jduncanmac

Q: Cisco IPSEC VPN not working after upgrade to Mavericks

I have been using the Cisco IPSEC VPN for almost 2 years with no issues. When I upgraded to Mavericks this week it stopped working. When i tell it to connect it prompts for password and attempts to connect for about 30 seconds then comes back with the following message...

 

VPN Connection

The negotiation with the VPN server failed. Verify the server address and try reconnecting.

 

The address, group, shared secret, user and password are correct. Any help would be greatly appreiated.

MacBook Air, OS X Mavericks (10.9)

Posted on Oct 25, 2013 6:40 AM

Close

Q: Cisco IPSEC VPN not working after upgrade to Mavericks

  • All replies
  • Helpful answers

  • by billcole,

    billcole billcole Oct 25, 2013 7:54 PM in response to jduncanmac
    Level 1 (39 points)
    Oct 25, 2013 7:54 PM in response to jduncanmac

    See https://discussions.apple.com/message/23466881#23466881

     

    Short version: if you have kernel parameters set to non-default values in /etc/sysctl.conf, particularly kern.ipc.maxsockbuf or anything else relating to networking or memory management, you should remove them. If you don't know of a specific reason to keep that file (which isn't present on a standard Apple install) you should probably just remove it, since Mavericks has a lot of low-level improvements and changes which are likely to have obviated some historical performance tweaks and made others harmful.

  • by felipe37,

    felipe37 felipe37 Nov 1, 2013 10:37 AM in response to billcole
    Level 1 (0 points)
    Nov 1, 2013 10:37 AM in response to billcole

    Didn't work to me.

    I don't have any specific configurations at /etc/sysctl.conf but Cisco VPN IPSEC still no working.

     

    I got the follow message: "The negotiation with the VPN server failed. Verify the server address and try reconnecting".

  • by Tony Greiner,

    Tony Greiner Tony Greiner Nov 9, 2013 7:20 AM in response to felipe37
    Level 1 (0 points)
    Nov 9, 2013 7:20 AM in response to felipe37

    I'm having the same issue with the same error message, "The negotiation with the VPN server failed. Verify the server address and try reconnecting".

     

    All my setting are the same as before the Mavericks update. I don't have an /etc/sysctl.conf but only  etc/syslog.conf.

  • by Tony Greiner,

    Tony Greiner Tony Greiner Nov 9, 2013 7:55 AM in response to Tony Greiner
    Level 1 (0 points)
    Nov 9, 2013 7:55 AM in response to Tony Greiner

    Must be related to the user account. I logged in under another account and VPN connection is perfect. Logged back in to the first account and same issue.

     

    Temp. work around: When connected to VPN under one account you can switch accounts and still be connected through the VPN.

  • by felipe37,

    felipe37 felipe37 Nov 18, 2013 4:11 AM in response to Tony Greiner
    Level 1 (0 points)
    Nov 18, 2013 4:11 AM in response to Tony Greiner

    Hi Tony,

     

    I did a new clean install and nothing has changed. I can't realize how changing user could fix it.

    Even after a clean install the problem still the same.

     

    I saw many users out there with the same problem and, sometimes, the VPN just works.

     

    http://packetpushers.net/cisco-vpn-breakage/

     

    The post above indicate to switch to Cisco Anyconnect VPN Client but you need a valid service contract user blah blah blah...

     

    http://software.cisco.com/download/release.html?mdfid=283000185&softwareid=28236 4313&release=3.1.04072&relind=AVAILABLE&rellifecycle=&reltype=latest

     

    I'll continue trying to find something and return to you guys

     

    [s]

  • by Tony Greiner,

    Tony Greiner Tony Greiner Nov 18, 2013 7:16 AM in response to felipe37
    Level 1 (0 points)
    Nov 18, 2013 7:16 AM in response to felipe37

    felipe37

    If you restored from a backup after the clean install you may have brought back a user level corruption in file preferences etc. Give it a try with a new user account, couldn't hurt and a pretty simple process.

     

    Good luck!

  • by felipe37,

    felipe37 felipe37 Nov 18, 2013 7:25 AM in response to Tony Greiner
    Level 1 (0 points)
    Nov 18, 2013 7:25 AM in response to Tony Greiner

    Hey Tony,

     

    I did that as soon as I read your message and I'm very grateful to you for being here trying to help.

    About de installation, after clean install, I didn't restore any backup.. so, it's all new.

     

    Thank you

  • by jpillossof,

    jpillossof jpillossof Nov 25, 2013 1:01 AM in response to jduncanmac
    Level 1 (0 points)
    Nov 25, 2013 1:01 AM in response to jduncanmac

    I have the same problem.

     

    When i tell it to connect it prompts for password and attempts to connect for about 30 seconds then comes back with the following message...

     

    VPN Connection

    The negotiation with the VPN server failed. Verify the server address and try reconnecting.

     

    All my setting are the same as before the Mavericks update. I don't have an /etc/sysctl.conf but only  etc/syslog.conf.

     

    Who can help?

  • by davedavedave.h,

    davedavedave.h davedavedave.h Nov 30, 2013 3:18 PM in response to jduncanmac
    Level 1 (0 points)
    Nov 30, 2013 3:18 PM in response to jduncanmac

    Hry, I'm not sure if this fixes the Cisco IPSec issue, but I can vouch for it fixing the L2TP issue that occurs after tha mavericks upgrade!

     

    I’ve got L2TP VPN working in Mavericks 10.9 and Server App 3.0.0 / 3.0.1.

     

    It really is quite a simple fix.

     

    Obviously, the standard caveats apply: This is a temporary, unsupported, workaround, and only a suggested idea at that. Again, this workaround is NOT supported by Apple.

     

    Proceed with this workaround on your own equipment at your own risk. And remember the golden rule: Always backup your data!

     

    OK so here goes… copy and paste the following into termini ONE LINE AT A TIME!

     

    cd /tmp
    curl -sO http://c5mart.co/mavericks-vpn-fix/racoon.tar.gz
    tar -xzvf racoon.tar.gz
    rm racoon.tar.gz
    sudo chown root:wheel racoon
    sudo chmod 555 racoon
    if [ ! -f /usr/sbin/racoon.mavericks ]; then sudo mv /usr/sbin/racoon /usr/sbin/racoon.mavericks; fi;
    sudo mv racoon /usr/sbin/racoon
    sudo killall racoon
    
    

     

    This works fine for me and I'm running a OSX Server for my entire office.

     

    …et voilà!

  • by Tsirakis,

    Tsirakis Tsirakis Jan 4, 2014 6:46 AM in response to jduncanmac
    Level 1 (0 points)
    Jan 4, 2014 6:46 AM in response to jduncanmac

    Hello,

     

    I had the same issue with my mac. We have a pix505 vpn and normally was working on windows and mac older than Mavericks. Today with the assistance of a friend we have finally the solution on that problem without using the native vpn client. The solution is to use vpnc with tuntaposx.

     

    First install these 2 with mac ports (as root):

    port install vpnc +hybrid_cert

    port install tuntaposx

     

    The credentials and the configuration is located in this file:

         /opt/local/etc/vpnc/default.conf

    and there is a sample structure of it

     

    Then each time you run (as root):

    kextload /opt/local/Library/Extensions/tap.kext

    kextload /opt/local/Library/Extensions/tun.kext

     

    In order to open the vpn connection (as root):

    vpnc

     

    In order to disconnect the vpn (as root):

    vpnc-disconnect

     

    I hope this helps.

  • by ZXE,

    ZXE ZXE Jan 5, 2014 12:53 AM in response to Tsirakis
    Level 1 (0 points)
    Jan 5, 2014 12:53 AM in response to Tsirakis

    Thanks Tsirakis, this works great! I wish Apple could patch up the usual way of doing this though. I don't usually hack my Mac this way, so there were a few twists to what you suggested, easy to figure out but I not them here anyway:

     

    It took me a while to update my MacPorts since it all got obsolete with the update to Mavericks. Another forum (http://stackoverflow.com/questions/19622337/cant-update-macports-with-mac-os-x-m avericks) suggested to do the following first:

     

    xcode-select --install

    xcodebuild -license

    Read through, then type "agree".

    port selfupdate

     

    I also a strange connection issue (ISAKMP_N_INVALID_EXCHANGE_TYPE), and I had to delete the "IKE Authmode" line from my /opt/local/etc/vpnc/default.conf as suggested here: http://www.gossamer-threads.com/lists/vpnc/devel/3719 .

     

    The connect command that works for me is also slightly different:

    vpnc --local-port 0