Adam Howitt's Blog

Aug 04
2011

Cisco VPN on Lion Workaround

At : 1:15 PM | Link | PC to Mac | Comments (2) | Send | 1439 Views |

I found out the hard way that Cisco's VPN doesn't like Lions. Specifically as I began testing Lion developer previews without the safety net of a testing machine (big mistake) I was unable to get on the VPN for one of my clients.

I installed the VPN client on my old Windows XP box but felt like a stranger in a strange land. Remoting into the box was a problem because when I initiated the Cisco VPN client it locked down remote connections (due to a clash on local network IPs vs remote) and I couldn't get back in.

I found a workaround for that - typing

route delete 192.168.1.0
at the command prompt while sat at the Windows machine removed the conflicting route and I was able to get in over remote desktop from my mac. This has to be run each time you connect to the VPN so I wrote a batch file to initiate the VPN and run the required command (since as soon as the VPN connects you can't see or operate that machine). Type this into a text file and save it as launchvpn.bat
"c:\progra~1\Cisco Systems\VPN Client\vpnclient" connect connectionname
route delete 192.168.1.0
I put that on the desktop. Remote into the machine without the VPN running, double-click your batch file and hey-presto, you're on VPN and connected. You may get booted off RDC initially but just reconnect and you'll be fine. This of course assumes your router is 192.168.1.0 and your client is located where I said it was ;-)

This still isn't ideal though. I love my Mac and XP remoting makes me feel dirty so I searched some more this morning and came up with the right way to do this. It's ridiculously simple - reboot your Mac holding down the 3 and 2 key while it is shutting down and coming back up. This throws the Mac into 32 bit mode which you can confirm by going to About this mac > More Info > System Report > Software. You should see 64 bit kernel and extensions = NO.

Obviously running your Mac in 32 bit mode isn't a full time solution but for the sake of my sanity at least now I can VPN in to do the work directly on my Mac instead of all the other jiggery pokery.

Related Blog Entries

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
  1. What behavior did you see, and are you using Cisco's half baked client, the native OSX built in client, or some other third party client?

    I just tested the connections I have configured and they seemed to work. I'm already on Lion and would love not to run into this when I least expect it.

    Posted By Cameron Childress : Posted At 8/5/11 11:59 AM
  2. Hey Cam - I was using the Cisco VPN Client Version 4.9.01.0230 for Mac OS X. In 64 bit mode it shows "Error 51: Unable to communicate with the VPN subsystem. Please make sure that you have at least one network interface that is currently active and has an IP address and start this application again.". Switch to 32 bit mode as shown above and it all works fine again.

    If you're not using the Cisco client I don't believe you'll have the same trouble but certain Cisco VPNs don't work with the built in mac client (like the one I'm hitting).

    Adam

    Posted By Adam Howitt : Posted At 8/8/11 2:03 PM
[Add Comment]