Snow Leopard VPN

Discussion in 'macOS' started by Aisys, Aug 26, 2009.

  1. Aisys macrumors newbie

    Joined:
    Jul 11, 2008
    Location:
    New York, NY
    #1
    I'm cautiously excited about Snow Leopard's Cisco VPN support. It won't be as useful as I'd like it to be for our employees unless the VPN-on-demand feature of Leopard doesn't evolve. Does anyone know anything about the changes to VPN in Snow Leopard and, in particular, if it will automatically initiate VPN connections on the fly as one would hope VPN-on-demand would do?
     
  2. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #2
    Why not use Cisco's OS X VPN client? That automatically connect feature is a pain. We had users complain constantly when we were using Check Point's SecuRemote, which does that.
     
  3. Aisys thread starter macrumors newbie

    Joined:
    Jul 11, 2008
    Location:
    New York, NY
    #3
    We were using Cisco's client but everyone hates it and/or has problems with it.

    Update: got Snow Leopard last night. I got all our client VPN connections ported to the built-in Cisco IPSec support. It works great so far. But VPN-on-demand is not supported for the Cisco mode.
     
  4. piknyc macrumors newbie

    Joined:
    Aug 28, 2009
    #4
    Yup, I had issues using Cisco's VPN client. It wouldn't launch. I configured the built in CPN client. It was rather easy. I have just one major problem. It's doesn't hit my VPN's DNS. I verified I can access hosts via IP, but not name. Now I'm stuck.
     
  5. rwilliams macrumors 68040

    rwilliams

    Joined:
    Apr 8, 2009
    Location:
    Durham, NC
    #5
    The standalone Cisco VPN clients are going to give you an Error 51 until you reinstall it. Something about the Snow Leopard installation breaks the client, but reinstalling fixes it.
     
  6. mrichman macrumors newbie

    Joined:
    Sep 5, 2009
    Location:
    Parkland, FL
    #6
    I am using Snow Leopard's built-in Cisco VPN connectivity without issue. How do I get it to remember my password?
     
  7. onomatopoeia macrumors 6502

    onomatopoeia

    Joined:
    Dec 9, 2007
    #7
    How do you access the built-in VPN feature of Snow Leopard?
     
  8. stuarthatto macrumors regular

    Joined:
    Nov 5, 2008
    #8
    Yeah - we had this issue as well, I was really unhappy that the split DNS wasn't working and tried everything, putting the internal domains in the search lis, adding more internal servers to the DNS list etc etc.

    Then we finally fixed it:

    Create a file in /etc/resolver named for your domain - for example

    touch /etc/resolver/yourdomain.com

    Then add the following to the file

    nameserver w.x.y.z <- your internal DNS IP obviously
    domain yourdomain.com
    port 53

    That wil have you resolving down your tunnel.
    Stu
     
  9. stuarthatto macrumors regular

    Joined:
    Nov 5, 2008
    #9
    Open Network Preferences and click the + in the bottom left. Then select VPN from the dropdown, and the type of VPN from the next dropdown...
     
  10. mikes70mustang macrumors 68000

    mikes70mustang

    Joined:
    Nov 14, 2008
    Location:
    US
    #10
    Im pretty well thoroughly wacked off that my school changed from cisco to juniper. Now i have to use this jerry rig solution to get my internet to work at school. Ok, if mac is "#1 at college" and there is a well known OS upgrade, and vpns are used at most colleges, they why didnt someone get off their butt and make this stuff work? I mean everyone with new macs will get the up to date stuff, and many will pay the $30 to upgrade. So someone should have known this was gonna be a widespread problem.
     
  11. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #11
    Interesting. I didn't have to do any of that. I simply added the DNS servers and search domains to the advanced options and it worked fine.
     
  12. occamsrazor macrumors 6502

    occamsrazor

    Joined:
    Feb 25, 2007
    #12
    The Juniper Network Connect client is broken under Snow Leopard. Very annoying indeed. There is a hack that supposedly gets it working, but reports say it leads to packet loss.

    http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&thread.id=4965
     
  13. mikes70mustang macrumors 68000

    mikes70mustang

    Joined:
    Nov 14, 2008
    Location:
    US
    #13
    I had it working for a day and now i cant get it to work. But when it did work it was dropping packets like mad. At least half the time you have to reload the pages.
     
