Parallels Desktop for Mac

Leopard Virtual Private Networks Tips and Reports

Problems and Solutions For Working with Mac OS X 10.5 and VPNs

Updated November 30, 2009


On This Page:

- About Leopard and VPN

- VPN fixes in Apple Leopard updates

- Tips and reports:

If you’re using Leopard and VPNs about any problems or tips.


Parallels Desktop for Mac


Cross-platform software deals from Amazon

Check out Amazon for a copy of Windows XP or Windows Vista or Windows 7 for Boot Camp

MacDrive 8
Access your Mac OS X partition from
Boot Camp

Snow Leopard Server for Dummies
By John Rizzo

A 432-page book that simplifies the installation, configuration, and management of Apple's Mac OS X 10.6 Server software. Support Mac and Windows clients for file sharing, email, and directory services; Incorporate a Mac subnet into a Windows Active Directory domain, manage Mac and Windows clients, and configure security options, and more. Click here for more.

About Leopard and VPN

Many who upgraded from Tiger to Leopard (Mac OS X 10.5) discoverd that viritual private network (VPN) connections no longer worked. Changes in the new operating system broke many of the VPN clients. (Tiger also broke VPN clients when 10.4.0 was first released.) Leopard also contained bugs that affected file sharing and other types of networking as well. With upgrades by the third-party client VPN client vendors and by Apple, some of the VPN problems were fixed, but issues still remain.

This page contains descriptions and verifications of the problems, as well as workarounds and fixes, for several VPN clients for Mac OS X 10.5. (Which should relieve stress for the people experiencing the problems quicker than learning transcendental meditation mantras.)

VPN fixes in Apple Leopard updates

Mac OS X 10.5.4 Update. Thursday, July 3, 2008 -- Apple said that the 10.5.4 update improves reliability of the built-in L2TP VPN client and that 10.5.4 "addresses an issue that may result in a partially installed X11 application." Click for other cross-platform improvements of the 10.5.4 update.

Mac OS X 10.5.3 Update. Friday, May 30, 2008 -- Apple did not report any virtual private networking fixes with this update. Click for cross-platform improvements of the 10.5.3 update.

Mac OS X 10.5.2 Update. Wednesday, February 13, 2008 -- Apple did not report any virtual private networking fixes with this update. However, several readers reported that the 10.5.2 update caused problems with the Cisco VPN client. Click for cross-platform improvements of the 10.5.2 update.

Mac OS X 10.5.1 Update. Friday, November 16, 2007 -- Apple did not report any virtual private networking fixes with this update. Click for cross-platform improvements of the 10.5.1 update.

Mac OS X 10.5.0. Friday, October 26, 2007 -- Leopard's built-in VPN client added support for Cisco Group Filtering and DHCP over PPP, which Apple says "allows you to dynamically acquire additional configuration options such as static routes and search domains." Apple also claims that the Leopard VPN client has "increased compatibility with the most widely used VPN servers on the Internet." Click here for a complete list of cross-platform improvements in Leopard 10.5.0.


TIPS and Reports

EQUINUX VPN TRACKER

Some VPN clients incompatible with Leopard | Top of Page |

Monday, November 5, 2007

Equinux said that VPN Tracker 4, its universal virtual private network client, is not compatible with Mac OS 10.5. The company said it was entering a beta testing phase for a Leopard-compatible VPN Tracker 5 because it would not be able to patch version 4. Equinux is now accepting applications for beta testers at it's web site.

Readers also report that Check Point Software's VPN client for Mac is not compatible with Leopard 10.5.0 (see Checkpoint reports below).

Equinux redesigns VPN Tracker 5 for enhanced speed, security, and workgroup features -- and Leopard compatibility

Thursday, December 27, 2007

Equinux has released VPN Tracker 5, a new version of the universal IPSec-based virtual private network client for Mac OS X. The company has completely rewritten the software, offering an entirely new user interface, improved performance, a set of new workgroup features, and compatibility with Mac OS X 10.5 Leopard. (Previous versions of VPN Tracker are not compatible with Leopard.)

VPN Tracker 5's new user interface provides interactive help in configuring and making connections. VPN Tracker will scan the error log to suggest solutions to problems.

Equinux said that the new IPSec engine can establish VPN connections in one-third of the time of previous versions. Users can also now start and stop multiple VPN connections independently. New security features include support for SmartCards, PKI Tokens, and can storage of passwords and preshared keys in the Mac OS X Keychain.

VPN Tracker 5 is available in 3 versions:

  • VPN Tracker 5 Professional, which provides all features, including support for the AES-192 and AES-256 encryption algorithms. It also facilitates deployment on multiple workstations through the creation of disk images with the client. A voucher can automatically activate the client and e-mail a pre-configured connection file. Exported connections can be locked and encrypted.
  • VPN Tracker Personal is the standard for office users that want to securely connect to a company network over the Internet.
  • VPN Tracker Player connects to VPN connections that have been created and exported by VPN Tracker 5 Professional.

Current news on the MacWindows home page.

Comment below


CHECKPOINT SECURECLIENT

Monday, November 5, 2007

Reader Jean-Pierre Isbendjian reports that Check Point Software's VPN client for Mac is not compatible with Leopard 10.5.0:

As I was suspecting, Check Point Secureclient is not working with Leopard. Secureclient gets disabled once Leopard is installed and if you try to reinstall it, the installer will not install. I hope we won't have to wait 10 months or so as was the case when Tiger was issued.

