Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.6: Avoid issues with Cisco VPN and certificate-based login Apps
Snow Leopard only hintIf you are using the Cisco VPN Client in Snow Leopard, and you have to use a certificate to log in, make sure you store the certificate in the .pkcs12 format before you try to import it into the Cisco store.

The Cisco store does not recognize the normal Windows format of certificates (i.e. DanID). I find this out by coincidence, and now, everything works like a charm.
    •    
  • Currently 1.17 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (6 votes cast)
 
[13,913 views]  

10.6: Avoid issues with Cisco VPN and certificate-based login | 3 comments | Create New Account
Click here to return to the '10.6: Avoid issues with Cisco VPN and certificate-based login' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Avoid issues with Cisco VPN and certificate-based login
Authored by: tofergregg on Oct 28, '09 08:51:09AM

I'm still trying to figure out why my Cisco certificate-based VPN won't work with the built-in OS X VPN client. It works great on my iPhone, but not on my mac.



[ Reply to This | # ]
10.6: Avoid issues with Cisco VPN and certificate-based login
Authored by: kokaviel on Oct 28, '09 11:25:25AM

same. i get the generic error:

VPN Connection
Could not validate the server certificate. Verify your settings and try reconnecting.


In my console log:

10/28/09 1:23:06 PM racoon[3743] Connecting.
10/28/09 1:23:06 PM racoon[3743] IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
10/28/09 1:23:06 PM racoon[3743] IKEv1 Phase1 AUTH: failed. (Initiator, Aggressive-Mode Message 2).
10/28/09 1:23:06 PM racoon[3743] IKE Packet: transmit success. (Information message).
10/28/09 1:23:06 PM racoon[3743] IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
10/28/09 1:23:06 PM racoon[3743] IKE Packet: receive failed. (Initiator, Aggressive-Mode Message 2).





[ Reply to This | # ]
10.6: Avoid issues with Cisco VPN and certificate-based login
Authored by: p120ph37 on Nov 30, '10 02:06:05PM

I've been struggling with this issue for months now, and it's gotten particularly bad as of the 10.6.5 upgrade: the Cisco VPN client now causes a kernel panic for me daily!

Finally, out of frustration, I dug into the OSX source and fixed the issue myself.

You can find the fix here:
darwin-racoon-cisco-cert-fix on GitHub

Cheers!



[ Reply to This | # ]