OSX Sonoma and above OS silicon bases Macs VPN IKEv2 randomly disconnects

Are you encountering the random logout of VPN using IKEv2 on a WatchGuard running a Silicon Mac on OS Sonoma and above?

This one seems to keep popping up with an issue the Symptoms are VPN IKEv2 cuts you out at 24 min or 48m min. After testing this one on several machines I have found it cuts out on any silicon machine running Sonoma or above from a WatchGuard VPN. As for a fix well it’s a change to the VPN settings in the Watchguard and re deploy the profile to the Mac with the issue.

Points to note the old Profile will need to be deleted before you add the new one to test it. You will also need the VPN login details to add once the profile has been installed.

Here is the short take of what you need to do on the Watchguard. Please note any amendments will kick off any VPN clients.

IKEv2 Shared Settings:

Added – Phase1: AES-GCM-256bit / 24hours / DH Group 19 and moved to the top

Mobile VPN – IKEv2 Configuration:

Security / Phase2

Added ESP/SHA2-256/AES 256bit

Enable Perfect Forward Secrecy > and changing it to Diffie-Hellman Group 19

Exported IKE v2 profile from firebox and imported it into Mac (delete old Profile First)

IKEv2 Shared Settings:

Added – Phase1: AES-GCM-256bit / 24hours / DH Group 19 and moved to the top

Walkthrough on the Watchguard:

Login to the Watchguard unblock the padlock. Click on VN and IKEv2 Shared Settings, Add.

Set the details to the screen grab above.

Click on Mobile VPN – IKEv2 Configuration:

Security / Phase2 option

Added ESP/SHA2-256/AES 256bit (I found mine was already there)

Enable Perfect Forward Secrecy > and changing it to Diffie-Hellman Group 19. Again VON will cut out again for any users VPN.

With the new profile downloaded you now need to go to the Mac with the issue and install the new profile . I would recommend you delete the old profile before adding the new one. Also you will need the VPN login details as this will not come across.