Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.6: Save Cisco IPSec password in the Keychain' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Save Cisco IPSec password in the Keychain
Authored by: JaxMyers on Aug 28, '09 08:52:13AM

I can't find a IPSec XAuth Password entry in my keychain for my Cisco VPN in Snow Leopard. I only find the IPSec Shared Secret in my keychain.

When I connect it does not save my user password, it always says "server will prompt for password" and it does not create a keychain item for my user password (only the shared secret). Any idea how to get it to save my password?



[ Reply to This | # ]
10.6: Save Cisco IPSec password in the Keychain
Authored by: frogmella on Aug 28, '09 10:29:12AM
I believe this is defined by policy on the VPN server, and is a deliberate restriction put in by your network administrator. I have the same problem.

One way around this is to install vpnc as an alternative (see this hint, but I haven't tested if this works with Snow Leopard yet.

[ Reply to This | # ]
10.6: Save Cisco IPSec password in the Keychain
Authored by: JaxMyers on Aug 28, '09 12:15:23PM

I've been using Shimo for some time now as an alternative front end to the awful Cisco VPN GUI and it always remembers my password. Maybe I'll just keep using it now that it has been updated for Snow Leopard. I was kind of hoping to avoid installing any 3rd party VPN software and stick with Apple's built in VPN support though. I've noticed that the Leopard Cisco VPN implementation keeps asking me for my password every few hours which is a bit of a pain. Anyways, thanks for the reply.



[ Reply to This | # ]
10.6: Save Cisco IPSec password in the Keychain
Authored by: fold on Sep 06, '09 05:53:38PM

This isn't Apple's fault. The Cisco VPN Concentrator, PIX, or ASA to which you are connecting is probably configured to disable password saving. If the client software is designed to Cisco specs, nothing you do will enable it to save your password if the VPN server prohibits it.

The Cisco IPSec client in iPhone OS 2 was broken in such a way that it would save the password. This was fixed in iPhone OS 3, and the same fix seems to incorporated in the Mac OS 10.6 IPSec client.

Sorry to disappoint, but after all the whole point of VPN is private network security.

---
Chip Old
BCPL.NET Internet Services



[ Reply to This | # ]
10.6: Save Cisco IPSec password in the Keychain
Authored by: JaxMyers on Sep 08, '09 10:55:19AM

Just to let you know, Shimo will apparently ignore the server's request to always prompt the user for a password and use the password stored in the keychain. I guess this is technically a "bug" although I'm sure most Shimo users want to keep it that way.



[ Reply to This | # ]
10.6: Save Cisco IPSec password in the Keychain
Authored by: mfripp on Jan 11, '12 02:32:28PM
The hint above doesn't explain very well how to find the IPSec XAuth Password entry.

By default, Keychain Access only shows you your own keychain. If you click the expand button (triangle inside a square) at the bottom left corner of the Keychain Access window, you can show other keychains, including the System keychain. Once you're looking at the System keychain, the item you want has a Name matching your VPN, and its Kind is "IPSec XAuth Password". You can find it by sorting by Kind.

An easier alternative (from here) is simply to type "xauth" in the search box at the top right corner of the Keychain Access window. (This works even if you don't have the Keychain list expanded and aren't looking at the System keychain.)

Then you can follow the rest of the instructions above to allow configd to access the password.



[ Reply to This | # ]