Snow Leopard Cisco VPN timeout

I am using the built-in Cisco IPSec VPN in Snow Leopard to connect to my company's server. My VPN connection times out after 1 hour regardless whether I am actively using (sending/retrieving information through the VPN).

Any help as to where I can change a setting to keep the connection alive longer or until I disconnect?

MacBook Pro 15" 2.16 gHz, 3GB RAM, Late-2006, Mac OS X (10.6.1)

Posted on Sep 16, 2009 11:20 AM

21 replies

Dec 15, 2009 5:24 AM in response to Niels P.

This workaround seems to work as advertised. Caveat: your phase 1 key will not change during the session, allowing attackers to launch a brute-force attack against it. Don't use it if you are paranoid. It's only for the lazy ones among us 🙂

http://simon.heimlicher.com/public/tips/macosx/cisco_vpn

Dec 15, 2009 10:50 AM in response to Sam Homerson

Thanks for the very informative link. I found the racoon config file in /etc/racoon when I was struggling with this a few weeks ago. I changed the suggested timer but it didn't have any effect on the problem. With hind sight I realise I didn't restart the task. duuuhhhh...

Just testing it now.

Dec 16, 2009 6:46 AM in response to prbarnard

The instructions as provided don't work for me. I tried a couple of things. Firstly I wondered if my problem was related to the final change suggested by Simon. With the new include added before include "/var/run/racoon/*.conf" ; the modified attribute in /etc/racoon/remote would get over written by Apple's auto generated configuration.

I changed the final two lines of the racoon.conf file to

include "/var/run/racoon/*.conf" ;
include "/etc/racoon/remote/*.conf" ;

This had an interesting effect. After about 45 minutes the VPN client showed itself still being connected but the underlying tunnel was not operational. A ping to a server on my network failed. So it looks like in my case there is something in the connection that is failing below the timeout suggested by Simon.

Dec 16, 2009 10:52 AM in response to prbarnard

OK finally have a VPN that stays up. I used the instructions from Simon's site. I needed to swap the order of the final two instructions as per my previous post. The final piece of the puzzle for me was to have a keep alive running. It looks like our network is configured to drop the connection if idle for a time. I never saw this with the CISCO client so maybe something was built in to that.

Anyway I have a ping -i 60 running to a server on our network and I have now had a stable VPN for over 4 hours.

If I set longer than 60 seconds then it still drops so there must be a race condition in there somewhere.

I'm happy that I have a functional work around though.

Dec 17, 2009 2:12 AM in response to prbarnard

Interesting. I proceeded as described on that page I mentioned and it worked immediately. In fact, if I switch the order around like you recommend it does not work.

I guess this weirdness could be avoided if we just commented out the line +include "/var/run/racoon/*.conf" ;+ but then the System Preferences settings would not have any effect anymore....

In my experience, it's crucial to keep the connection alive by some means. For testing I use ssh to connect to a server and then ran top, but I guess there must be better ways to keep the connection busy.

Mar 7, 2010 8:22 PM in response to Sam Homerson

I am experiencing the same issues with the built-in VPN (as well as a number of co-workers). It would be nice if this issue could be escalated to Apple for an immediate fix. Either that or I will have to go back to the Cisco supplied client to fix this.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Snow Leopard Cisco VPN timeout