Since the update to Big Sur Mac OS 11.0.1 VPN Cisco IPSec does not work anymore.
My VPN services created on the default system VPN Type Cisco IPSec still do connect, but afterwards there is no IP traffic possible. Not even pings to IP addresses are possible.
I've looked into potential firewall issues, re-created the services on Big Sur and checked from Catalina and iOS where the VPN entries are still working flawlessly.
Any ideas?
Best Regards
MacBook Pro 13″, macOS 10.14
Solved:
The problem is related to the Little Snitch version 5 Network Extension.
There is a bug in macOS Big Sur 11.0.1 where VPNs of type Cisco IPSec won’t work when a Network Extension is installed. This affects Little Snitch 5 (not older versions!) and many other products based on Network Extensions. The VPN will connect successfully, but no data is transferred.
The bug has been reported to Apple and will be fixed in macOS 11.1.
If you rely on this type of VPN, please consider installing Little Snitch 4.6, which is based on a Network Kernel Extension and is therefore not affected.
Solved:
The problem is related to the Little Snitch version 5 Network Extension.
There is a bug in macOS Big Sur 11.0.1 where VPNs of type Cisco IPSec won’t work when a Network Extension is installed. This affects Little Snitch 5 (not older versions!) and many other products based on Network Extensions. The VPN will connect successfully, but no data is transferred.
The bug has been reported to Apple and will be fixed in macOS 11.1.
If you rely on this type of VPN, please consider installing Little Snitch 4.6, which is based on a Network Kernel Extension and is therefore not affected.
Hi Tim,
yes I did that. I even created and successfully deployed a profile in Apple Configurator 2. All with same result.
I can successfully connect and afterwards no IP traffic can pass thru any route until I disconnect the VPN link.
Here are the most likely relevant console messages from racoon, neagent, nesessionmanager
racoon(40882) deny(1) system-privilege 10006
racoon none message must be encrypted, status 0x14a1, side 0
racoon sending vpn_control ike failed message - code=14 from=remote.
nesessionmanager Failed to load configuration with ID 5A9D0B7D-35BE-40F6-9A33-4F72D2F7DEE. nesessionmanager Failed to add a pending session request or failed to load session for 5A9D0B7D-35BE-40F6-9A33-4F72D2F7DEE5 (1), canceling new connection
I have the same problem. With Big Sur my VPN does not work anymore. My suggestion was that it could be a problem using the new version of Little Snitch (5.04) and VPN – but I'm not sure whether Little Snitch causes the problem.
Did you find a solution to geht the VPN working again?
Regards, Ulf
Have you tried removing and re-installing the VPN client / configuration?
Have you tried contacting Cisco to see if they have an updated client or to ask why your current client is not working?
Hi Bob,
Cisco is not involved here. It is the standard apple built-in VPN client connecting to AVM Fritz!Box routers. The de-facto standard DSL router type in Germany.
There is a workaround with Little Snitch 4.6, you'll find in the support segment of their website.
Alternatively, you'll wait for MacOS 11.1 which has it fixed generally.
Regards
VPN (Cisco IPSec)
