Follow us on...
Follow us on Twitter Follow us on Facebook
Register
Results 1 to 8 of 8
  1. #1
    michaelsanford is offline Translator, Web Developer
    Join Date
    Oct 2002
    Location
    Ottawa/Montréal
    Posts
    2,277
    Thanks
    0
    Thanked 5 Times in 5 Posts

    Using Cisco VPN (pcf) with Mac OS X's integrated VPN client

    My university has a Cisco VPN server, and they push the Cisco VPN client on us (naturally).

    I would, however, much prefer to use Mac OS X's integrated VPN subsystem, if possible. I do have a preconfiguration file (.pcf) which is thankfully plain-text.

    I've used my best guesses and transferred data like so:
    (PCF directive) > (System Preferences field)
    Host > Server Address
    Account name > my username (not in PCF)
    enc_GroupPwd > Authentication Settings::Machine Authentication::Shared Secret
    UserPassword > Authentication Settings::User Authentication::Password (not in PCF)
    GroupName > Group Name

    And even after all of that, I get a message saying that I am not connected.

    Is this because I have left out a piece of configuration, or because the Mac OS X subsystem is not compatible with Cisco's (proprietary?) VPN server?

    Thanks!

    Also, system.log says
    Code:
    Jan 30 11:01:25 iBook pppd[24295]: pppd 2.4.2 (Apple version 314) started by root, uid 501
    Jan 30 11:01:25 iBook pppd[24295]: L2TP connecting to server 'vpn-server-address.com' (134.xxx.xxx.xxx)...
    Jan 30 11:01:32 iBook pppd[24295]: IPSec connection started
    Jan 30 11:01:45 iBook pppd[24295]: IPSec connection failed
    PS No point suggesting that I ask for more info from IT, because that's what my original request was, and I got a form email with a link to the client
    Last edited by michaelsanford; January 30th, 2008 at 10:03 AM.

  2. #2
    michaelsanford is offline Translator, Web Developer
    Join Date
    Oct 2002
    Location
    Ottawa/Montréal
    Posts
    2,277
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Looks like Cisco uses a proprietary kext, so you need the client.

    Too bad.

  3. #3
    nixgeek's Avatar
    nixgeek is offline Mac of the SubGenius! :-)
    Join Date
    Jan 2004
    Location
    Miami, FL
    Posts
    8,621
    Thanks
    32
    Thanked 157 Times in 141 Posts
    Quote Originally Posted by michaelsanford View Post
    Looks like Cisco uses a proprietary kext, so you need the client.

    Too bad.
    Yeah, I had tried this myself using Tiger's VPN client features but never had any luck. However, there is an open source project called vpnc (link to a Mac OS X port farther down in the page) which will work specifically with Cisco VPN servers. However, unlike the Cisco VPN client you can't access regular Internet because vpnc would need some way to loopback the DNS redirections. Cisco's client already has this feature built into its client. The open source version works, but when accessing local stuff over the internet you won't be able to.

    Hope that's clear to understand...
    Apple iMac G5 17" (2 GHz G5) - Mac OS X 10.5.8/Ubuntu 10.04
    Asus Eee PC 901 (1.6 GHz Atom N270) - Fedora 13
    Apple Macintosh Quadra 650 (33 MHz MC68040) - Mac OS 8.1
    "JHVH-1" (2 GHz AMD Athlon XP 2400+) - Slackware 13.1

  4. #4
    michaelsanford is offline Translator, Web Developer
    Join Date
    Oct 2002
    Location
    Ottawa/Montréal
    Posts
    2,277
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Clear as crystal.

    Also, it seems that my university ships the 2006 (i.e., pre-Leopard) client. So guess what ALSO doesn't work to connect to the VPN: the Cisco client :P

    Headaches galore.

  5. #5
    RISCHead is offline Registered User
    Join Date
    Feb 2008
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The latest Cisco client is available here:
    http://www.macupdate.com/info.php/id...sco-vpn-client
    You (may) need to uninstall the VPN client via Terminal (sudo /usr/local/bin/vpn_uninstall) then reinstall the latest universal binary.

    I don't quite understand why you care about what VPN client you have to use - its just a tool to get the job done, which is to give you the remote access you need.

  6. #6
    michaelsanford is offline Translator, Web Developer
    Join Date
    Oct 2002
    Location
    Ottawa/Montréal
    Posts
    2,277
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Thanks for the tip.

    And for me, using the other client isn't the end of the world, I just somewhat dislike installing an application to do something that I already have a tool for (it just doesn't work). I like to make use of my system's features. But in the end you're right, it is just a tool to get remote connectivity.

  7. #7
    RISCHead is offline Registered User
    Join Date
    Feb 2008
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I find it generally easier to follow a supported model (hey, if you can get someone else to do the work for you ...) and in the case of VPN, there are often proprietary protocols and extensions that make a common universal solution less feasible.

  8. #8
    michaelsanford is offline Translator, Web Developer
    Join Date
    Oct 2002
    Location
    Ottawa/Montréal
    Posts
    2,277
    Thanks
    0
    Thanked 5 Times in 5 Posts
    I just learned that about VPN. I also like your reasoning for adhering to the supported model

    One thing I was really interested in was VPN support with the DD-WRT installation on my linksys, only to find that it doesn't come with the version (micro) suitable for my model. Silly VPN...

 

 

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •