Snow Leopard VPN

Discussion in 'macOS' started by Aisys, Aug 26, 2009.

  1. Aisys macrumors newbie

    Jul 11, 2008
    New York, NY
    I'm cautiously excited about Snow Leopard's Cisco VPN support. It won't be as useful as I'd like it to be for our employees unless the VPN-on-demand feature of Leopard doesn't evolve. Does anyone know anything about the changes to VPN in Snow Leopard and, in particular, if it will automatically initiate VPN connections on the fly as one would hope VPN-on-demand would do?
  2. belvdr macrumors 603

    Aug 15, 2005
    Why not use Cisco's OS X VPN client? That automatically connect feature is a pain. We had users complain constantly when we were using Check Point's SecuRemote, which does that.
  3. Aisys thread starter macrumors newbie

    Jul 11, 2008
    New York, NY
    We were using Cisco's client but everyone hates it and/or has problems with it.

    Update: got Snow Leopard last night. I got all our client VPN connections ported to the built-in Cisco IPSec support. It works great so far. But VPN-on-demand is not supported for the Cisco mode.
  4. piknyc macrumors newbie

    Aug 28, 2009
    Yup, I had issues using Cisco's VPN client. It wouldn't launch. I configured the built in CPN client. It was rather easy. I have just one major problem. It's doesn't hit my VPN's DNS. I verified I can access hosts via IP, but not name. Now I'm stuck.
  5. rwilliams macrumors 68040


    Apr 8, 2009
    Durham, NC
    The standalone Cisco VPN clients are going to give you an Error 51 until you reinstall it. Something about the Snow Leopard installation breaks the client, but reinstalling fixes it.
  6. mrichman macrumors newbie

    Sep 5, 2009
    Parkland, FL
    I am using Snow Leopard's built-in Cisco VPN connectivity without issue. How do I get it to remember my password?
  7. onomatopoeia macrumors 6502


    Dec 9, 2007
    How do you access the built-in VPN feature of Snow Leopard?
  8. stuarthatto macrumors regular

    Nov 5, 2008
    Yeah - we had this issue as well, I was really unhappy that the split DNS wasn't working and tried everything, putting the internal domains in the search lis, adding more internal servers to the DNS list etc etc.

    Then we finally fixed it:

    Create a file in /etc/resolver named for your domain - for example

    touch /etc/resolver/

    Then add the following to the file

    nameserver w.x.y.z <- your internal DNS IP obviously
    port 53

    That wil have you resolving down your tunnel.
  9. stuarthatto macrumors regular

    Nov 5, 2008
    Open Network Preferences and click the + in the bottom left. Then select VPN from the dropdown, and the type of VPN from the next dropdown...
  10. mikes70mustang macrumors 68000


    Nov 14, 2008
    Im pretty well thoroughly wacked off that my school changed from cisco to juniper. Now i have to use this jerry rig solution to get my internet to work at school. Ok, if mac is "#1 at college" and there is a well known OS upgrade, and vpns are used at most colleges, they why didnt someone get off their butt and make this stuff work? I mean everyone with new macs will get the up to date stuff, and many will pay the $30 to upgrade. So someone should have known this was gonna be a widespread problem.
  11. belvdr macrumors 603

    Aug 15, 2005
    Interesting. I didn't have to do any of that. I simply added the DNS servers and search domains to the advanced options and it worked fine.
  12. occamsrazor macrumors 6502


    Feb 25, 2007
    The Juniper Network Connect client is broken under Snow Leopard. Very annoying indeed. There is a hack that supposedly gets it working, but reports say it leads to packet loss.
  13. mikes70mustang macrumors 68000


    Nov 14, 2008
    I had it working for a day and now i cant get it to work. But when it did work it was dropping packets like mad. At least half the time you have to reload the pages.
  14. occamsrazor macrumors 6502


    Feb 25, 2007
    I'v ehad the hack running for a couple days, and so far have had no problems. That said I don't use the VPN for web pages, only for exchange email.
  15. Saladinos macrumors 68000


    Feb 26, 2008
  16. frogmella macrumors newbie

    Jan 6, 2002
    Service order

    Not sure if this solves the same problem that the fix does, but I read elsewhere that the trick is to change the order of the services in the Network pane of System Preferences: click on the cog at the bottom of the list, choose 'Set Service Order...' and move VPN above the underlying connection it uses (e.g. Airport or Ethernet).

    That way the Mac will use DNS from VPN in preference to the others.

    And regarding the client not saving the password, this is defined by the VPN policy, which Apple's client respects. vpnc, an open-source alternative, allows you to over-ride this - but you won't get many smiles from your network administrators if you do this!
  17. MooneyFlyer macrumors 65816


    Nov 18, 2007
    I started having VPN problems while traveling last week. The VPN would connect but I could not reach any server... Turns out the problem ended up being that NAT was still enabled from having turned on Internet Sharing for my iphone to use wifi to share the ethernet connection. The solution was moving this file out of the way:

    The second post in this article gave me the solution. (I didn't think of it). Looks like a bug in how the XML is updated.
  18. cinman macrumors newbie

    Oct 31, 2009
    MooneyFlyer - You Rock

    Even after days of working with Apple Support, we could not figure out why my VPN would connect and authenticate, but no traffic flowed. Well your hint tip led me to my internet sharing box, clicked it off, and all works now! Thank you for sharing.

  19. drummerlondonw3 macrumors 6502a


    Feb 10, 2008
  20. seangame macrumors newbie

    May 13, 2010

    Stu -- thanks!!! This fixed mine.

    I'm running SL 10.6.3 and was trying to connect over a Cisco VPN using the built-in client. The VPN connected fine. I could ping and connect to machines by IP address. It was definitely a split dns problem. Using nslookup, I could connect to the company dns server and get the proper resolution. When the VPN connection is made, the correct internal dns servers and search domains are inserted in the advanced network panel; why aren't they used? I even tried re-sorting the adapter list per somebody's hint. Nothing worked except this. It's certainly only a lame, temporary fix (I hope!) -- because, my iPad has the same problem and I can't fix it!! :-(
  21. VPNHaus macrumors newbie

    May 26, 2010
  22. lefooey macrumors member

    Dec 26, 2009
    Spokane, WA
    Fixed mine on SL 10.6.4 (been having the issue since long before that). Thanks!
  23. cayennep macrumors newbie

    Aug 26, 2008

    I'm using pptp as we don't have a shared secret or file for cisco.

    However, I've never been able to access my vpn network for this vpn (it's worked for others, with cisco). There are web sites only accessible over the vpn, and I can access those from the mac (but not parallels, in windoze).
    Sometimes I can see network machines, but they fail to connect. Many times I can't see them at all, and as soon as I start up Parallels they always disappear.

    I realize there are a coupla things going on here but any tips appreciated!

    Is there even a way to force the mac to look at the network, if it doesn't show up in the finder?

    tia for any tips
  24. MauiBoy macrumors member

    Sep 7, 2005

    Thank you, thank you, thank you. This has finally solved a 2-year issue with the OS X VPN client and split-tunneling for me. Before, I had to force all traffic over the VPN for anything to resolve correctly in DNS.

    I wish I'd known it was this easy! Now, I can reduce the bandwidth over my VPN connection to work. I'm sure my IT guy will be grateful! :D
  25. amarand macrumors newbie


    Jan 6, 2011
    Galloway, Ohio, USA
    Happy DNS

    First, I tried rearranging the service order and that didn't work. After adding this entry as specified, everything started to work. Thank you! :cool:

Share This Page