I'm cautiously excited about Snow Leopard's Cisco VPN support. It won't be as useful as I'd like it to be for our employees unless the VPN-on-demand feature of Leopard doesn't evolve. Does anyone know anything about the changes to VPN in Snow Leopard and, in particular, if it will automatically initiate VPN connections on the fly as one would hope VPN-on-demand would do?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Snow Leopard VPN
- Thread starter Aisys
- Start date
- Sort by reaction score
We were using Cisco's client but everyone hates it and/or has problems with it.
Update: got Snow Leopard last night. I got all our client VPN connections ported to the built-in Cisco IPSec support. It works great so far. But VPN-on-demand is not supported for the Cisco mode.
Update: got Snow Leopard last night. I got all our client VPN connections ported to the built-in Cisco IPSec support. It works great so far. But VPN-on-demand is not supported for the Cisco mode.
The standalone Cisco VPN clients are going to give you an Error 51 until you reinstall it. Something about the Snow Leopard installation breaks the client, but reinstalling fixes it.
I am using Snow Leopard's built-in Cisco VPN connectivity without issue. How do I get it to remember my password?
Yeah - we had this issue as well, I was really unhappy that the split DNS wasn't working and tried everything, putting the internal domains in the search lis, adding more internal servers to the DNS list etc etc.
Then we finally fixed it:
Create a file in /etc/resolver named for your domain - for example
touch /etc/resolver/yourdomain.com
Then add the following to the file
nameserver w.x.y.z <- your internal DNS IP obviously
domain yourdomain.com
port 53
That wil have you resolving down your tunnel.
Stu
Open Network Preferences and click the + in the bottom left. Then select VPN from the dropdown, and the type of VPN from the next dropdown...
Im pretty well thoroughly wacked off that my school changed from cisco to juniper. Now i have to use this jerry rig solution to get my internet to work at school. Ok, if mac is "#1 at college" and there is a well known OS upgrade, and vpns are used at most colleges, they why didnt someone get off their butt and make this stuff work? I mean everyone with new macs will get the up to date stuff, and many will pay the $30 to upgrade. So someone should have known this was gonna be a widespread problem.
Interesting. I didn't have to do any of that. I simply added the DNS servers and search domains to the advanced options and it worked fine.
The Juniper Network Connect client is broken under Snow Leopard. Very annoying indeed. There is a hack that supposedly gets it working, but reports say it leads to packet loss.
http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&thread.id=4965
I had it working for a day and now i cant get it to work. But when it did work it was dropping packets like mad. At least half the time you have to reload the pages.
I'v ehad the hack running for a couple days, and so far have had no problems. That said I don't use the VPN for web pages, only for exchange email.
Service order
Not sure if this solves the same problem that the fix does, but I read elsewhere that the trick is to change the order of the services in the Network pane of System Preferences: click on the cog at the bottom of the list, choose 'Set Service Order...' and move VPN above the underlying connection it uses (e.g. Airport or Ethernet).
That way the Mac will use DNS from VPN in preference to the others.
And regarding the client not saving the password, this is defined by the VPN policy, which Apple's client respects. vpnc, an open-source alternative, allows you to over-ride this - but you won't get many smiles from your network administrators if you do this!
Not sure if this solves the same problem that the fix does, but I read elsewhere that the trick is to change the order of the services in the Network pane of System Preferences: click on the cog at the bottom of the list, choose 'Set Service Order...' and move VPN above the underlying connection it uses (e.g. Airport or Ethernet).
That way the Mac will use DNS from VPN in preference to the others.
And regarding the client not saving the password, this is defined by the VPN policy, which Apple's client respects. vpnc, an open-source alternative, allows you to over-ride this - but you won't get many smiles from your network administrators if you do this!
I started having VPN problems while traveling last week. The VPN would connect but I could not reach any server... Turns out the problem ended up being that NAT was still enabled from having turned on Internet Sharing for my iphone to use wifi to share the ethernet connection. The solution was moving this file out of the way:
/Library/Preferences/SystemConfiguration/com.apple.nat.plist
The second post in this article gave me the solution. (I didn't think of it). Looks like a bug in how the XML is updated.
/Library/Preferences/SystemConfiguration/com.apple.nat.plist
The second post in this article gave me the solution. (I didn't think of it). Looks like a bug in how the XML is updated.
MooneyFlyer - You Rock
Even after days of working with Apple Support, we could not figure out why my VPN would connect and authenticate, but no traffic flowed. Well your hint tip led me to my internet sharing box, clicked it off, and all works now! Thank you for sharing.
Even after days of working with Apple Support, we could not figure out why my VPN would connect and authenticate, but no traffic flowed. Well your hint tip led me to my internet sharing box, clicked it off, and all works now! Thank you for sharing.
Stu -- thanks!!! This fixed mine.
I'm running SL 10.6.3 and was trying to connect over a Cisco VPN using the built-in client. The VPN connected fine. I could ping and connect to machines by IP address. It was definitely a split dns problem. Using nslookup, I could connect to the company dns server and get the proper resolution. When the VPN connection is made, the correct internal dns servers and search domains are inserted in the advanced network panel; why aren't they used? I even tried re-sorting the adapter list per somebody's hint. Nothing worked except this. It's certainly only a lame, temporary fix (I hope!) -- because, my iPad has the same problem and I can't fix it!! :-(
Just came across a new Mac VPN client-- NCP Secure Entry Mac Client (http://www.ncp-e.com/en/downloads/software.html). Might be worth checking out if people are having issues.
Fixed mine on SL 10.6.4 (been having the issue since long before that). Thanks!
vpn
Hi
I'm using pptp as we don't have a shared secret or file for cisco.
However, I've never been able to access my vpn network for this vpn (it's worked for others, with cisco). There are web sites only accessible over the vpn, and I can access those from the mac (but not parallels, in windoze).
Sometimes I can see network machines, but they fail to connect. Many times I can't see them at all, and as soon as I start up Parallels they always disappear.
I realize there are a coupla things going on here but any tips appreciated!
Is there even a way to force the mac to look at the network, if it doesn't show up in the finder?
tia for any tips
Hi
I'm using pptp as we don't have a shared secret or file for cisco.
However, I've never been able to access my vpn network for this vpn (it's worked for others, with cisco). There are web sites only accessible over the vpn, and I can access those from the mac (but not parallels, in windoze).
Sometimes I can see network machines, but they fail to connect. Many times I can't see them at all, and as soon as I start up Parallels they always disappear.
I realize there are a coupla things going on here but any tips appreciated!
Is there even a way to force the mac to look at the network, if it doesn't show up in the finder?
tia for any tips
Thank you, thank you, thank you. This has finally solved a 2-year issue with the OS X VPN client and split-tunneling for me. Before, I had to force all traffic over the VPN for anything to resolve correctly in DNS.
I wish I'd known it was this easy! Now, I can reduce the bandwidth over my VPN connection to work. I'm sure my IT guy will be grateful!
Happy DNS
First, I tried rearranging the service order and that didn't work. After adding this entry as specified, everything started to work. Thank you!
First, I tried rearranging the service order and that didn't work. After adding this entry as specified, everything started to work. Thank you!