Cisco VPN. Need help !!!
 

Hi.
I need your help once more. I have installed the Cisco VPN client as always on my computers (Powermac G5) and wanted to connect to the network at my university. Then I noticed that the VPN client didn't work. It says always "Warning 201: The necessary VPN sub-system is not available. You can not connect to the remote VPN server."

What I already tried:
Reinstalled OS X Combo Update 10.3.8
Repaired disc permissions
Installed VPN client 4.0.5

the same with VPN client 4.6.0 release 45

Nothin helped! Please I must have this connection. Would be very nice if you could help me. Another thing is. I tried it with my Powerbook and there everything worked finde (same software same OS version).

This is a corrupted installation.
First, make sure to uninstall it properly:

1. go to Applications > Utilities > double-click Terminal
2. in the terminal window, type: cd /usr/local/bin and hit enter (this brings you up to the root of the user profiles)
3. type ls and hit enter
4. check if vpn_uninstall is in the list results
5. type sudo ./vpn_uninstall and hit enter
6. type in your admin password when prompted
7. type yes and hit enter (to confirm deletion of Client profiles)
8. type yes and hit enter
9. once the process has completed, the following confirmation is displayed: "Cisco Systems VPN client uninstall completed successfully."
10. type exit and hit enter to log you out of root user access
11. quit Terminal

Once that is done, disable any system security software such as Norton Internet Security, anti-virus, etc
After that re-install the Cisco 4.6 client and go to custom installl to make sure that all the parts of the installer are checked.
Make sure to install all parts to default locations
Once done, restart the computer
Try to connect

PS: if the problem still exists, send back your Mac OS version with your reply please.

This didn't help. I did all you said and the error still occures. The error message of VPN Client 4.6.0 R 45

Error 51: IPC socket allocation failed with error fffffffffffffffch. This is most likely due to the Cisco Systems, Inc. VPN Service not being started. Please start this service and try again.

I have Mac OS 10.3.8

Thanks for your help. I really appreciate this.

Its real odd that the service doesn't load...
So go to Console in the Utilities folder and then go to System log.
Click on Mark to set a reference point for you, and then try starting up your VPN client.
Post back whatever is writen after the mark in the log.
Also look in the ~/Library/Logs section under CrashReporter to see if anything comes up there for the Cisco client. post that back too.
We'll try to go from the logs to see why your Cisco is not loading the sub-system.

here is the console log:

===== Wed Feb 23 2005 ===== 20:24:16 Europe/Zurich =====
Privilege Separation: unable to drop privileges.

There is nothing about VPN in the ~/Library/Logs folder

The Console log does not indicate much, which is why I was not asking for it... But nothing gets writen to the System log when you try to connect ? That would be extremely odd...

No... nothing is writtenin the System log. I already looked at this the first time.

So... I have to go to bed now. I will look tomorrow again in this forum. Would be nice if we could solve this problem.

Any one know how to make sure that his System log actually logs the information ?

Ok... I'm here again. Still no idea?

The problem right now is that, without knowing what is preventing the VPN from startingup... But in any event I would like you to try and repair permissions for your boot drive in Disk Utility. Try your Cisco again after that.

I did this already many times. Also no change and there was nothing repaird concerning the VPN client.

No more ideas?

Comeon... someone must have an idea. I googled and found that I'm not the only one with this problem. But nobody has solved it.

The whole problem here is that it looks like something on your system is preventing your vpn processes to even start properly. And with no system log (or in your case not much seens to get logged anywhere from what I understand), its near impossible to just guess the issue.
We can always try this: can you list all system mods, pref panes, anything basically thats not from one of the big software companies that is installed on your computer. Also, look in the Activity monitor (in Utilities), and making sure that "All processes" is selected go to the File menu and click on Print. Choose Save as pdf, make sure to not hide extension, then post that pdf here so we can look at the list of processes and maybe (a very big maybe) it may lead some where... But I would look into the "no logs" issue as well.
Can you try to do the following in the Terminal

Does it still bring up a blank page or somethig thats old or is it blank ?

