Note that this blog post has been archived. Information may be out of date or incorrect.

Cisco VPN Client on Mac OS X 10.6+ - You don't need it!

My university provides us with VPN access, and the only supported way to connect to it is the Cisco VPN Client, which doesn’t work on any 64-bit Mac OS system though. If you still try to use it, you will most certainly be presented the following error:

Error 51 - unable to communicate with the subsystem

The Cisco VPN Client support is discontinued for good reason, though. As of Mac OS X 10.6, there is a built-in IPSec VPN feature, so you really don’t need any third party software anymore. And here’s how you use it:

  1. Open System Preferences > Network
    • You may need to click the “Unlock” button to make changes
  2. Click the plus sign above the lock button
    1. Select VPN in the Interface dropdown
    2. Choose Cisco IPSec as the VPN Type.
    3. Give it a descriptive “Service Name”
    4. Click “Create”

Now you’ve created a new VPN connection, but you still need to configure it. If you know all the necessary configuration parameters just go ahead an configure away. More probably though, you have a .pcf file which contains all the configuration. But don’t worry. First of all, open the .pcf configuration file in your favorite text editor. It should at least contain the following configuration parameters:

  • Host
  • GroupName
  • enc_GroupPwd

You’ll also need to know your username and password for the IPSec VPN. Enter the configuration value for “Host” into the “Server Address” field, and you username below it. Mac OS automatically prompts you for your password when connecting to the VPN.

Now click the Authentication Settings... button. Enter the “GroupName” found in the .pcf file into the “Group Name” field. Unfortunately you can’t directly copy the “enc_GroupPwd” into the “Shared Secret” field because it is “encrypted”. However, certain ways and means exist for getting the clear group password. Enter it into the “Shared Secret” field, and you’re done.

If I explained everything correctly, you should now be able to click the “Connect” button, to stop worrying about VPN configuration stuff and finally get back to work :)