VPN Profile installation failed

Question

I have created the VPN profile below with Apple Configuration 2, however when I try to install it from the System Settings, I'm getting the error message below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>DNS</key>
            <dict>
                <key>SupplementalMatchDomainsNoSearch</key>
                <integer>0</integer>
            </dict>
            <key>IKEv2</key>
            <dict>
                <key>AuthName</key>
                <string>john</string>
                <key>AuthenticationMethod</key>
                <string>None</string>
                <key>ChildSecurityAssociationParameters</key>
                <dict>
                    <key>DiffieHellmanGroup</key>
                    <integer>14</integer>
                    <key>EncryptionAlgorithm</key>
                    <string>AES-256</string>
                    <key>IntegrityAlgorithm</key>
                    <string>SHA2-256</string>
                    <key>LifeTimeInMinutes</key>
                    <integer>1440</integer>
                </dict>
                <key>DeadPeerDetectionRate</key>
                <string>Medium</string>
                <key>DisableMOBIKE</key>
                <integer>0</integer>
                <key>DisableRedirect</key>
                <integer>0</integer>
                <key>EnableCertificateRevocationCheck</key>
                <integer>0</integer>
                <key>EnableFallback</key>
                <integer>0</integer>
                <key>EnablePFS</key>
                <integer>0</integer>
                <key>ExtendedAuthEnabled</key>
                <true/>
                <key>IKESecurityAssociationParameters</key>
                <dict>
                    <key>DiffieHellmanGroup</key>
                    <integer>14</integer>
                    <key>EncryptionAlgorithm</key>
                    <string>AES-256</string>
                    <key>IntegrityAlgorithm</key>
                    <string>SHA2-256</string>
                    <key>LifeTimeInMinutes</key>
                    <integer>1440</integer>
                </dict>
                <key>LocalIdentifier</key>
                <string>1.2.3.4</string>
                <key>RemoteAddress</key>
                <string>1.2.3.4</string>
                <key>RemoteIdentifier</key>
                <string>1.2.3.4</string>
                <key>UseConfigurationAttributeInternalIPSubnet</key>
                <integer>0</integer>
            </dict>
            <key>PayloadDescription</key>
            <string>Configure les réglages VPN</string>
            <key>PayloadDisplayName</key>
            <string>VPN</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.vpn.managed.E00C3366-E6B6-432F-BBC3-53F7E596F5EE</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadUUID</key>
            <string>E00C3366-E6B6-432F-BBC3-53F7E596F5EE</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Proxies</key>
            <dict>
                <key>HTTPEnable</key>
                <integer>0</integer>
                <key>HTTPSEnable</key>
                <integer>0</integer>
            </dict>
            <key>UserDefinedName</key>
            <string>FOO</string>
            <key>VPNType</key>
            <string>IKEv2</string>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>vpnB3</string>
    <key>PayloadIdentifier</key>
    <string>MacBook-Pro.4E18BF67-71DA-4BD4-953F-412A575352EE</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>38B9A4E4-325A-4CF7-A8BC-40D186DDDD2F</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

What's wrong with my profile ?

Answer 1

I put a bogus password on my VPN settings in my Jamf configuration profile and it fixed my issue. I'm running macOS 14.7.1 and was getting the error that the VPN service could not be created.

In my case I was pushing a Netskope VPN configuration with Jamf Pro by following the instructions at:

• https://docs.netskope.com/en/jamf/#approve-vpn-popup-for-app-proxy-1

Based on my research, the issue seems to always be related to a profile misconfiguration. Additionally, VPN profiles now require a password in order to apply. The password can be anything you want as it's not necessarily used.

Answer 2

Removing the DNS entry made it work in my case:

<key>DNS</key>
<dict>
    <key>SupplementalMatchDomainsNoSearch</key>
    <integer>0</integer>
</dict>

I have used Apple Configurator 2 v2.11.1 back in January 2020:
It did not add this to the profile and the import worked with
- macOS Catalina 10.15.2 and
- macOS Monterey 12.1.

I now use Apple Configurator 2 v2.15 (7A23):
The key is added automatically which makes the import fail on
- macOS Monterey 12.1 (21C52).

There is also a little special thing: If you delete it once, it doesn't come back if you save it again via the Apple Configurator 2. It only shows up in new connections.