After configuring a MacOS VPN IKEv2 client to a strongswan server I am able to connect successfully to the VPN.
As soon as the server side certificates are changed from RSA certificates to ECDSA, strongswan reports a successful establishment of an SA, but the MacOS side drops the connection logging the following error:
2026-02-27 23:13:22.672482+0000 0x2acd39 Error 0x0 67521 0 NEIKEv2Provider: (NetworkExtension) [com.apple.networkextension:] [IKE_AUTH R resp1 55DC8E904F533065-2BA026E933AC60B3] Initiator packet authentication method DigitalSignatureECDSA256 is not compatible with configuration RSASignature
2026-02-27 23:13:22.672565+0000 0x2acd39 Default 0x0 67521 0 NEIKEv2Provider: (NetworkExtension) [com.apple.networkextension:] IKEv2IKESA[2.2, 55DC8E904F533065-2BA026E933AC60B3] state Connecting -> Disconnected error (null) -> Error Domain=NEIKEv2ErrorDomain Code=8 "Authentication: Packet authentication method DigitalSignatureECDSA256 is not compatible with configuration RSASignature" UserInfo={NSLocalizedDescription=Authentication: Packet authentication method DigitalSignatureECDSA256 is not compatible with configuration RSASignature}
Can MacOS IKEv2 VPN client talk to a server with ECDSA certificates, and are there any extra steps to do so?
Similar problem for iOS was asked in iOS native IKEv2 client and ECDSA server certificates but with different symptoms logged.
