# Using Cisco VPN (pcf) with Mac OS X's integrated VPN client



## michaelsanford (Jan 30, 2008)

My university has a Cisco VPN server, and they push the Cisco VPN client on us (naturally).

I would, however, much prefer to use Mac OS X's integrated VPN subsystem, if possible. I do have a preconfiguration file (.pcf) which is thankfully plain-text.

I've used my best guesses and transferred data like so:
(PCF directive) > (System Preferences field)
Host > Server Address
Account name > my username (not in PCF)
enc_GroupPwd > Authentication Settings::Machine Authentication::Shared Secret
UserPassword > Authentication Settings::User Authentication:assword (not in PCF)
GroupName > Group Name

And even after all of that, I get a message saying that I am not connected.

Is this because I have left out a piece of configuration, or because the Mac OS X subsystem is not compatible with Cisco's (proprietary?) VPN server?

Thanks!

Also, system.log says

```
Jan 30 11:01:25 iBook pppd[24295]: pppd 2.4.2 (Apple version 314) started by root, uid 501
Jan 30 11:01:25 iBook pppd[24295]: L2TP connecting to server 'vpn-server-address.com' (134.xxx.xxx.xxx)...
Jan 30 11:01:32 iBook pppd[24295]: IPSec connection started
Jan 30 11:01:45 iBook pppd[24295]: IPSec connection failed
```

PS No point suggesting that I ask for more info from IT, because that's what my original request was, and I got a form email with a link to the client


----------



## michaelsanford (Jan 30, 2008)

Looks like Cisco uses a proprietary kext, so you need the client.

Too bad.


----------



## nixgeek (Jan 30, 2008)

michaelsanford said:


> Looks like Cisco uses a proprietary kext, so you need the client.
> 
> Too bad.



Yeah, I had tried this myself using Tiger's VPN client features but never had any luck.  However, there is an open source project called vpnc (link to a Mac OS X port farther down in the page) which will work specifically with Cisco VPN servers.  However, unlike the Cisco VPN client you can't access regular Internet because vpnc would need some way to loopback the DNS redirections.  Cisco's client already has this feature built into its client.  The open source version works, but when accessing local stuff over the internet you won't be able to.

Hope that's clear to understand...


----------



## michaelsanford (Jan 30, 2008)

Clear as crystal.

Also, it seems that my university ships the 2006 (i.e., pre-Leopard) client. So guess what ALSO doesn't work to connect to the VPN: the Cisco client 

Headaches galore.


----------



## RISCHead (Feb 6, 2008)

The latest Cisco client is available here:
http://www.macupdate.com/info.php/id...sco-vpn-client
You (may) need to uninstall the VPN client via Terminal (sudo /usr/local/bin/vpn_uninstall) then reinstall the latest universal binary.

I don't quite understand why you care about what VPN client you have to use - its just a tool to get the job done, which is to give you the remote access you need.


----------



## michaelsanford (Feb 6, 2008)

Thanks for the tip.

And for me, using the other client isn't the end of the world, I just somewhat dislike installing an application to do something that I already have a tool for (it just doesn't work). I like to make use of my system's features. But in the end you're right, it is just a tool to get remote connectivity.


----------



## RISCHead (Feb 6, 2008)

I find it generally easier to follow a supported model (hey, if you can get someone else to do the work for you  ...) and in the case of VPN, there are often proprietary protocols and extensions that make a common universal solution less feasible.


----------



## michaelsanford (Feb 6, 2008)

I just learned that about VPN. I also like your reasoning for adhering to the supported model 

One thing I was really interested in was VPN support with the DD-WRT installation on my linksys, only to find that it doesn't come with the version (micro) suitable for my model. Silly VPN...


----------