Here are my system "mods":
Logitech control panel
ATI Displays
Little Snitch
Share Points

The system.log isn't emtpy at all, but there is nothing special about VPN. I search through it and there are only my manual activations of the VPN subsystem (which helped nothing).

The activity monitor pdf is in this post. Hope you will find something :rolleyes:

Even if it does not appear to concern VPN, please post the system log... Do a mark, and then start your VPN client... after the error, just send what ever came up after that mark...Anything can help.

When I sart the vpn client there is really nothing added to system.log
I tried with system preferences and there were things added to system.log.... so the system.log file gets updated.

BSD subsystem installed? It seems at least the earlier cisco clients needed it.

Hugh

If I were you, I would start by yanking little Snitch completely, not just turn it off, yank or unload the kext and kill any associated process.
As it messes with the network at a pretty low level, I'd just not want to have it around while debugging hairy vpn stuff.

Well, not sure how out of line this is, but I use the vpn 5000 client and it doesn't work by default either on 10.3. I had to find a page listing proper ownership and permission settings.

A quick search on google turned up this faq page... hope it helps

cisco faq

Ok. I reinstalled BSD subsystem turned off Little Snicht and I'm testig it again. I also looked at the permissions of the kext file. Everything done. I'll triy it now.

Ok... nothing helped. Sorry. I just can't imagine why the hell this isn't working. On my Powerbook I have exactly the same software including Little snicht etc... there everything works fine. I'm beginning to think that it might be something in the system. Maybe only a reinstall of panther could solve the problem...what do you think? But then I'll wait for Tiger.

Is this the end of further ideas? :-)

The Powerbook has a 32 bit proc, the G5 has a 64. Perhaps the VPN software uses some very low (assembly) level number crunching to authenticate? Have you checked with Cisco about this possibility?

Interesting idea... I'll have a look

nothing specially found about powermac g5...

Real sure there is nothing as we use the Cisco VPN client extensively here and have lots of users on G5s... You would have seen posts by me on that issue before if that was the case :D lolll
Personnaly I'm stil stomped by the fact that nothign gets loged when Leaf tries to start the client...
At this point I personally would try an Archive and install on the system to see if it will then run.

Our university uses the 4.0.5 client and I often see this error when there is no network connection. Can you provide us the details of how you are connecting to your network first?

:( Forgot that the VPN client process doesn't work if your not connected !
Just didn't think about that...

I'm connected through Airport to an Airport Extreme Base station. Since I also have my Powerbook on this WLAN (and there VPN works fine) it is not an issue with my Network (I think so....)

Try moving Airport to the top of your adapter list when you show network port configurations in the Network preference panel. (you might have to restart after this)

It is and has always been at the top of the list :-(.

Strange. Will poke around w/ a few clients today. And see if I can replicate it. :)

That's very kind of you. I hope we will find something :-)

Can you check in the /Library/Receipts folder adn make sure that the following are there:
vpnclient-.api.pkg
vpnclient-bin.pkg
vpnclient-gui-pkg
vpnclient-kext.pkg
vpnclient-profiles.pkg
vpnclient-startup.pkg

And then maybe try to reinstall the kext one, restart then try the client again.

Juust though of something... Have anything such as Norton System Works ? Internet Security ? Also, did you disable your anti-virus while you installed ? If you had not one that, try disabling the anti-virus and any other third party items and then installing it.

As I already said. I'm not running a Norton System works or Antivirus... Nothing. Just Little snitch and that's it. But little snitch can't be the reason. I can't just reinstall the kext file (said the installer)

Sorry--

Haven't been able to duplicate it on any of my machines. The next time I assist a user with the problem, I will note what happens.

not sure if vpn is anything like remote control or VNC....but shut off the service in shared for remote desktop....then start vpn....i can't use vnc when remote desktop service is running....maybe it's something like that.

