Using Cisco VPN (pcf) with Mac OS X's integrated VPN client

Discussion in 'Networking & Compatibility' started by michaelsanford, Jan 30, 2008.

  1. michaelsanford

    michaelsanford Translator, Web Developer

    Joined:
    Oct 7, 2002
    Messages:
    2,277
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Translator & Web Developer
    Location:
    Ottawa/Montréal
    My university has a Cisco VPN server, and they push the Cisco VPN client on us (naturally).

    I would, however, much prefer to use Mac OS X's integrated VPN subsystem, if possible. I do have a preconfiguration file (.pcf) which is thankfully plain-text.

    I've used my best guesses and transferred data like so:
    (PCF directive) > (System Preferences field)
    Host > Server Address
    Account name > my username (not in PCF)
    enc_GroupPwd > Authentication Settings::Machine Authentication::Shared Secret
    UserPassword > Authentication Settings::User Authentication::password (not in PCF)
    GroupName > Group Name

    And even after all of that, I get a message saying that I am not connected.

    Is this because I have left out a piece of configuration, or because the Mac OS X subsystem is not compatible with Cisco's (proprietary?) VPN server?

    Thanks!

    Also, system.log says
    Code:
    Jan 30 11:01:25 iBook pppd[24295]: pppd 2.4.2 (Apple version 314) started by root, uid 501
    Jan 30 11:01:25 iBook pppd[24295]: L2TP connecting to server 'vpn-server-address.com' (134.xxx.xxx.xxx)...
    Jan 30 11:01:32 iBook pppd[24295]: IPSec connection started
    Jan 30 11:01:45 iBook pppd[24295]: IPSec connection failed
    PS No point suggesting that I ask for more info from IT, because that's what my original request was, and I got a form email with a link to the client :)
     
    Last edited: Jan 30, 2008
  2. michaelsanford

    michaelsanford Translator, Web Developer

    Joined:
    Oct 7, 2002
    Messages:
    2,277
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Translator & Web Developer
    Location:
    Ottawa/Montréal
    Looks like Cisco uses a proprietary kext, so you need the client.

    Too bad.
     
  3. nixgeek

    nixgeek Mac of the SubGenius! :-)

    Joined:
    Jan 2, 2004
    Messages:
    8,621
    Likes Received:
    5
    Trophy Points:
    0
    Occupation:
    Microsystems Tech for two elementary schools.
    Location:
    Miami, FL
    Yeah, I had tried this myself using Tiger's VPN client features but never had any luck. However, there is an open source project called vpnc (link to a Mac OS X port farther down in the page) which will work specifically with Cisco VPN servers. However, unlike the Cisco VPN client you can't access regular Internet because vpnc would need some way to loopback the DNS redirections. Cisco's client already has this feature built into its client. The open source version works, but when accessing local stuff over the internet you won't be able to.

    Hope that's clear to understand... :confused:
     
  4. michaelsanford

    michaelsanford Translator, Web Developer

    Joined:
    Oct 7, 2002
    Messages:
    2,277
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Translator & Web Developer
    Location:
    Ottawa/Montréal
    Clear as crystal.

    Also, it seems that my university ships the 2006 (i.e., pre-Leopard) client. So guess what ALSO doesn't work to connect to the VPN: the Cisco client :p

    Headaches galore.
     
  5. RISCHead

    RISCHead Registered

    Joined:
    Feb 6, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    The latest Cisco client is available here:
    http://www.macupdate.com/info.php/id...sco-vpn-client
    You (may) need to uninstall the VPN client via Terminal (sudo /usr/local/bin/vpn_uninstall) then reinstall the latest universal binary.

    I don't quite understand why you care about what VPN client you have to use - its just a tool to get the job done, which is to give you the remote access you need.
     
  6. michaelsanford

    michaelsanford Translator, Web Developer

    Joined:
    Oct 7, 2002
    Messages:
    2,277
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Translator & Web Developer
    Location:
    Ottawa/Montréal
    Thanks for the tip.

    And for me, using the other client isn't the end of the world, I just somewhat dislike installing an application to do something that I already have a tool for (it just doesn't work). I like to make use of my system's features. But in the end you're right, it is just a tool to get remote connectivity.
     
  7. RISCHead

    RISCHead Registered

    Joined:
    Feb 6, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    I find it generally easier to follow a supported model (hey, if you can get someone else to do the work for you :) ...) and in the case of VPN, there are often proprietary protocols and extensions that make a common universal solution less feasible.
     
  8. michaelsanford

    michaelsanford Translator, Web Developer

    Joined:
    Oct 7, 2002
    Messages:
    2,277
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Translator & Web Developer
    Location:
    Ottawa/Montréal
    I just learned that about VPN. I also like your reasoning for adhering to the supported model :)

    One thing I was really interested in was VPN support with the DD-WRT installation on my linksys, only to find that it doesn't come with the version (micro) suitable for my model. Silly VPN...
     

Share This Page