Mac OS X 10.4.6 VPN woes

I was actually pretty happy to see that OS X 10.4.6 would include native IPSec VPN support specifically to connect to Cisco VPN servers... Well, L2TP over IPSec, anyway. After I updated the PowerBook, I gave it a shot connecting to a Cisco PIX VPN server. No go since it's not supported by the PIX. PPTP connections would work, though. So, lacking a Cisco VPN Concentrator, I decided to bail on the native client, a

I was actually pretty happy to see that OS X 10.4.6 would include native IPSec VPN support specifically to connect to Cisco VPN servers... Well, L2TP over IPSec, anyway. After I updated the PowerBook, I gave it a shot connecting to a Cisco PIX VPN server. No go since it's not supported by the PIX. PPTP connections would work, though.

So, lacking a Cisco VPN Concentrator, I decided to bail on the native client, and fired up my Cisco VPN client v4.9. Couldn't connect to anything, with the logs claiming that there was another process bound to the IKE port. A quick lsof -iUDP:500 showed that the KAME racoon utility is part of Apple's IPSec services, and even though I'd emptied the L2TP/IPSec VPN configuration, it was still running, blocking that port. kill `ps auxww | grep racoon | grep -v grep | awk '{print$2}'` took care of that, and the Cisco client worked fine. Although I haven't tested it, racoon should be able to connect to a Cisco PIX, but not in a dynamic configuration. If I had a static IP and the PIX was configured for a static VPN connection using PSK or certs, it would probably work.

Also, I believe that a reboot would have achieved the same results, since I don't believe racoon starts on boot if the profiles are empty and/or the client hasn't been triggered, but who reboots their laptops these days?

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies