Previous 1 2 3 Next 39 Replies Latest reply: Aug 9, 2014 7:51 AM by a18ion Go to original post
  • Frazzler Level 1 (0 points)

    And where does your VPN connect to?  It sounds like your VPN might be using a DNS service that doesn't recognise the internal URls, is the VPN you are using supplied by your University?

  • Nuno Barreto Level 1 (0 points)

    Sorry, can't really disclose what server it is. It's a ipSec connection, that was working no problem before with Lion. I have tried remaking the whole configuration, without success. It might be a whole different reason, but the fact is Mountain Lion broke my ipSec connection via racoon

  • Frazzler Level 1 (0 points)

    My question was directed to Greg Shaw not you

  • Nuno Barreto Level 1 (0 points)


  • Nuno Barreto Level 1 (0 points)

    I have found a solution that works for me. I just retrieved the executables racoon and racoonctl for lion (they are in /usr/sbin/), and replaced the mountain lion ones with those. For this version is clear that Apple has created a custom racoon that makes it mandatory for certificates to be installed in Keychain Access (it was not my case) and to have them given permission to use racoon.


    I didn't test what would happen if I installed the certificates in the Keychain Access because I don't have their password (don't ask, company policy), but I guess it would work.


    Note: This "solution" might make other VPN connections you might have with Keychain Access certificates not work.

  • thomas hk Level 1 (0 points)



    I do have the same problem with my new MBP retina display running Mountain lion



    The same vpn was working with my old MBP running Mountain lion as well


    Can not figure how to get it to work again an with out the vpn you lost in China


    I would most appreciate any help I can get



  • thomas hk Level 1 (0 points)

    i do get this

    The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.


    how can i change to IPSec?


    Thanks for any help



  • thomas hk Level 1 (0 points)

    Sorry all

    I was just too stupid I got it to work thank you

  • Frazzler Level 1 (0 points)

    Did you try granting the racoon app rights access to your certificate as outlined earlier in this thread?

  • yangsta Level 1 (0 points)

    I have tried doing this, but in Keychain Access I only see the two different types of passwords and not a certificate. One is a XAuth Password and the other is a Shared Secret. I try to go to 'my certificates' and it's empty after I have gone through the installer for my school's VPN. The other certificates I have are: Software signing,,, and Apple Code Signing Certification Authority. I have tried setting both those password Access Controls to allow by any application, but that didn't work. It starts out with allowing racoon anyway.

  • harpreed Level 1 (0 points)

    having the same problem.  When I try to connect via VPN (Cisco IPSEC), I get "the negotiation with the VPN server failed.  Verify the server address and try reconnecting."  When I follow your steps going into Keychain Access and change the access control to the private key, I get "The server certificate's identity is incorrect, contact your local network administrator."


    I used to use a Cisco VPN on Mountain Lion with no issues, and had never used the internal IPSEC vpn...

  • thetechnician Level 1 (0 points)

    Hi guys,


    I've been bashing my head and reading all available forums and am still bashing my head against a brick wall.


    We had people using Lion 10.7 with Cisco IPsec VPN and all of our server settings and shared secret worked without a hitch. One person has taken the leap and gone to Mountain Lion and it all went to shreds. I've had a look at the system log and this is what I get from when it tries to connect:



    9/17/12 1:35:09.064 PM configd[17]: IPSec connecting to server


    9/17/12 1:35:09.067 PM configd[17]: IPSec Phase1 starting.

    9/17/12 1:35:09.067 PM configd[17]: SCNC: start, triggered by System Preferen, type IPSec, status 0

    9/17/12 1:35:09.077 PM mDNSResponder[52]: Double NAT (external NAT gateway address is also a private RFC 1918 address)

    9/17/12 1:35:09.078 PM racoon[3369]: IPSec connecting to server

    9/17/12 1:35:09.078 PM racoon[3369]: Connecting.

    9/17/12 1:35:09.079 PM racoon[3369]: IPSec Phase1 started (Initiated by me).

    9/17/12 1:35:09.082 PM racoon[3369]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).

    9/17/12 1:35:09.121 PM racoon[3369]: IKEv1 Phase1 AUTH: failed. (Initiator, Aggressive-Mode Message 2).

    9/17/12 1:35:09.122 PM configd[17]: IPSec Controller: IKE FAILED. phase 2, assert 0

    9/17/12 1:35:09.122 PM racoon[3369]: IKE Packet: transmit success. (Information message).

    9/17/12 1:35:09.122 PM racoon[3369]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).

    9/17/12 1:35:09.122 PM racoon[3369]: IKE Packet: receive failed. (Initiator, Aggressive-Mode Message 2).

    9/17/12 1:35:09.122 PM configd[17]: IPSec disconnecting from server

    9/17/12 1:35:09.122 PM racoon[3369]: IPSec disconnecting from server

    9/17/12 1:35:09.125 PM racoon[3369]: IPSec disconnecting from server


    From this I gather that there is something up with IKE? Or perhaps that it is trying to go with aggressive mode (whereas we have static IPs) could be a problem?


    Can anyone help out with this at all?


    And also, is there a way to find out what version of the Cisco VPN client comes installed by default in Mac Lion 10.7 and which one comes in Mountain Lion? (Could the default settings have changed somewhere?)

  • Bestwick Level 1 (0 points)

    I have totally the same problem as after migration to Mountain Lion:


    VPN is working fine, but i still cannot access any internal portals or servers, except two (mail server, and MS communicator server).

    DNS are ok, all configs too.


    Do not know what else i can try. Spent all day to find the problem, but still no result

  • Bestwick Level 1 (0 points)

    I finally fixedit!


    So, what I did is:

    1. I went to and manually downloaded Lion update 10.8.2 (combo)

    2. Installed it

    3. Opened Keychain access, choosed category "all items" and entered in search my VPN name. Found my vpn configuration, opened it. Choosed "allow all applications to acces the item" in "Access control" menu from pop up, which appeared after double click on the VPN configuration.

    4. VPN works and all internal sites works fine as well.


    Now I will try to grant access to racoon only to avoid the security breach, when granting access to all apps.


    Good luck!


    But infact it is a bit frustrating, I really spent 4 days to get it work. Apple should do more testing before launching new updates or at least provide better support for bug-fixing.

  • Bestwick Level 1 (0 points)

    Well, I just did it. I granted access only to racoon and racoonconf to my vpn configuration in keychain access and after VPN restart everything worked fine.

    Tip: to find the racoon and racoonconf files in keychain browser window, when adding new apps, just type cmd-shift-g, and in the "go to folder" menu, which pop ups, enter the pass "/usr/sbin". There you will be able to find both racoon and racoonconf.