Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: cyberjunkyfreak
cyberjunkyfreak Author
User level: Level 1
54 points

OS X Mavericks VPN connection

Hello,


When using the default VPN (type Cisco IPsec), my VPN connection drops consistently about every 55 minutes after connection. I did not have this problem under OS X Mountain Lion, it only started after upgrading to Mavericks. I have since deleted the VPN connection (that had been created under Mountain Lion) and created a new VPN connection under Mavericks, and get the same results. I have also tried rebooting OS (one more time after the Mavericks update), and still same results. I can't stay connected to VPN for more than 55 minutes, the VPN connection drops and I have to reconnect for another 55 minutes, and so on and so on.


Any ideas?

Mac mini, OS X Mavericks (10.9)

Posted on Oct 23, 2013 11:43 AM

Reply
16 replies
User profile for user: Tim Shubitz
Tim Shubitz
User level: Level 1
24 points

Oct 28, 2013 2:35 PM in response to cyberjunkyfreak

Yeah, I've been finding more and more references to "VPN issues".


This problem doesn't appear to be just Cisco connections.


People using the OS X Server 10.9 VPN are having problems.


Cisco AnyConnect is having issues (and apparently is already a known problem by Cisco/Apple https://kb.wisc.edu/helpdesk/news.php?id=5167 ).


And as I stated, I use the Checkpoint Endpoint Security VPN software and have been having horrible connecitivity.


Other than this 10.9 has been a relatively good upgrade.


Anyway.



- mr. tim

Reply
User profile for user: cyberjunkyfreak
cyberjunkyfreak Author
User level: Level 1
54 points

Jan 24, 2014 4:26 AM in response to Jack Basen

I don't believe it's been fixed, however I was able to resolve the disconnect issue with the following workaround:


1. Create ‘/etc/racoon/remote’ directory as root:

# mkdir /etc/racoon/remote

2. Open VPN connection and then copy the VPN config file from '/var/run/racoon/*.conf’ to ‘/etc/racoon/remote’ directory:


# cp /var/run/racoon/1.1.1.1.conf /etc/racoon/remote/1.1.1.1.conf

3. Replace all ‘lifetime time 3600 sec” lines to ‘lifetime time 12 hours” and create a *backup file:


# sed -i.bak ’s/lifetime time 3600 sec/lifetime time 12 hours/‘ /etc/racoon/remote/*.conf


4. Add the following line ‘include “/etc/racoon/remote/*.conf” ;’ just above the last line 'include “var/run/racoon/*.conf” ;’ in the /etc/racoon/racoon.conf file:


# vi /etc/racoon/racoon.conf


include “/etc/racoon/remote/*.conf” ; <— add this line

include “var/run/racoon/*.conf” ;


5. *Create a backup file:


# cp /etc/racoon/racoon.conf /etc/racoon/racoon.conf.bak


6. Restart racoon:


# launchctl stop com.apple.racoon

# launchctl start com.apple.racoon



*The backup files are not necessary, however will help to slip them back into place if any future OS upgrade overwrites the custom racoon configuration files.




The above workaround has worked for me... hopefully it will work for you too?

Reply
User profile for user: cyberjunkyfreak
cyberjunkyfreak Author
User level: Level 1
54 points

Jan 24, 2014 1:27 PM in response to Jack Basen

Yes, thanks, it's always a good idea to backup any file before editting, i was just mentioning creating a backup of the editted files as a future OS update may include new .conf files (when I upgraded from 10.9 to 10.9.1 it had overwritten my editted configuration files and I had to recreate them). I'm going to add your suggestion to my "cheat sheet".


Glad to hear that the workaround works for you too, cheers!

Reply
User profile for user: kriss13
kriss13
User level: Level 1
4 points

Apr 2, 2014 4:09 PM in response to MattDriver

Notes (for noobs) for the cyberjunkyfreak solution:

- the file1.1.1.1.confis a generic one here, yours shoud have a real IP of the VPN server u are conecting to (like 192.168.44.55.conf) and apears only if you have a conection in progress.

-the comand sed -i.bak ’s/lifetime time 3600 sec/lifetime time 12 hours/‘ alwais gives me error.

-after open with vi editor, there is no instruction how to save.


Not everione knows comand line like pros (we all were stupid once, wright? 🙂)

Oh, after this solution VPN won't connect anymore 😝.

After I removed the path to the new custom config (include “/etc/racoon/remote/*.conf” )

I was abble to conect again.


Thanks anyway.

Reply
User profile for user: cyberjunkyfreak
cyberjunkyfreak Author
User level: Level 1
54 points

Apr 2, 2014 6:30 PM in response to kriss13

Hi kriss13, sorry to hear the workaround is not working for you. You are correct about the IP address, I just assumed that anybody rolling up their sleeves to dig into something like this would understand what I had meant. Thanks for the feedback, I'm going to update my "cheatsheet" with a side note regading the IP address. So what is the error that you are getting with the sed command? I'm wondering if maybe you are not typing the complete command?


# sed -i.bak ’s/lifetime time 3600 sec/lifetime time 12 hours/‘ /etc/racoon/remote/*.conf



Regarding the vi editor, the sequence to save your changes is to hold down the <Shift> and : (colon) keys at the same time, and when you get a colon prompt, then type "wq!" (without the quotes) to save the changes. Now, if you feel that you may have messed up somewhere, you can always quit out without saving your changes with the same <Shift> : sequence, only at the : prompt instead of "wq!", issue a "q!" (again, without quotes) and this will quit the vi editor without saving your changes.


Hi MattDriver, I'm not able to make this process any easier. Somebody out there could probably write a script, that's just not something that I could do at this time. I'd be willing to help you out though, if you have not yet found a workaround. Perhaps we could set up a time to chat, in realtime, and I could walk you thru the steps.

Reply
User profile for user: Brent Rossow
Brent Rossow
User level: Level 4
2,719 points

May 13, 2014 2:31 PM in response to cyberjunkyfreak

Thanks a MILLION for this! It's been a real thorn in my side. At work we upgraded our firewall at about the same time as I upgraded to 10.9 and I just assumed it was the firewall, since I'd never had problems previously. (IT guys either thought I was nuts or blamed my Internet connection; I'm sure my Internet connection is stable but not so sure about myself.) Haven't been connected to VPN for over an hour since making the changes described but have no reason to believe it won't work. Thanks again!

Reply
User profile for user: Brent Rossow
Brent Rossow
User level: Level 4
2,719 points

May 15, 2014 3:57 PM in response to cyberjunkyfreak

The 10.9.3 update released today says, "Improves the reliability of VPN connections using IPsec," but I can't find any indication of exactly what it "improves." Guess I'll try it and see if it has finally fixed this issue.


For what it's worth, I was connected to my VPN for over seven hours yesterday without issue thanks to the steps listed here. 🙂

Reply

OS X Mavericks VPN connection

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up