macOS VPN system extension blockedSolved

Hello @skylar-a ,

For a VPN client that uses a macOS system extension, you need to allow the extension through a macOS System Extensions policy in Hexnode:

1. Go to Policies > New Policy, or edit an existing macOS policy.
2. Navigate to macOS > Configurations > System Extensions.
3. Configure the System Extensions section.
4. Enter the VPN developer’s Team ID and Bundle ID, then click Add.
5. Scroll down to System Extension Types, enter the Team ID, and select Network Extension, as VPN clients rely on this specific framework type.
6. Save and associate the policy with the required Macs.

Once the profile lands on the Mac, macOS should approve the VPN system extension automatically. If the VPN app still shows the initialization error after the profile is visible on the Mac, restart the device and verify that the Team ID and Bundle ID in the policy are correct.

Regards,
Simon Scott
Hexnode UEM

I had the policy associated directly to the Mac, and Hexnode showed the association as successful. But nothing appeared in Device Management under System Settings, and the VPN error stayed the same. Running a device scan did not change it either.

In that case, remove the device from the policy association and associate the same policy again. After reassociation, confirm that the device has checked in recently and then check System Settings > General > Device Management again.

If the profile appears there, the System Extensions payload has landed on the Mac. The VPN initialization error should clear after macOS processes the approved extension, though a restart may still be required in some cases.

Ah, got it. Removing the Mac from the policy and associating it again fixed it.