VPN is a way to create a secure virtual network. Essentially, once you establish a VPN connection, your host appears to be part of a different network (normally the network the VPN server is on). Coorperations and Education use VPN clients to protect resources within their network.

In a nutshell that is...

Okay--

Just dealt with an iBook G4 using the Cisco VPN 4.0.5 on 10.3.7. User is connecting to our wireless network, but was not grabbing an IP address and was using the self assigned 169...

She was getting the same exact error message: When I reconfigured her machine to properly connect and receive a proper IP the VPN worked fine. To double check the error, I turned airport off (no other ports were active) and tried to connect through the VPN. The 201 Warning reappeared. Turned airport back on and the error went away.

I can only think of three things:

1. You don't have a valid net connection.
2. The VPN client is looking at an adapter other than your airport adaptor (I believe you said you were connecting via airport, no?)
3. Some utility is blocking the VPN from using the proper adapter.

Can you give us the specifics of your network setup and the configuration of your machine?

Powermac G5 with Lan and Airport. Lan isn't connected to the computer. I have all services disabled and I am not running any system mods. My internet connection is fine. I always get the right IP's from my basestation.

i know you said no services are running....umm how about the firewall that is built into OSX. I am sure I am not helping but these problems are always something corny that you tend to overlook, good luck man, i know how frustraiting it is to not have software work the way you want it to.

Firewall is/was deactivated

Could you try, just for the sake of it, to go to Network Port Configuration in the Network pref pane and take the check marks off allt he itnerfaces but your Airport ? I've had occasions wehre for some reason VPN would "stick" to a specific interface and not even check the others.
Also, did you try to connect to VPN with a wired connection ?

:-) I already have only Airport in network settings enabled. Wired connection is impossible. The modem is to far from this room away. And taking the whole computer over there isn't very amusing... ;-)

Leaf,

To sum up your issue, you click on the CiscoVPN client and instead of getting an app that bounces and opens, you get an annoying message that includes the fffffffffffffffch error and you never get a chance for a configuration. Is this correct?

What happens when you call upon the binary from its location?

cd /System/Library/StartUpItems/CiscoVPN

$ pwd
/System/Library/StartUpItems/CiscoVPN

then call it...
$ sudo ./CiscoVPN start

What happens/what is the error?

My guess is that you are getting an extension error loading CiscoVPN.kext.


-tombou

tombou, I'm having exactly the same issue as leaf. For about three months I was using 10.3.8 and VPN client worked fine. I upgraded to 10.4 couple of days ago, and now it gives me that error. I removed vpn client and reinstalled it, same results.

I ran ./CiscoVPN from that location like you explained and I get as you predicted:

kextload: kld_load_from_memory() failed for module /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN
kextload: a link/load error occured for kernel extension /System/Library/Extensions/CiscoVPN.kext
load failed for extension /System/Library/Extensions/CiscoVPN.kext
(run kextload with -t for diagnostic output)

Do you know how to fix this?

Hi. I just installed Panther on my G5 (fresh installation) and tried VPN once again. And there was the exact same error like roman7927 posted. Please. We need serious help.... Is it the G5 architecture??

another VPN story, and a potential culprit (?)
 

About a year ago I was having the same problem as the original poster (or at least I was getting the same error message).

I generally use cisco's VPN client to access my University's network from home -- at some point I had configured Mac OS X's built in VPN program (accessed from within Internet Connect) as an experiment.

In retrospect, I believe that this is when my problems started with cisco's VPN.

The symptoms were (to the best of my recollection) ...
Boot computer, launch macs VPN and try to connect, university rejects. If I quit Macs VPN and then launch Cisco's VPN, I would get the "Warning 201: necessary VPN sub-system is not available." If I restarted the computer and then launched Cisco's VPN, I could connect.

Similarly, boot computer, launch OS X's mail program to access my university mail account it would fail (university requires vpn). If I subsequently try to launch cisco VPN, I get the "Warning 201". If I reboot, launch Cisco vpn, and then launch mail -- everthing connects correctly. Perhaps mail tries to use the bulit in VPN if cisco vpn is not already up and running?

There is something about macs VPN that my university system does not like and somehow my mac was "remembering" (I do not know how else to describe it) whatever settings that led to the original rejection the only way to clear the problem generated by the initial connection attempt is to reboot.

I never did completely figure it out.
Good Luck.

-- Shawn

I'm still looking for a solution.... :-(

Roman and Leaf,

No, I dont know how to fix it. I have had this problem with Tiger since the WWDC pre-release. I am still on a pre-release (8a425) and it is still an issue. This machine is a 1.5 17" PowerBook, so I am afraid that this is not a G5 issue.

I will need a solution soon as I need to support customers that have to use the VPN to get their work done. Hopefully Cisco can fix this before 10.4 hits the shelves.

I wish my problem was associated with the built in VPN the same way that Shawns (SHWC) is. I had problems without trying to use the built in solution. Thanks for that lead Shawn. This may have to do with the 'New and Improved' integrated VPN.

-tombou

I just realized the same. It's a VPN <-> Tiger problem. I hope they will fix it soon. Thanks for all your help!

error 51
 

Hi,

I was stuggling with the Error 51 message for some time and eventually
tracked it down to being a lack of ethernet connection.

Cisco pegs mid-may as a release time for a Tiger-workable VPN client.

Thanks for looking into this and updating us.

Crap...wish I had read this thread before I upgraded my Powerbook to Tiger this morning :(

Having the same problem. Was working fine with 10.3.9, now, nothin'. Oh well...guess I'll just have to wait for Cisco to update the software.

Yeah, this is pretty annoying. I had opened a TAC case about it earlier this week and had a pretty lengthy conversation with Cisco about it. I know they knew about it because I had submitted an Apple Bug Report on it (which was closed as a duplicate bug report). So let's hope we have no major issues on the office network between now and "mid-May" or we could find a lot of people driving their happy butts into the office and strange hours.

NO CISCO VPN for TIGER!
 

I already posted this issue Thursday night, but it seems that someone removed the posting.

There currently is no support for the Cisco VPN client, development has told me that they are working on a release and expect to have one soon. Keep checking CISCO's website for updates.

http://www.cisco.com/en/US/products/...0802e049d.html

If anybody has a solution to this problem or any latest info, would you kindly post it here please !

Many Thanks,
Alex

Unfortunately, the only solution is to wait for Cisco to release a Tiger compatible version of their client. No news yet on an exact date.

4.6.03.0160 is here... link to versiontracker.com
 

OK,

It seems to be here... I will try it out on Monday...



http://www.versiontracker.com/dyn/moreinfo/macosx/12696

"Product Description:
Simple to deploy and operate, the Cisco VPN Client enables customers to establish secure, end-to-end encrypted tunnels to Cisco remote access VPN devices supporting the Unified Client Framework. This thin design, IPSec implementation is available via Cisco.com for use with any Cisco central site remote access VPN product and is included free of charge with the Cisco VPN 3000 Concentrator. The client can be pre-configured for mass deployments and initial logins require very little user intervention. VPN access policies and configurations are downloaded from the central gateway and pushed to the client when a connection is established, allowing simple deployment and management as well as high scalability. The Cisco VPN Client provides support for Windows 98, ME, NT 4.0, 2000, XP, Mac OS X, Linux Intel and Solaris UltraSparc.
Software also available from:
http://www.cisco.com

Login | Technical Support | Software Center | VPN Software | VPN Client | Download
User must have SmartNET login with Encryption entitlement to access software.

What's new in this version:
Support for Mac OS X 10.4 (Tiger)"


-tombou

link?
 

Hi! Is it possible for anybody to provide a link to somewhere other than cisco? You need a login name and password, and that's something I don't have. :-(

If not, can somebody maybe provide a filename so I can search for it?


Thanks!!!

Cisco SW
 

Wiz,

To the best of my knowledge, Cisco tightly controls access to all of their binaries. You need to have the Cisco login, otherwise VersionTracker would have provided the direct link to the download. Sorry, that I am not of much help. :(

good luck!

-tombou

More problems...
 

Hi!

Well, thank you for the reply. The VPN Admin was able to download the client and email it to me yesterday. However, I am still unable to connect to the vpn server....sort of. I'm able to connect to it and it does prompt for my password and accepts it. However, once I'm fully connected, I'm unable to get to anything at work. It's as if the packets aren't being routed through the vpn client. I hope others have better luck at it than I did!


Thanks!

Current release is single proc only
 

It is stated on the download page that this release is

"At present, only compatible with single processor configurations"


Wiz, what is your HW configuration? If you have a shiney new dual g5, then that is probably the issue that you are running into.

I am just glad that they did a simple fix so that at least some Tiger users can utilize the VPN. Hopefully, we can see the full update soon.

-tombou

Ouch!
 

Wiz,

After reviewing the the user reports from versiontracker, I am very reluctant to advise any of my customers to use this latest release. Since, I usually live on the bleeding edge, I will attempt to use the vpn at work tomorrow.

Since you are already there, we can attempt to figure out what is going on with your machine.

You can try this matter. I'd success with this if you keep previous version.
This release looks incomplete version, it cannot create secure session and
hang.. must force quit and I figure out GUI has bug... So I decide to use old GUI
but new VPN Kernel. and I try follow and it Success... to connect VPN Server...

1. Uninstall all Cisco VPN Client,and install Previous (I did 4.6.02.0023)
2. Install 4.6.03.0160, select target and choose Customize option.
3. De-select vpnclient-gui(Skip this upgrade) and reboot.

This mean you still use previous VPN GUI with New VPN Kernel.
I think it's only way to make work until CISCO release New version

still no luck
 

Hi!

I have a PB (single processor) g4 box that I'm trying to do the install on. I have tried the instructions from the previous user (uninstalled the cisco vpn, installed the old version, then the new but deselect the GUI), but the same problems still exist. If I go into the "statistics" once I'm connected, I do not receive an IP address, there is nothing that is being routed, everything is 0'ed out... Same problems as before...

I spoke with the vpn admin who also runs on a mac os pb g4, and he's having the same exact problems as I am. However, we gave the client to another user to test, and he said that he was able to get it to work. When I installed Tiger, I did a fresh install; the vpn admin did an upgrade. Both of us have the same symtoms.

Does anybody know if there's another way to uninstall the VPN client rather than drag and drop to the trash? That's the way that I did, and it seems like it still keeps my previous settings (profiles), and the installs always say "upgrade" as opposed to "install fresh copy". I'm wondering if that may have something to do with it...


Thanks!

it is same symtoms I tried firsttime, if your current version of CISCO VPN Cluient GUI
version show 4.6.03.0160 try replace old version. between versin 4 above.

This may sound stupid, but we gotta eliminate all possibilites.

In my previous job I used Cisco's VPN software too. I used it with 10.3.8.

I used to get that message whenever I did not have the mac connected to any network. This means, I didn't have an ethernet cable connected or the Airport was turned off...i.e. no network address associated with a physical adapter. Once I turned airport on or connected an ethernet cable the error would go away.

Check that..

Maybe stupid.. but CISCO VPN Client will give same error whatever, if the network
connection is not active..
But on Tiger, Cisco will not work at the moment this article has release sometime ago.. For between 10.3.x and 10.4.x kernel is very different... even security feature,

This cause MS Virtual PC's virtual switch and cisco VPN client will not woork..
Cisco has release new version even not working properly, but MS not sure yet..

Cheers....