IPSecuritas a replacement for CheckPoint VPN client in Leopard | Top of Page |

Friday, January 4, 2008

Michael Landewe recommends the Lobomoto's IPSecuritas virtual private network client for Mac for CheckPoint VPN users who want to upgrade to Leopard:

There are a lot of frustrated CheckPoint VPN users that cannot upgrade to Leopard because CheckPoint won't run. I recommend IPSecuritas to them. It has worked for me: 100 percent CheckPoint and Leopard compatible.

Current news on the MacWindows home page.

New CheckPoint VPN build works with Leopard

Tuesday, June 3, 2008

Jason Teplitz of CheckPoint writes about a new version of a CheckPoint virtual private network client:

The new CheckPoint Secure Client R56 HFA1 (now included with End Point SecureAccess) works well with 10.4-through-10.5.3. SNX works with all 10.4 and 10.5 should be coming by Q4. I am also using our new Full Disk Encryption product for OS X. It also supports the iPhone's built in L2TP client.

Checkpoint VPN malfunction inside of a virtual machine in Leopard

See below for this and other reports of VPN problems in virtual machines.

Current news on the MacWindows home page.

Comment below


JUNIPER NETWORKS SSL VPN

Juniper Networks SSL VPN client not working with Leopard | Top of Page |

Wednesday, November 7, 2007

Aaron Weis reports of another VPN client that is incompatible with Leopard. A workaround that was available for Tiger doesn't work with Leopard:

We use the Juniper SSL VPN at work. The small client applet ("Network Connect") is no longer compatible with Leopard. Worked perfectly under Tiger. There are hacks, which sometimes work, but these only work for a Tiger working install which has been upgraded to Leopard. There is no way to install and run Network Connect on a clean Leopard install. Evidently libssl.0.9.dylib and libcrypt.0.9.dylb libraries included in Leopard are PPC only versions, rather than Universal (as in Tiger)... whoops.

On Monday, we reported that Leopard is not compatible with two other VPN clients, Equinux' VPN Tracker and CheckPoint SecureClient.

Note that another reader noted this same .dylib error below.

If you've seen a VPN problem with Leopard

Juniper VPN client update fixes Leopard problem | Top of Page |

Monday, November 19, 2007

Brandon Edling reported that an update to the Juniper virtual private network Mac Client, Network Connect, fixes an incompatibility with Leopard:

This problem is only for Network Connect 5.5. As of 6.0r2, this problem has been fixed. Your VPN Administrator can get an update from Juniper, which will download automatically to the client when it connects and all will be well.

If you used Network Connect 6.0r2 with Leopard

Juniper VPN 6.0r2 may work in Leopard but is not the Leopard release

Wednesday, November 21, 2007

Phil Benware verified a previous reader report about the Juniper virtual private network client in Leopard, but with a caveat:

We've been testing Juniper Release 6.0r2 for about 2 weeks now. It does work with Leopard (10.5 and 10.5.1), and seems to work well, so far. The only problem is that supposedly this not Juniper's official Leopard supported version. What this means, as I've been told by our network admin, is that a later client/firmware patch could break Leopard connectivity.

TIP: Getting the Juniper VPN client to work with Leopard

Wednesday, December 5, 2007

Jaume Llardén Prieto commented on previous reports that the Juniper VPN client update (Network Connect 6.0r2) works with Leopard. It did work, but only after some manipulation:

I'm using NC 6.0r2 on a PowerBook G4 without any problems, but I had to install the DMG manually, as the automatic installation didn't work properly (either as administrator or with my user without admin rights). After that, double click the Network Connect icon in your Applications folder, type the complete URL of your secure gateway, log in and you're done.

Current news on the MacWindows home page.

Comment below


CISCO VPN CLIENT

Mac OS X 10.5.1 update fixes Cisco VPN problem | Top of Page |

Monday, November 19, 2007

Although we've had several reports of VPN clients not working with Leopard, Christopher Pearce is the first to report that the Cisco VPN Client for Mac OS X doesn't work with the first Leopard release. It does work, however, with the 10.5.1 update:

I could not get the Cisco VPN Client to recognize that my Leopard 10.5.0 Mac Book 2.2 GHz has a network connection. Hence it fails immediately with the message 'Cannot connect to VPN Subsystem'. Tiger has no problem with the VPN Client plus Remote Desktop connection to the Windows server at work.

With 10.5.1, it works!

If you've seen a problem with Leopard and the Cisco VPN Client for Mac OS X

TIP: Suggestion for Cisco VPN Client in Leopard

Wednesday, November 21, 2007

Steve Humiston offered a fix for Cisco VPN client problems in Leopard:

My suggestion for anyone with a Cisco issue is to reinstall the client (making sure it's the latest version AND Intel).

I have had both working since the beginning. After the upgrade to Leopard I did have to reinstall the VPN client as I got the same message but after the reinstall I was fine. At work I must use VPN to connect to various school systems. 10.5.1 did not break it at work or at home.

MacBook Pro and Mac Pro both confirmed working.

If you've tried this suggestion how it worked for you.

Reader verifies Leopard/Cisco VPN tip; new Cisco VPN client helps

Thursday, November 29, 2007

Ted August verified a previously reported fix for Cisco VPN client problems in Leopard:

I upgraded from 10.4.10 to 10.5, and, I had issues with both the Cisco VPN and Shimo after upgrading. However, re-installing both applications resolved all issues. In addition, Cisco has released a newer version of its VPN software. I've found this new version speeds up the connection process in Leopard.

