Mac – VPN question on MAC

keychainmacNetworkvpn

My customer has provided me these inputs to connect to their network:

  • Server IP

  • pkcs (.p12) file

  • And a Certificate

On Windows, I installed the .p12 file into the Local store, imported the CERT into the Cisco VPN client, added a new entry with server IP and pointed the certificate to the imported cert (file).

Now how do I do these steps on MAC El Capitan?
I added the .p12 file into the keychain (System level) and also imported the certificate. I am creating a new entry under Network -> VPN -> Cisco IPSEC and selecting this CERT under authentication. When I try to connect, I see an error "an unexpected error occurred".
What did I do wrong?

Best Answer

I found a thread on Apple's forums with similar issues to yours. [link]

Here's a solution that worked for one user although I allow myself the indulgence of finding his security practice rather terrifying.

I granted client certificate's private key access to all applications and > set always trust certificate in the Keychain Access. After that racoon successfully connected to vpn server. (there were about > 5 lines of errors in a log, but vpn worked) Next, I returned certificate's trust policy to system defaults. (private > key access reverted automatically). Now it works without errors.

I would rather recommend trying this method (next post from the source)

I used Keychain Access to modify the private key's trust policy. However, instead of setting it to all application, I just gave access to /usr/sbin/racoon.

Racoon is a process that is (also) used by OS X's VPN solutions.

This suggestion is based on the following lines:

1/20/16 3:08:02.860 PM com.apple.SecurityServer[84]: Authorization via securityd no longer supported
1/20/16 3:08:02.861 PM racoon[6269]: error -25308 errSecInteractionNotAllowed.
1/20/16 3:08:02.861 PM racoon[6269]: error -25308 errSecInteractionNotAllowed.
1/20/16 3:08:02.861 PM racoon[6269]: failed to sign.
1/20/16 3:08:02.861 PM racoon[6269]: failed to sign.
1/20/16 3:08:02.861 PM racoon[6269]: failed to get sign
1/20/16 3:08:02.861 PM racoon[6269]: failed to get sign
1/20/16 3:08:02.861 PM racoon[6269]: failed to allocate send buffer
1/20/16 3:08:02.861 PM racoon[6269]: failed to allocate send buffer
1/20/16 3:08:02.861 PM racoon[6269]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).
1/20/16 3:08:02.861 PM racoon[6269]: failed to process packet.
1/20/16 3:08:02.861 PM racoon[6269]: failed to process packet.
1/20/16 3:08:02.861 PM racoon[6269]: Phase 1 negotiation failed.
1/20/16 3:08:02.861 PM racoon[6269]: Phase 1 negotiation failed.
Related Question