  14. occamsrazor macrumors 6502

    occamsrazor

    Joined:
    Feb 25, 2007
    #14
    I'v ehad the hack running for a couple days, and so far have had no problems. That said I don't use the VPN for web pages, only for exchange email.
     
  15. Saladinos macrumors 68000

    Saladinos

    Joined:
    Feb 26, 2008
  16. frogmella macrumors newbie

    Joined:
    Jan 6, 2002
    #16
    Service order

    Not sure if this solves the same problem that the fix does, but I read elsewhere that the trick is to change the order of the services in the Network pane of System Preferences: click on the cog at the bottom of the list, choose 'Set Service Order...' and move VPN above the underlying connection it uses (e.g. Airport or Ethernet).

    That way the Mac will use DNS from VPN in preference to the others.

    And regarding the client not saving the password, this is defined by the VPN policy, which Apple's client respects. vpnc, an open-source alternative, allows you to over-ride this - but you won't get many smiles from your network administrators if you do this!
     
  17. MooneyFlyer macrumors 65816

    MooneyFlyer

    Joined:
    Nov 18, 2007
    Location:
    Boston
    #17
    I started having VPN problems while traveling last week. The VPN would connect but I could not reach any server... Turns out the problem ended up being that NAT was still enabled from having turned on Internet Sharing for my iphone to use wifi to share the ethernet connection. The solution was moving this file out of the way:
    /Library/Preferences/SystemConfiguration/com.apple.nat.plist

    The second post in this article gave me the solution. (I didn't think of it). Looks like a bug in how the XML is updated.
     
  18. cinman macrumors newbie

    Joined:
    Oct 31, 2009
    #18
    MooneyFlyer - You Rock

    Even after days of working with Apple Support, we could not figure out why my VPN would connect and authenticate, but no traffic flowed. Well your hint tip led me to my internet sharing box, clicked it off, and all works now! Thank you for sharing.

     
  19. drummerlondonw3 macrumors 6502a

    drummerlondonw3

    Joined:
    Feb 10, 2008
    Location:
    London
  20. seangame macrumors newbie

    Joined:
    May 13, 2010
    #20

    Stu -- thanks!!! This fixed mine.

    I'm running SL 10.6.3 and was trying to connect over a Cisco VPN using the built-in client. The VPN connected fine. I could ping and connect to machines by IP address. It was definitely a split dns problem. Using nslookup, I could connect to the company dns server and get the proper resolution. When the VPN connection is made, the correct internal dns servers and search domains are inserted in the advanced network panel; why aren't they used? I even tried re-sorting the adapter list per somebody's hint. Nothing worked except this. It's certainly only a lame, temporary fix (I hope!) -- because, my iPad has the same problem and I can't fix it!! :-(
     
  21. VPNHaus macrumors newbie

    Joined:
    May 26, 2010
    #21
  22. lefooey macrumors member

    Joined:
    Dec 26, 2009
    Location:
    Spokane, WA
    #22
    Fixed mine on SL 10.6.4 (been having the issue since long before that). Thanks!
     
  23. cayennep macrumors newbie

    Joined:
    Aug 26, 2008
    #23
    vpn

    Hi
    I'm using pptp as we don't have a shared secret or file for cisco.

    However, I've never been able to access my vpn network for this vpn (it's worked for others, with cisco). There are web sites only accessible over the vpn, and I can access those from the mac (but not parallels, in windoze).
    Sometimes I can see network machines, but they fail to connect. Many times I can't see them at all, and as soon as I start up Parallels they always disappear.

    I realize there are a coupla things going on here but any tips appreciated!

    Is there even a way to force the mac to look at the network, if it doesn't show up in the finder?

    tia for any tips
     
  24. MauiBoy macrumors member

    Joined:
    Sep 7, 2005
    #24

    Thank you, thank you, thank you. This has finally solved a 2-year issue with the OS X VPN client and split-tunneling for me. Before, I had to force all traffic over the VPN for anything to resolve correctly in DNS.

    I wish I'd known it was this easy! Now, I can reduce the bandwidth over my VPN connection to work. I'm sure my IT guy will be grateful! :D
     
  25. amarand macrumors newbie

    amarand

    Joined:
    Jan 6, 2011
    Location:
    Galloway, Ohio, USA
    #25
    Happy DNS


    First, I tried rearranging the service order and that didn't work. After adding this entry as specified, everything started to work. Thank you! :cool:
     

Share This Page