47:37.895 IPsec Client 256 (123.123.123.23:1011 -> 192.168.0.11:500): This IPsec Client is deleted.
2023-12-14 14:47:40.966 IPsec IKE Session (IKE SA) 228 (Client: 257) (123.123.123.23:1011 -> 192.168.0.11:500): This IKE SA is deleted.
2023-12-14 14:47:40.966 IPsec Client 257 (123.123.123.23:1011 -> 192.168.0.11:500): This IPsec Client is deleted.

I also tried other client such as vpncmd as vpn client on Ubuntu can connect the same server and it works fine. But why Mac client failed to connect the VPN server?

[solo]

it suddenly failed recently

Maybe it is related to recent MacOS IPSEC VPN algorithm changes in Sonoma update.