Mac OS X and Cisco VPN

VPN on Mac OS X (10.4 - Tiger, 10.5 - Leopard, 10.6 - Snow Leopard)


Supported versions:

  • 10.4 - Tiger PPC, Cisco IPsec Client, Cisco AnyConnect Client Version 2.5.x
  • 10.5 - Leopard PPC: Cisco IPsec Client, Cisco AnyConnect Client Version 2.5.x
  • 10.5 - Leopard Intel: Cisco IPsec Client, Cisco AnyConnect Client Version 3.x
  • 10.6 - Snow Leopard Intel: integrated IPsec Client, Cisco IPsec Client, Cisco AnyConnect Client Version 3..x
  • 10.7 - Lion Intel: integrated IPsecClient, Cisco AnyConnect Client Version 3.x


What about the built-in VPN client?

Up to and including 10.5: the client integrated in the Internet Connect program currently does not work on our VPN servers. The client supports the PPTP and L2TP protocols over IPsec, but not IPsec with the XAUTH extension that we use.

For 10.6 and higher Mac OS X has an integrated Cisco IPsec client. Instructions and configuration profile on the download page:

Problems after upgrading to 10.6 (Snow Leopard):

After the system update to 10.6, a previously installed Cisco IPsec VPN client does not work, and the error message (Error 51) appears. The client works again after deinstallation and then reinstallation of Version

You can find the new version of the IPsec client at the following link:

Error message: "A configuration error occurred. Verify your settings and try reconnecting"

This error message appears in systems that have not been restarted for a long time. This indicates that the "Racoon" process is hanging. Restarting the process in the Activity Monitor eliminates the problem without a need to restart the system.


Optionally, you can also input the following in a terminal window:

sudo killall racoon


sudo launchctl stop

sudo launchctl start

Uninstall IPsec client:

Do this by opening a terminal window so that you can enter commands. Enter in the Spotlight (magnifying glass at upper right) and start the program. A window opens. Enter the following in this window:

sudo vpn_uninstall

and then press the enter key.

You will then be asked for your password. Enter your login password.

The following dialog will appear:

Cisco Systems VPN Client Version Darwin uninstaller
Copyright (c) 1998-2001 Cisco Systems, Inc. All Rights Reserved.
Please review the license agreement found in license.txt
Are you certain that you wish to uninstall the Cisco VPN client?  [no]

Enter yes.

The next question that appears is:

Do you wish to remove all existing profiles and certificates? [no]

Press the return key unless you want to remove the client completely.

Then the following text appears:

- existing profiles and certificates will be preserved.
[ cleaning up installed files and directories... ]
==> removing : /private/opt/cisco-vpnclient/bin/vpnclient ( VPN dialer )
==> removing: /private/opt/cisco-vpnclient/bin/ipseclog ( VPN log viewer )
==> removing: /private/opt/cisco-vpnclient/bin/cvpnd ( VPN daemon )
==> removing: /private/opt/cisco-vpnclient/bin/cisco_cert_mgr ( VPN certificate manager )
==> removing: /private/opt/cisco-vpnclient/bin/
==> unloading NKE: /System/Library/StartupItems/CiscoVPN
Stopping Cisco Systems VPN Driver
kextunload: unload kext /System/Library/Extensions/CiscoVPN.kext succeeded
==> removing: /System/Library/StartupItems/CiscoVPN ( autostart feature )
==> removing: /System/Library/Extensions/CiscoVPN.kext ( IPSec NKE )
==> preserving: /etc/opt/cisco-vpnclient ( profiles, certificates, init files )
==> removing: /Library/Frameworks/cisco-vpnclient.framework ( VPNClient API)
==> removing: /private/opt/cisco-vpnclient/bin/vpn_uninstall ( VPN uninstaller )
Cisco Systems VPN client uninstall completed successfully.