Feedback on workarounds for Cisco VPN in Leopard

Wednesday, March 5, 2008

Several readers responded to Monday's report of two suggestions for dealing with Cisco VPN client problems with Mac OS X 10.5.2, or any OS X update. Most reported success, though one reader did not.

Dan Pearson has used both methods successfully:

The Cisco client is well known to be finicky (for all versions of OS X). I've used both these methods (re-install the client and use the terminal command to restart). In addition, if you get the error 51, you can frequently recover by just restarting the client, without the re-install.

So, while the client is easily tripped up by any change to the OS, it's also easily fixed.

Michael Wilmar had success with the terminal command:

David Graham's suggestion for the Cisco VPN Client Worked for me. The Graham suggestion I used was the Terminal command to restart the VPN Client. Using VPN Client 4.9.01 (0030)

Mark Polzin used the reinstall:

I was able to get the latest Cisco VPN client build working again by reinstalling the application after my upgrade to 10.5.2.

Vincent Philion still has the problem after reinstalling the Cisco client:

I completely removed the VPN client using the Cisco script (sudo / usr/local/bin/vpn_uninstall) and then reinstalled everything.

The problem remains the same. The VPN "link" is established, but I can't connect to Window shares or to VNC servers. From the VPN statistics, I can see that data is sent from my computer, but nothing is received from the VPN server.

Kevin Ledgister has a different experience:

In Leopard, the Cisco VPN works fine for me until I reboot, and then have to use the "sudo" command to restart it. I'm running the latest version of the VPN software. Cisco had this problem before with an earlier Mac OS X release (I don't remember) but later fixed it, only to be broken again after Leopard.

It may be because I upgraded to Leopard over an existing Tiger installation and had to reinstall the VPN client after the install. Those who are having no problems with it might want to clarify if your Leopard OS is an OEM install, clean install, or upgrade.

Readers says 10.5.2 update broke Cisco VPN client

Monday, February 25, 2008

Mark Polzin reports:

Updating to 10.5.2 has broken my Cisco VPN client software version 4.9.01 (0100)

Some readers reported Cisco VPN client problems with the first Leopard release, and we had a report that the 10.5.1 updated fixed the problem.

Also, a reader previously suggested reinstalling the Cisco VPN client after updating Leopard.

If you've seen this problem with 10.5.2

TIP: Suggestion for 10.5.2 Cisco VPN problems; more reports

Monday, March 3, 2008

A number of readers responded to last week's report about the Leopard 10.5.2 update breaking the Cisco VPN client. Some report seeing the problem, while other say 10.5.2 didn't cause a problem. David Graham believes that the Cisco VPN client tends to break with most OS X updates. (A belief that has some data to support it as documented on our archive of Cisco VPN client reports.) Graham also sent a couple of suggestions:

I've found the Cisco VPN client to be the least reliable VPN client I've ever used. In fact, I think it breaks during most updates, possibly because Cisco (a) doesn't bother to write a more modern launchd version, and/or (b) they put their StartupItem in the System/Library/StartupItems folder, which (unless I'm mistaken) is intended to be reserved for Apple software.

Usually reinstalling the software will fix the issue.

I've also found that if I get the all too frequent "Error 51: UNable to communicate with the VPN subsystem" I can get it going again with the following command:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

If you tried either of these suggestions

Vincent Philion has the problem with the same version of the client as previously reported:

Before 10.5.2 I could connect with my office, now I can't! I'm using vpnclient-darwin-4.9.01.0100-universal-k9. The Cisco client reports that I am "connected" but I can't access network shares, VNC servers, etc. This would be enough to convince my boss that I should switch back to Windows.

Ted Brown is not seeing the problem with this version:

As another data point, I'm using the same version of Cisco VPN (4.9.01 0100) as Mark Polzin. I'm running 10.5.2 on a Mac Book Pro and have no difficulties using the Cisco VPN client.

I started with a totally fresh 10.5.1 where I re-installed everything and used it awhile before upgrading to 10.5.2 when it was released.

Several readers also report no problem with an earlier version of the Cisco VPN Client, 4.9.01 0080:

Bryan Walls:

It didn't break mine. In fact, I did an install of MS Office 2008 yesterday from an installer mounted via Cisco VPN. It took several hours (!), but the install worked fine, and the VPN connection was solid. 4.9.01 (0080) definitely works okay for me. Haven't tried anything past that.

Asger Højland:

My cisco vpn client 4.9.01 (0080) works fine!

Michael Curtis:

Don't want to tempt fate, but I have seen no issues with the Cisco client in 10.5.2. I was using it all day yesterday, sadly.

Verification of 10.5.2 Cisco VPN connected-but-not-really problem

Tuesday, March 18, 2008

Huub van Oosten in the Netherlands is having the same problem previously reported with the Leopard 10.5.2 update and the Cisco VPN Client for Mac:

The same problem that Vincent Philion has with his VPN connection has been preventing me from connecting to a Windows 2003 server. It is precisely the same. The client reports to be connected but is really is not. Pinging the server shows its there, but as soon as I connect with the Cisco VPN client pinging results in a 100 percent packet loss. Don't know if my report will help but it gets the word around that there is something wrong with the way Leopard functions regarding VPN.

I've done everything conceivable, including reinstalling the client. It doesn't help. I've read tens or hundreds of threads in all kinds of likely forums, but there seems to be no solution. Tried installing different software, using Leopards own Network pane, adjusting settings here and there, as suggested by people. No change.

