erbmicha

the random braindump of a supergeek

erbmicha header image 2

How To: Cisco VPN with Snow Leopard & Lion & Mountain Lion via .pcf File

September 7th, 2009 · 138 Comments · Tutorial

Snow Leopard excitedly came out-of-the-box with support for Cisco IPsec VPN which is what a lot of companies use.

The problem came when I tried to connect to the VPN at work. We were using the Cisco VPN client before but it was a nightmare to keep working all the time and the lack of any good error messages made debugging the connection near impossible.

So I took some time to figure out how to use the .pcf file that was given to me by the Network Admin to work with Snow Leopard.

You’d think that you could just add the .pcf file to your Keychain Access application and have it pull the information from there, but you’d be wrong. It couldn’t possibly be that easy. So we have to do the following instead.

  1. Make a VPN connection in your Network Preferences pane. Be sure to choose “Cisco IPsec” for the VPN Type.
  2. Enter your VPN server and credentials into the VPN Network Preferences. This will be your VPN username and password that your Network Admin gave you.
  3. Open the .pcf file in a text editor. Copy the text from the ‘enc_GroupPwd’ field, paste it into the form on this web site: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode and click ‘decode!’. Select and copy the text next to ‘clear:’ and go to the next step.
    (Note: if there isn’t anything in ‘enc_GroupPwd’ but there is something in ‘GroupPwd’ they you can skip this step. Just copy the text from ‘GroupPwd’)
  4. Go back to the Network Preferences panel and click on the “Authentication Settings…” button. You’ll get a dialog that looks like this:
  5. Paste the text you copied from the decoding web site (or the ‘GroupPwd’ field of the .pcf file if you had that instead) into the ‘Shared Secret’ text box.
  6. Copy+Paste the text from the ‘GroupName’ field of the .pcf file into the ‘Group Name’ text box and click ‘OK’.
  7. Now you can try it out by clicking the ‘Connect’ button (and click ‘Apply’ if it asks which it probably will.)

Hopefully it all worked out. If not, there’s quite a few things that could go wrong. You could be entering in some other login credentials other than your VPN ones (typically, they are different than your workstation login credentials.) The .pcf file could be old. Etc, etc.

The best way to clear up any errors is to have a chat with your Network Admin and verify that you are using the right credentials and the .pcf file is the latest.

Anyway, hope that helped someone. Let me know if there were any problems.

Tags: ··

138 Comments so far ↓

Leave a Comment