MAC OSX clients require that additional firewall ports be open. Please see below:
Firewall Requirements
By default, all VIA clients use certain UDP and TCP ports to establish an IPsec connection. However, VIA 1.0 for Mac OS uses some additional ports than those used by VIA for Windows and iOS. VIA 1.0 for Mac OS depends on the IPsec stack of the Mac OS, which uses some additional ports to establish an IPsec connection. All VIA clients use these common ports:
●
TCP 443
■
used by the end user to download VIA client software
■
used by the VIA client to download the latest VIA configuration
■
used by the VIA client for trusted network and captive portal checks
■
used for SSL fallback when UDP 4500 is blocked
●
UDP 4500
■
used for IPsec NAT-T
VIA 1.0 for Mac OS uses these additional ports:
●
UDP 500
■
used by Mac OS for internet key exchange (IKE) along with port 4500
●
IP Protocol 50
■
used for forwarding Encapsulating Security Protocol (ESP) traffic
In your network, it is necessary to open these ports on all firewalls that lead up to the controller on which VIA terminates.