I really think that this is a communications problem that Leopard creates reading all of these messages on the net. Especially when they say that Tiger didn't pose a problem. I'm just a 'normal' user and I don't have the intricate knowledge of VPN and how it works to solve this on a technical scale.

If you've seen this

Verification of Terminal restart command fix for OS X 10.5.2/Cisco VPN problem

Tuesday, March 25, 2008

Tyron Yamaguchi had the problem with the Leopard 10.5.2 update breaking the Cisco VPN client. He verified that a suggestion to use a Unix command to restart the client:

Just wanted to let you know the restart command did the trick for me with the Cisco VPN client 4.9.01 (0100).

AppleScript fix for Leopard 10.5.2 Cisco VPN problem

Thursday, March 27, 2008

Eric Benfer sent us an AppleScript to fix the problems with Leopard 10.5.2 and the Cisco VPN client for Mac OS X:

I too have experienced the problem with Cisco VPN and 10.5.2. I am using the using vpnclient-darwin-4.9.01.0100-universal-k9.

I usually get the "Error 51: Unable to communicate with the VPN subsystem" when I switch network connections. Such as changing from wired to wireless. Running the CiscoVPN StartupItem fixes it for me. I wrote an AppleScript to automate the process for my users. Here is the code for the script for anyone who wants to build it themselves.

-- VPNClient First Aid.app
-- # Authored by: Eric Benfer 03/26/2008
-- When using 10.5.x and the Cisco VPNClient.app sometimes users may get an error when launching the VPNClient.app.
-- "Error 51: Unable to communicate with the VPN subsystem"
-- This AppleScript re-runs /System/Library/StartupItems/CiscoVPN/CiscoVPN restart. StartupItem.
--
do shell script "/System/Library/StartupItems/CiscoVPN/CiscoVPN restart" with administrator privileges

tell application "VPNClient"
    activate
end tell

tell application "VPNClient First Aid"
    activate
    set didItStart to display dialog "Did the Cisco VPNClient start successfully?" buttons {"Yes", "No"} default button {"Yes"} with icon 2 with title "Alert!"
    if button returned of didItStart is "No" then
        set restartYesNo to display dialog "This may require a restart to work properly.
Would you like to restart now?" buttons {"Yes", "No"} default button {"No"} with icon 2 with title "Alert!"
        if button returned of restartYesNo is "Yes" then
            tell application "Finder"
                restart
            end tell
        end if
        if button returned of restartYesNo is "No" then
            display dialog "You may need to restart to use the Cisco VPNClient.app."
        end if
    end if
    if button returned of didItStart is "Yes" then
        display dialog "Good, you should now be able to use the VPNClient.app." buttons {"OK"} default button {"OK"}
    end if
    
end tell

If you've used this tip how it worked.

Clarification on Cisco VPN AppleScript tip

Wednesday, July 16, 2008

A reader pointed out an issue with an AppleScript we posted as a fix for a Leopard problem with the Cisco VPN client for Mac OS X. He said that the script appears to be self-referential, calling to run itself in the script.

We asked the script author, Eric Benfer, for a clarification about the script, which is called VPNClient First Aid when compiled. He said that the purpose of the self reference is to bring VPNClient First Aid to the forground after attempting to reset the Cisco VPN Client. Benfer said:

I believe he is talking about this line:

tell application "VPNClient First Aid"
activate
set didItStart to display dialog "Did the Cisco VPNClient start successfully?" buttons {"Yes", "No"} default button {"Yes"} with icon 2 with title "Alert!"

Once the VPN subsystem has been reset the script starts the Cisco VPN Client. After it starts it brings the AppleScript back into the foreground to display a dialog box asking if the VPN client actually started. If it started all is good. If it did not start the script recommends a reboot.

The "activate" command is being used to make sure the user sees the dialog box that the AppleScript is displaying.

If you've tried Benfer's Applescript

Tip for Leopard Cisco VPN problem also works with Tiger

Sunday, April 14, 2008

Peter Baird verified a previously reported AppleScript solution for problems with the Cisco VPN Client for Mac OS X. However, he sees the problem with Tiger, not Leopard:

This Terminal restart you reported:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

This or reinstallation definitely worked for Error 51 problems under 10.4.x. I have not had this problem since 10.5 or 10.5.2 though. I'm using Cisco Client version 4.9.01 (0030), preconfigured with settings for corporate firewall.

TIP: Use simple mode for 10.5.2 Cisco VPN problems

Thursday, May 1, 2008

Kevin Ledgister verified a suggestion for problems with Leopard 10.5.2 and the Cisco VPN client. He also added a suggestion:

Using this command in the Terminal works:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

One other thing I found helpful is to run the VPN client in simple mode rather than advanced mode. I have far less Error -51's when I do that.

In March, a reader contributed an AppleScript that runs this Terminal command.

Replacing AirPort base station fixes reader problem with Cisco VPN Client, MS RDC

Monday, August 25, 2008

Jeff Titcombe replaced his AirPort Extreme base station with a non-Apple model and no longer has problems with his Cisco VPN connection:

I'm using Leopard 10.5.4 and every time I connect to my companies VPN using Cisco's VPN client I get kicked out of MS RDC or I can't login to my work PC. I had AirPort Extreme base station but I replacing it with a Netgear router and how everything works fine. I can connect to my work PC and corporate VPN network at that same time again.

If you've seen this

Reader's Cisco VPN client can't see certificate

Thursday, April 30, 2009

Ariel Ojeda reports a problem with the Cisco virtual private network client:

I am having a problem with the Cisco VPN client with my Mac. I am running OS X 10.5.6 and the Cisco client is 4.9.01 (100). I cannot get the client to see the certificate CA within the client.

