Unable to install IKEv2 .mobileconfig file on iOS/macOS

[macbethfan]

Checklist

• [X] I read the README
• [X] I read the Important notes
• [X] I followed instructions to configure VPN clients
• [X] I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status
• [X] I searched existing Issues
• [X] This bug is about the VPN setup scripts, and not IPsec VPN itself

Describe the issue I had a previous Docker container installation of the IKEv2 VPN installed on macOS and iOS. It stopped working today on both platforms, so I decided to remove the container and image and start fresh. The issue arises after copying the 'vpnclient.mobileconfig' file from inside Docker to my root folder. When I copy that file over to macOS or iOS, I cannot get it to install. I notice the profile name contains the old IP Address for my old IKEv2 instance, and it's requiring a password to install on both platforms.

To Reproduce Steps to reproduce the behavior:

1) After clicking to install profile (macOS Sonoma) and going to 'Settings' -> 'Profiles', I see "IKEv2 VPN ##.##.###.##, which is the old IP address for IKEv2 instance I had previously. If I look at the logs, I can see the actual VPN server address for IKEv2 as a totally different address.

2) I can't complete installation because the profile is demanding a password for the certificate "vpnclient". I have no idea what password that could be, as I've never had to do this previously. If I airdrop the file to iOS, it does the same thing.

Expected behavior A clear and concise description of what you expected to happen.

I'm expecting to follow the directions in ikev2-howto.md and then the VPN should work as normal. I've used this Docker script for years without issue.

Logs Check logs and VPN status, and add error logs to help explain the problem, if applicable.

Server (please complete the following information)

• OS: Debian 11

Client (please complete the following information)

• Device: iPhone 15 Pro Max, M1 MacBook Air
• OS: iOS 17 and macOS 14
• VPN mode: IKEv2

[hwdsl2]

@macbethfan Hello! If you were running the Docker image without using privileged mode, you may have encountered this recent issue, please see more details including 3 workaround options at the link. It looks like you've already created a new Docker container, so this may not be needed.

For your .mobileconfig file import issue, try one of the following options:

Option 1: Permanently delete all VPN data and IKEv2 certificates, and start over with a new Docker container. For detailed steps, browse to this README section, expand "Remove IKEv2 and set it up again using custom options" and refer to "Option 2: Remove ikev2-vpn-data and re-create the container" inside that section. Warning: This will permanently delete all your VPN data.

Option 2: Change IKEv2 server address to your new server IP. For detailed steps, browse to this README section, expand "Learn how to change the IKEv2 server address". After that, re-generate the .mobileconfig file(s) using sudo ikev2.sh, and import the new file to your client device.

[macbethfan]

Thank for the help! It was the VPN data that gave me all the trouble. Everything installed smoothly after deleting the data and starting fresh.