Install IKEv2 with Self Service

Schmidt
New Contributor II

Hello Everyone,

I am attempting to figure out what is causing issues with my testing deployment of our IKEv2 VPN Profile. I am trying to deploy a User Level installation of an IKEv2 VPN profile in JAMF Self Service. I have it all configured in the JAMF Pro Cloud and deployed in Self Service to a small scope of a few test computer objects. When I attempt to install the item in Self Service on my test mac, it runs for about 2 seconds and reports an error "Item Failed". I have tried this on Catalina and Big Sur with same results.

My questions is are:
1. Were can I look at logs to find out what is happening/failing? -I checked /var/log/jamf.log -The mdm verb is not available on this version of macOS.
2. Am I doing something wrong to cause this to fail in the deployment?

6 REPLIES 6

Schmidt
New Contributor II

A bit more info. In JAMF Pro, I found this error:
The ‘VPN Service’ payload could not be installed. The VPN service could not be created.
If I manually download and install the Profile, I get the same error from the Profile Installation in System Preferences.
Issue appears to be the .mobileconfig file that is signed by JAMF. If I create the mobileconfig file in apple configurator, it will install and work, but is not signed.

jmahlman
Valued Contributor

I am seeing this exact behavior. Did you ever get any assistance?

orlandinim
New Contributor II

Same problem. Any news?

Jay_007
New Contributor III

I'm also getting the same issue. 

If I change the connection type, the payload installs fine, but not when using IKEv2 with minimal settings.

Schmidt
New Contributor II

Hey everyone, 

   The closest thing to a solution that I was able to come up with working with JAMF support is the payload needing to be installed as the user that is "MDM Capable" in JAMF Pro.  This being listed under Computer Inventory --> General Tab --> "MDM Capable Users".  If the currently logged in user installing the payload is not listed, it will fail.  If they are listed, it should work.

Problem is there is no successful way I have found to set a user as an "MDM Capable User".  JAMF just does this on its own somehow and I cant force it.

Jay_007
New Contributor III

Thanks for coming back to share this.

Unfortunately this made no difference for me. I have been able to get the payload to install, but it doesn't matter what I try, I keep getting the error "An unexpected error occurred" when attempting to connect to the VPN.

If I configure the VPN manually, it connects fine, but won't when deployed through JAMF with the same settings. Also, I'm installing at a user level and deploying to users.

Basically I've run out of ideas and I think I'm going to have to reach out to JAMF to help me with this.