If you've seen this problem

Another problem with Mac Cisco VPN and certificates

Tuesday, June 23, 2009

Ozgun Ataman confirms a previously reported problem with the Cisco VPN Mac client access to certificates:

I wanted the confirm the following problem: Although all certificates are visible under the keychain and the Cisco client itself, I cannot select them from the pull-down menu in the connection setup.

If you've seen this problem

Leopard problem, with VNC through Cisco VPN connection

Tuesday, June 30, 2009

Dennis Christopher can't get a VNC remote control to work on a Cisco virtual private network connection using Mac OS X 10.5.7:

I'm having a problem getting VNC to work thru the Cisco VPN client. I am running 10.5.7 and have downloaded the latest Mac client from Cisco. We have a Mac server at work that I can VNC into from the Finder, and it works fine. When I try it from my home environment (10.5.7), theconnection fails.

If you've seen this problem


Reader problem with Cisco VPN and OS X 10.5.7 | Top of Page |

Tuesday, July 21, 2009

Tomas Nemec has a problem with the Cisco VPN Mac client:

Hi, I cannot connect to my office network via a Cisco VPN Client 4.9.01 (0100) running on Mac OS X 10.5.7 (Intel) The only feasible way for me is to connect using Cisco VPN Client running inside my Virtual Windows machine.

If you've seen this issue

Reader says Cisco VPN can't resolve name on OS X 10.5.7

Wednesday, July 29, 2009

Robert Hudson confirmed a previous report of not being able to use the Cisco VPN client:

I'm seeing a similar problem as your other reader reported. With OS X 10.5.7 and the Cisco 4.9.01 I can't resolve names on the private network. If I know the IP address on the private network I can reach it, but I can't resolve the name. This has been working fine for me in the past so I don't know if it's related to 10.5.7 or not.

If you've seen this problem

Readers point to DNS for Cisco VPN Mac client problem

Monday, August 3, 2009

Two readers suggested that DNS issues may be the cause of problems with the Cisco VPN Client for Mac v.4.9.01 client not connecting and not resolving names. Specifically, Oliver Block suggests a Cisco feature called Split-DNS:

Perhaps the administrator of the VPN device disabled split-DNS. Split-DNS is a feature on Cisco devices that allows Cisco VPN Clients to use the DNS server specified by the VPN device for resolving names in certain domains that are specified by the VPN device, while still using the Cisco VPN Client workstation's default DNS server(s) to resolve names in all other domains. It sounds like Split-DNS is not working for Mr. Hudson, but without more information it's impossible to tell whether the problem lies on his workstation or the configuration of the Cisco device.

An anonymous reader also commented:

I can confirm this issue with 10.5.7 and Cisco 4.9.01. Could be a DNS issue of some sort. Name resolve seems to work thru VPN to the same Active Directory domain I'm a member of but not to an external network.

If you've seen this issue or can comment on Split-DNS

Error 51 with Cisco VPN, Leopard

Monday, August 10, 2009

Tod Wildason reports getting an Error 51 with the Cisco VPN Client since upgrading to Mac OS X 10.5.7. We've had several reports of this problem. Wildason writes:

Ever since upgrading to Leopard 10.5.7, I can't use the Cisco VPN Client 4.9.01 (0100) to connect to work. I keep getting the Error 51 message, which indicated that no network subsystem is up and had an IP connection for the VPN client to use. Each time I have a good connection and have tried it over wireless Ethernet, broadband cellular, and wired Ethernet. Seems to be a much more pervasive issues than just a software anomaly requiring a restart.

If you've seen this issue

Fixes for Cisco VPN Mac client error 51; Win 7 & Snow Leopard

Thursday, August 27, 2009

Readers have written in with solutions for a problem with the Cisco VPN client for Mac, where the client reports Error 51 and can't connect. Several readers reported that upgarding the client to version 4.9.01 (0180) fixes the problem. Another reader sent a link to a fix that recommends typing this command in Terminal:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

We also had a comment that the Cisco Mac client won't work in Mac OS X 10.6 Snow Leopard.

Rich Rose had some suggestions, and has a problem with Windows 7:

A re-install will sometimes resolve it at least temporarily. Otherwise restarting the Cisco kext (see this blog) will make it work without restarting, but you need admin access to do so. So far I'm running 4.9.01 (0180) with 10.5.8 without issue.

On a related note, I've discovered that Cisco doesn't support Windows 7 64 bit with the VPN client for Windows _ it simply won_t install. Can you or your readers suggest an alternative client for Cisco VPN concentrators?

If you can suggest a Cisco VPN client for Windows 7

Another reader suggested upgrading the client, and says that the Cisco client won't work in Snow Leopard:

I haven't seen this error at my site nor any of the other sites I work with, however I will point out that the 4.9.01 (0100) version of CiscoVPN is old -- the current one is the same version number, but the (0180) suffix. Came out in March or April of this year, IIRC.

Also note that the Cisco VPN Client will not be supported/functional under Mac OS X Snow Leopard (used to kernel panic the machine when booting up if the .kext's were installed, haven't tried under later seeds). I asked Cisco and was told that the only Mac VPN client that would be developed going forward was the AnyConnect VPN.

The good news is that Apple has integrated IPSec VPN into Snow Leopard (just like on the iPhone) and it work well, even where it's not supposed to (i.e. works on properly-configured 3005 concentrators and PIXes, not just ASA's, like AnyConnect is restricted to...)

