Can no longer connect to AWS Hub via MX Meraki Client VPN after MacOS 13 Upgrade

RobY
New here

Can no longer connect to AWS Hub via MX Meraki Client VPN after MacOS 13 Upgrade

Upgraded a machine to MacOS 13 Official Release and now the machine will not connect to AWS Hub sites over VPN.

 

All other traffic seems to work fine.

 

Works on network.

 

Any thoughts?

 

 

7 Replies 7
Ryan_Miles
Meraki Employee
Meraki Employee

What specifically is the error? Throughout all the Ventura betas the native L2TP VPN client would break (when previously working) and not allow config through the settings page. The fix is to create a VPN config using Apple Configurator or push a VPN config from a MDM like Meraki SM or another platform.

 

The Apple Configurator option is pretty easy and the app is free.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
RobY
New here

Just get this now.  Everything worked on 12.6 and the previous versions.  We use Sentry authentication on machines and I re-pushed all profiles made in Apple Business Manager to the machine...

 

RobY_0-1666983336653.png

 

alemabrahao
Kind of a big deal
Kind of a big deal

Are you talking about Client VPN?

 

look at this information:

 

The instructions below are tested on Mac OS 10.7.3 (Lion).

 

 

macOS

Currently, only the following authentication mechanisms are supported:

  • User authentication: Active Directory (AD), RADIUS, or Meraki-hosted authentication
  • Machine authentication: Preshared keys (e.g. shared secret)

When using Meraki-hosted authentication, the VPN account/username setting on client devices (e.g. PC or Mac) is the user email address entered in the dashboard.

The instructions below are tested on Mac OS 10.7.3 (Lion).

Open System Preferences > Network from the Mac applications menu. Click the "+" button to create a new service, select VPN as the interface type, and choose L2TP over IPsec from the pull-down menu.

  • Server Address: Enter the hostname (e.g. .com) or the active WAN IP (e.g. XXX.XXX.XXX)Hostname is encouraged instead of active WAN IP because it is more reliable in cases of WAN failover. Admin can find them in the dashboard under Security appliance > Monitor Appliance status.
  • Account Name: Enter the account name of the user (based on AD, RADIUS, or Meraki cloud authentication).
 

 

 
 
Click Authentication Settings and provide the following information:
  • User Authentication > Password: User password (based on AD, RADIUS or Meraki cloud authentication).
  • Machine Authentication > Shared Secret: Enter the shared secret that admin created in Security appliance > Configure Client VPN settings.
 

 

 
 
Click OK to go back to the main VPN settings page, then click Advanced and enable the Send all traffic over VPN connection option.
 
 
alemabrahao_4-1666980234285.png

 

The VPN connectivity will not be established if you don't enable the Send all traffic over VPN connection option.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RobY
New here

All of that is pushed via profiles from Apple Business Manager and Meraki using sentry (not user configurable).  Worked the day before and stopped working the day of the update to MacOS 13...

Brash
Kind of a big deal
Kind of a big deal

It's quite possible there's a change in Ventura that has broken VPN.

As @Ryan_Miles  mentioned, the beta had lots of issues with VPN breaking.

Additionally a heap of active monitoring security agents and EDR software stopped working too.

 

Worth opening a case with Meraki support. If they're seeing it as a widespread issue there'll be more traction on getting it diagnosed and resolved 

RobY
New here

Yeah, I submitted a case just now...  We'll see where that leads...

mxp
New here

Hello

did you find a solution? I'm in the same situation.

 

Best Regards

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels