Cisco VPN Client v4.9.x on your home Mac or on-campus wireless networked Mac running Mac OS X (v10.4-10.5.x). This VPN Client is a “Universal” application that runs on both Intel and Power PC Mac models.
If you do not have an active Duo account, please for your UNI. For additional information, visit the. If you already have Duo, enter one of the following Duo Action keywords into the Duo Action (aka '2nd Password') field:.Note: The first time you use VPN with Duo MFA, you will see a 2nd Password field instead of the Duo Action field. After you have successfully connected to Cisco AnyConnect once, the field will always display as Duo Action. Method 1: Type push to get a notification sent to your mobile device (recommended), then click OK. Follow prompts from the Duo mobile app on your smartphone or tablet to Approve (or Accept and Confirm) the request. Method 2: Type phone to receive an automated phone call, then click OK. Your enrolled landline or cell phone will receive an automated phone call from Duo, follow the instructions you hear to complete verification.
Method 3: Type sms to receive a batch of one-use passcodes via text and click OK. Your primary Duo device will receive a text message with 10 passcodes. Enter a passcode in the Duo Action.: field of the Cisco AnyConnect window (you may need to re-enter your UNI and password again as well), then click OK. Method 4: Enter a pre-generated passcode by opening the Duo app on your smartphone, and tapping on your Columbia University account to reveal a 6-digit passcode (one-time use only). Type this code into the the Duo Action.: field of the Cisco AnyConnect window, then click OK. If you need assistance, to the CUIT Service Desk to ask questions or report an issue. You can also call the Service Desk at 212-854-1919.
Native Cisco VPN on Mac OS X Confirmed working on OS X High Sierra The proprietary CiscoVPN Mac client is. It is possible to use the IPSec VPN software included with Mac OS X instead. This tutorial shows you how to migrate from CiscoVPN to the native OS X IPSec VPN by decrypting passwords saved in CiscoVPN PCF files. Advertisment Please visit these guys if their offer interests you - they make this site possible. Open Network Prefrences Open up your System Prefrences and select 'Network'.
Click on the little + button at the bottom of the window to create a new connection. Creating a New VPN Connection Pick 'VPN' for the Interface and set its type to 'Cisco IPSec'. It doesn't matter what you set as the service name. Set Your Server Address and Account Name Copy the 'Host' setting from CiscoVPN.
To the 'Server Address' setting in your System Prefrences' and enter your username under 'Account Name'. You probably don't want to enter your password unless you are OK with the system saving it. Find Your PCF File On Mac OS X, PCF files are usually found in /private/etc/CiscoSystemsVPNClient/Profiles. Open up /Applications/Terminal and type the following: cd /private/etc/CiscoSystemsVPNClient/Profiles cat.pcf You should get something like this: 5. Get Your Encrypted Group Password Find that long list of letters and numbers after encGroupPwd= and copy it. Also make note of the GroupName - you'll need that in a bit as well. Decrypt Your Group Password Paste that sequence of characters into the fancy schmancy decoder ring below and click 'Decode'.
(pops up a new window) Fancy Schmancy Decoder Ring As an example, this should return 'letmein' as the password: 9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA2B74C194EC7D0DD16645CB534D94CE85FEC4 Thanks to HAL-9000 at evilscientists.de and 's work on for the magic here. A JavaScript implementation also exists here:. Enter your Shared Secret and Group Name Click 'Authentication Settings' back in the Network Prefrences screen. Enter the resulting decoded password into the 'Shared Secret' section of the new VPN connection and set the GroupName from above as well. Create a New VPN Connection Click 'OK', make sure 'Show VPN status in menu bar' is checked and click 'Apply'. Try Starting your VPN At the top of your screen you should have a little VPN icon.
Try connecting to your new VPN. Bask in the Warm Glow of a Native VPN Connection If everything goes as planned, you should see your connection time counting up at the top of your screen. Visit our Sponsor if their Offer Interests You The 'Other Way Around' How to get your VPN settings out of the built-in mac VPN client.
You don't need the Fancy Schmancy Decoder Ring to get your settings back out of the built-in Mac VPN client. Just head over to the Keychain Access application (under Applications - Utilities) and search for 'VPN'. Double-click your IPSec Shared Secret to open up the window. Clicking 'Show Password' will reveal the secret sauce after you authenticate. Troubleshooting If things seem to get hung-up and you are unable to reconnect your VPN without a reboot, Rick R mentions that you might try killing the 'racoon' process.
Racoon is an IPsec key management daemon and is part of the KAME IPsec tools. Kill it by running 'Activity Monitor' in the 'Utilities' folder, finding it in the process list and clicking 'Quit Process' at the upper left of the Activity Monitor window. Look in your system.log by running the Console app for hints at what might be going wrong. Here's the system.log from a. Disconnects Dave Ma's VPN would disconnect after 45 minutes of uptime. On an suggested changing the IPSec proposal lifetime within racoon to 24 hours instead of 3600 seconds. (3600 seconds is 1 hour - who knows why people are seeing drops at 45 minutes) Here's how that is done.