Jerry Zeisler also found the Cisco update to work:

I too am having the same problem with the Cisco VPN. Just purchased Mac Air and installed the VPN downloaded from my company. Install was fine except that it didn't ask for passphrase. Then when it starts I get the error 51. I have since found that moving to version 4.9.01.0180 resolved my problem.

Peter Zimmermann sees the problem with Mac OS X 10.5.8:

Since upgrading to 10.5.8 I receive error 51 on my Cisco Client.

Cisco VPN Client split DNS problem an issue with Snow Leopard

Monday, August 31, 2009

Scott Roach reports that a problem that we reported with Leopard and the Cisco VPN Mac client Split DNS feature also occurs with Snow Leopard. He did some testing and reported his findings:

I can confirm that trying to use the Split DNS feature on the Cisco VPN Client (4.9.01.0180) will cause networking issues. The Split DNS feature is implemented on the VPN Device. I have verified that this is part of the problem by running some DNS queries and this is what I found.

My resolv.conf file is changed to the following: (Obviously these values are made up)

> domain workdomain.site.com
> search workdomain.site.com\
> nameserver 255.255.255.255
> nameserver 255.255.255.255

Now if I do a DNS query for workdomain.site.com (dig workdomain.site.com) I get the following error from the VPN Client:

> Split-DNS does not support TCP based domain name queries. Use UDP instead.

However if I run the same DNS query when I am disconnected it comes up just fine.

If you seen this issue

Reader problem with Leopard and Cisco VPN client not resolving IP addresses

Monday, November 30, 2009

Alex Cousins reports this problem:

I have this issue to with Cisco VPN client 4.9.0.1 (0100) and Mac OS X version 10.5.8. The network connection succeeds but the OS cannot resolve any host addresses. Even the ones associated with the VPN. They also do not appear in the netstat -r output.

If you've seen this issue

Current news on the MacWindows home page.

Comment below

New! CrossOver 9 runs Outlook, Office 2007 on a Mac--without Windows
Improved Outlook support, Quicken 2009, more Windows apps. Give your Mac ActiveX in Internet Explorer, launched directly from the Finder.
Starts at only $40 (Windows not required!) Free trial from CodeWeavers
.
Click here for more.

LEOPARD'S BUILT-IN VPN CLIENT

Workaround for Leopard VPN bug: .dylb libraries | Top of Page |

Wednesday, November 14, 2007

John Holley reports a bug with Leopard's virtual private network software, and a workaround. He refers to a finding that another reader reported regarding the Juniper VPN client, that certain files installed on Intel Macs are actually PowerPC files:

For those running into problems with Leopard, on Intel machines, only installing the PowerPC versions of libssl.0.9.dylib and libcrypt.0.9.dylb libraries and hence causes apps that rely on them to fail. You just need to grab the libraries off a 10.4.x [Intel] system e.g. a backup or a 10.4.x install disk, from /usr/lib and replace them on your 10.5.

This had been bugged to Apple during the betas of Leopard but they still shipped it with the PPC only version of the libraries.

If you've tried this workaround

TIP: How to replace the libssl.0.9.dylib and libcrypt.0.9.dylb files to fix the Leopard VPN bug

Monday, November 26, 2007

Readers have previously reported (here and here) that Leopard erroneously installs PowerPC versions of two files on Intel Macs. Andreas Gast reports having the Leopard's virtual private network problem with Mac OS X 10.5.1. We also answered Gasts question about how to replace the files. Gast said:

I have a new MBP that was running 10.4.11 and my PPTP VPN worked fine. I cloned my Tiger config to a backup drive, then completed a clean install of Leopard (Erase & Install) and applied the 10.5.1 update, ran repair permissions (got the slew of "ACL found but not expected" errors and the SUID ARDAgent error), but no VPN. I need PPTP VPN access for my corporate network.

How do I apply the replacement of the Intel 10.4 libssl.0.9.dylib and libcrypt.0.9.dylb libraries)? I can't seem to navigate to the needed /usr/lib directory on my HD or my Tiger Install Disk.

You can get to the normally invisible /usr/lib directory from the Finder using the Go to Folder command in the Go menu. In the field, type /usr/lib. This will open the Directory as a folder, showing you all of the files.

On the Tiger installation DVD, you can get to /usr/lib directly. Insert the DVD (don't reboot) and double-click to open. Scroll down to the usr folder and double-click to open. Then double click the lib folder. Switch the folder window to list view to find the libssl.0.9.dylib and libcrypt.0.9.dylb files. You can then copy them to the hard drive /usr/lib directory with a simple drag and drop.

Does this work for you?

More details on replacing .dylib files to fix Leopard VPN

Thursday, November 29, 2007

Andreas Gast took our advice on how to replace the libssl.0.9.dylib and libcrypt.0.9.dylb files to fix the Leopard VPN bug, and it fixed VPN for him. He sent us some additional information on the procedure.

Thanks for the details needed for me to successfully correct Leopard's VPN ills. In addition to replacing the two files with their Tiger (Intel) versions I needed a few additional steps to get it to work. I am now successfully reconnected into my corporate VPN network.

Here is what I did:

1. Copied and replaced libssl.0.9.dylib and libcrypt.0.9.dylb libraries on Leopard from my working Tiger 10.4.11 /usr/lib

2. Ran Leopard Disk Utility from Install Disk and repaired permissions twice to see that the replaced files were corrected

3. Launched Leopard, created a new location in Network Settings

4. Created LAN config and checked connection to the Internet without VPN

5. Created a new PPTP VPN connection and specified the needed corporate DNS servers and search domains

6. Set the Service Order (via command toggle next to add service) so that the VPN is first in the Service Order list. Note: VPN didn't work without this.