If anybody is interested, we were able to get the cisco vpn client to work with tiger over here. What was the problem? The VPN Administrator had no "domain" entry in the vpn server. Once he filled in this box, then the tiger vpn client worked fine!

Cisco VPN Client 4.6 is working fine for me under Tiger 10.4.2. However, curiously, the installation process created a VISIBLE 'opt' directory at the root level of my hard disk. Anyone else noticed this? I used FileBuddy to make the directory invisible and VPN Client continued to work.

Thread Tag On
 

Not specific to the above, but I am having a different Cisco VPN issue. I have been successfully connecting to Windows 2000 server at work for many moons. Recently, found that I can still connect, but there is no data received inbound. The display on the VPN client (v. 4.6.03) shows 0 bytes in, and many bytes out.

Entourage (v. 11) reads this as not connected, apparently since it cannot get a reply to a server check. Therefore, I can no longer check or send mail through the Exchange account at work.

I have no idea how this happened. The System.log says the following when launching, connecting, then disconnecting the VPN client:

The bit that looks suspicious is the abnormal exiting for the lookupd / launchd routines. Any translation of what that means? Suggestions for further troubleshooting? I did not change any of the connection settings in the VPN client, but, I guess, changed something that affected it. Any help appreciated.

P.S. I also ran a log of the VPN session, but it is all geek to me. If that is helpful, let me know and I will post it.

Is your firewall turned on?

Nope. It is off.

Next question? Could it be some setting on the DSL router? I played with that a bit to enable SSH from work to my home computer, but that is all.

I believe you need to have port 500 traffic forwarded to your Mac through the router. It's firewall is probably blocking your inbound traffic.

OK. Well, any hints on how to do that? My scroll through the DSL menus showed no obvious place to do that.

One other clue: When the VPN is 'connected' I get no web download access. When I disconnect it, the web pages load up like normal. Seems like the VPN is blocking a port that Safari needs. Does that help? I don't ever recall any kind of conflict like that in the past.

The way a VPN works is that it sends ALL network traffic through it's secure tunnel on a specific port. In this case, since it's most likely being blocked, that's why Safari isn't working when your VPN is connected.

I cannot tell you where to look in your router because there are many different types. But you're looking for port forwarding.

Resolved
 

OK. I resolved it.

On my Westell DSL router, I added a service called "IPSEC ALG" which, apparently, is a dynamic function that forwards to Port 500. The weird part is this all used to work, and I never used to have this service enable to make it work.

Kind of weird, but I am glad to be connected to the Exchange server again.

Thanks for your assistance, yellow.

New User - 8 hours Spent, but Still Can't get VPN working
 

I'm a new Mac user (first week) and need the VPN for my job - so am screwed without it. I've tried using SHIMO (no dice), followed all steps on this board/thread, plus 2 others without luck. I'm running VPN 4.9.00 (0050) on a MacBook Pro 10.5.5, with 2.6 GHz Intel Core 2 Duo. Upon launching by clicking the icon, I get "Error 51: Unable to communicate with VPN subsystem. Please make sure that you have...". Upon following some command line instructions on the previous page, I get nearly identical output:

$ sudo kextload -t /System/Library/Extensions/CiscoVPN/CiscoVPN
kextload: /System/Library/Extensions/CiscoVPN/CiscoVPN: no such bundle file exists
can't add kernel extension /System/Library/Extensions/CiscoVPN/CiscoVPN (file access/permissions) (run kextload on this kext with -t for diagnostic output)

What the heck do I do?

That VPN client is old, I think.
I use vpnclient-darwin-4.9.01.0090-universal-k9-BETA

Also, I assume:

* you have the correct IP address, username, password and connection protocols
* you already tried re-starting your machine

I have seen this error, and re-starting Cisco VPN tends to fix it. You can re-start it using Terminal with the following:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

Hair on Fire, I owe you one. After downloading the latest client, I'm in.

Fantastic.

Thanks