I have tested this with both my wired 100 Mbps Ethernet interface, as well as my 802.11N Airport connection, via my D-Link DIR-655 Gateway (with latest Firmware Update 1.10, 9/4/2007). As noted above in #6, the VPN didn't work until I changed it to be first in the Service Order list in Network settings. Now it works as it used to in Tiger.

I have noticed some other oddities in Leopards Network connectivity that appear to be a throwback to some of the early Tiger maintenance releases (or even earlier) in that I am now having DNS resolution issues bringing up popular internet locations (e.g. Google or Google/ IG) when I switch from wired to wireless configs until I ping the address using Network Utility, then DNS works fine and the site comes up in Safari 3.0 or FireFox 2.0.0.9. Also, my saved WPA2 Login settings aren't being pulled from my Keychain to access my home WiFi network, and my SSL certificates from my personal domain and POP email ISP aren't being saved in the system even though I have accepted them. Those are the next few things to tackle once I finish transferring the rest of my data and apps from my Tiger image clone.

If you've tried this

Current news on the MacWindows home page.

Comment below

Got Boot Camp? You need MacDrive 8

MacDrive 7 lets you access your Mac OS X partition, and all other Mac disks, from within Windows. Mac disks look and act like standard Windows disks. Windows apps can open and save files directly on Mac disks. Copy files between HFS/HFS+ Mac disks and NTFS or FAT32 disks.


BANANA VPN

Leopard problem with Banana VPN | Top of Page |

Monday, December 31, 2007

Peter van Rijn reports a problem with Leopard and the Banana virtual private network system:

I was reading your articles on Leopard not being compatible with some VPNs. I just signed up with Banana VPN and it works perfectly on PC. I loaded it on my new Mac with Leopard 10.5.1 and it worked for about 2 hours and now I can't get I to connect. It says something about not being able to negotiate with PPP.

Banana VPN problem reported with OS X 10.5.3

Friday, June 20, 2008

Amir Adib corroborated a previous report of problems with Leopard and Banana VPN, a web-based virtual private network service:

I've had a problem connecting to Banana VPN through Leopard. It works fine on my Windows PC, but I cannot connect on my Mac. It connects for nearly a minute, but then gets disconnected. On the network screen, you can see the outgoing traffic, but there is no receiving traffic. When it disconnects, you get a message saying "The connection was terminated by the communications device." I have a MacBook Pro running OS X 10.5.3.

If you've seen this problem

Another report of Leopard issue with BananaVPN

Thursday, February 19, 2009

Bob Hawkins is having problems using Leopard and Banana VPN, a web-based virtual private network service. Previous reports were with Mac OS X 10.5.3, but Hawkins is using 10.5.6:

I saw your post through searching Google for posts related to a problem that I have with OS X and BananaVPN. I cannot connect with BananaVPN in the same fashion as your post. I am using on OS X Leopard 10.5.6 and the connection drops after 1 minute.

I contacted Banana's support and they gave me a couple of things to try but with no success. I tried creating a new connection using L2TP/IPSEC but without success. The connection stays longer but the network diagnostics shows no ISP connection. I can see that I am sending a load of data but not receiving anything back.

If you've seen this problem

Banana VPN drops Mac connection

Thursday, April 30, 2009

Mike Smith reports a problem with the Banana virtual private network system. We've had previous reports about Banana and Leopard, but Smith has the problem with Tiger:

I have the same problem as a couple of your readers. I bought a Banana VPN yesterday and have a Mac with Tiger 10.4.11. I am able to connect for 1 minute before it drops. During that minute, no Internet works and I can't ping Google.

If you've seen this problem

Current news on the MacWindows home page.

Comment below

PCmover - Move Installed Programs to New Vista PC
Migrate from PC to Boot Camp -- Moves PC apps, files settings from your old PC to your Mac


IPSECURITAS VPN CLIENT

IPSecuritas VPN problem with Leopard 10.5.4 update

Friday, July 25, 2008

After updating Leopard to 10.5.4, John McCutcheon discovered that his IPSecuritas virtual private network client now longer works:

I use IPSecuritas on a MacBook Pro running Leopard to connect to my office PC running Windows XP using the MS Remote Desktop Connection (RDC) for Mac. It worked great until I installed the 10.5.4 update. When I tried to log on, IPSecuritas shows that my IPSec VPN is connected but I cannot ping anything on my remote network, nor can I connect via RDC. I know the remote network is O.K. because I can connect to it fine using PPTP VPN running on a WinXP machine and run Remote Desktop via PPTP VPN.

If you've seen this problem

Current news on the MacWindows home page.

Comment below


LEOPARD VPN MALFUNCTIONS INSIDE OF VIRTUAL MACHINES

Leopard VPN malfunctions inside of virtual machines | Top of Page |

Monday, November 19, 2007

Maksym Kortunov's Leopard virtual private network problems occur not in Mac OS X, but in Windows running in a virtual machine:

I've seen your note about VPN problems in Leopard at the MacWindows Leopard Tips and Reports page. I have a problem with VPN inside VMWare Fusion and Parallels. When I connect VPN in Windows on these virtual machines, it connects and stuck during user name and password checking. After some pause it says that the machine did not respond and do not establish the VPN. The same is in both Fusion and Parallels.

If you've seen this problem

TIP: Workaround for Leopard VPN malfunction inside of virtual machines

Wednesday, November 21, 2007

Alin Pilkington offered a workaround for Leopard problems with virtual private network connections in Windows in a virtual machine:

I've seen this problem also in Parallels. I believe this problem arises only after I try to connect from Leopard to the same VPN network that I connect to from XP while running Parallels.

I got around it by changing the Parallel Security Preferences (not Leopard; the Parallels application) to have the minimum security between Windows (I'm running XP by the way) and OS X.

Robin Jackson doesn't have the problem with the SonicWALL Windows VPN client:

SonicWALL seems to be working fine on my version of Parallels (latest Leopard compatible beta) and 10.5.1.

if this tip worked for you.

Reader fixes VPN-in-VM problem

Thursday, November 29, 2007

Maksym Kortunov solved his problem with getting a virtual private network connection within Parallels Desktop and VMware Fusion:

I just installed the most recent build version of Parallels [Build 5160] and it works now! I haven't tried reinstalling Fusion.

Last week, another reader suggested changing a security setting in Parallels.

Checkpoint VPN malfunction inside of a virtual machine in Leopard

Wednesday, December 19, 2007

Alejandro Lagar Salas is another reader reporting problems making a virtual private network client within a virtual machine in Leopard. This time, it's the CheckPoint SecureClient:

I have the same problem trying to connect in VMware Fusion with CheckPoint's SecureClient, it either gets stuck in the user name and password or it wont start running at all. I'm using Leopard on a MacBook Pro and Windows XP Professional in Fusion all installed in their latest versions.

Other readers have reported this problem with Leopard with both VMware and Parallels, and with other VPN clients. Our Leopard Reports page lists some workarounds to the problem.

If you've seen this problem

Another case of Leopard VPN malfunction within VM

Monday, December 31, 2007

Bruce Johnson is another user having problem getting a virtual private network connection from Windows running in a virtual machine in Leopard:

I'm having the same issue with a newly installed Leopard 10.5 on a MacBook. I had to apply the libssl and libcrypto fixes to get it working with our Windows PPTP server.

I get the long pause on "Verifying username and password" followed by an error 721 "The remote computer did not respond" using the shared Ethernet.

I get an immediate error 800 "Unable to establish a VPN connection" using the bridged Ethernet.

I'm not connected via VPN in OS X when I do this, and I installed Parallels via their download this morning, Build 5582.0.

Other readers have reported that the problem also occurs with VMware Fusion, only with Leopard, with different VPN clients.

If you know of a workaround

Another report of Checkpoint VPN problem in VMware

Wednesday, February 11, 2009

Luka Premelc has the problem of the CheckPoint virtual private networking client for Windows not working in a virtual machine:

I have the same problem you mention. I have latest MacBook Pro, Vmware Fusion with Win XP Virtual machine, Checkpoint Client with IKEY 2032 (for certificate). I don't have drivers for IKEY so I have to use Checkpoint in VMware Fusion. It's not working in BRIDGE or NAT mode.

If you are using CheckPoint VPN for Windows in a virtual machine on a Mac

Current news on the MacWindows home page.


Cisco VPN Client and Verizon EVDO USB Modem

Tuesday, July 22, 2008

Greg Stasko had problems getting a Cisco VPN connection through a Verizon EVDO USB Modem. He had better luck with Apple drivers instead of using the Verizon software:

I'd like to report success note to include in your Cisco discussions. For quite a while, I could not get my USB EVDO Modem from Verizon to work with the Cisco VPN client, 4.9.01 (0100). Tried restarting the Cisco software, reinstalling, different versions of the Cisco software, you name it. Playing with settings in the Verizon-provided software was equally unsuccessful. It wouldn't work.

Somehow, sometime, something changed and it began working! (I'm currently running 10.5.2) It may have been a coincidence with the rebuilding of my hard drive. Unfortunately, I can't definitively say what I did to get it working!

And I no longer use the Verizon-provided software. Apple provides drivers for at least Verizon's EVDO products, and I think others. When I plug in the modem, a new item is added to the menu bar which allows me to connect and disconnect.

The only possible glitch is my company says that I should be able to use a "split" network configuration. In those cases, corporate-bound traffic is supposed to go through the VPN connection, whereas other traffic can go directly to the destination OFF of the corporate network. Apple.com doesn't need to go through the corporate network, for example. Doesn't seem as though this is working. Not a biggy, but sometimes a problem. Like accessing local file shares at home, for example, while connected to the VPN.

If you've seen this issue Comment below

Current news on the MacWindows home page.

Comment below


TIP: Suggestion for SMB access over VPN in Leopard

Monday, January 19, 2009

Marc Leber offered a suggestion for dealing with problems connecting to an SMB share over a virtual private network (VPN) when using Connect to Server:

It seems many users are having an issue while trying to connect to a Windows share via VPN by using Command-K and entering smb://servername (or server IP address).

If it generates an error -36, then I suggest the user confirm their network subnet settings. For example, if you are trying to access a shared drive at work from your MacBook at home and both the work and home networks are running on the 192.168.0 subnet, the routing will not work and an error will be returned.

Simply change the subnet on your home network router to 192.168.1.x and then try to connect using command-K.

If you've tried this approach

Current news on the MacWindows home page.


Comments


Other MacWindows Departments

| Tips and Problem Reports | Product Solutions | News Archives | Site Map |
|
MacWindows Home |

| Top of Page |

Serving the cross-platform community since November 15, 1997.

This site created and maintained by
Copyright 2007-2009 John Rizzo. All rights reserved.