Set up VPN Connection without QuickVPN or on Apple MacOS

Unanswered Question
Jul 7th, 2009
User Badges:

Hi!


We are using a WRVS4400N Router in our office. We installed QuickVPN on two Notebooks to reach our office via VPN from the internet - works fine.


Two colleagues are usinge Apple MacOS Notebooks. Does anyone know how to set up the VPN connection from Mac OS??? Is a software available like QuickVPN for Mac? Or does anyone know how to set up the connection manually?


Best Regards,



Markus

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Te-Kai Liu Tue, 07/07/2009 - 06:56
User Badges:
  • Gold, 750 points or more

IPSecuritas (open source) and VPN Tracker (commercial) are two known IPSec clients on Mac. The latter provides configuration guide for RVS4000.

convectogmbh Sat, 07/11/2009 - 00:26
User Badges:

Hi,


unfortunately it isn't working. Is it necessary to have a *static* IP adress at the *client*? I read this in a lot of postings.

We need it to connect with a dynamic ip adress (e.g. via UMTS, etc.) to the router.


If this isn't working with the WRVS4400N, is there another product (router) of Linksys which supports standard IPSec VPN without a software like QuickVPN?


Regards,


Markus

electricfriends Sun, 01/31/2010 - 09:37
User Badges:

I found an article which shows how to do it for a Cisco WRV210 (which also uses Quick VPN). It involves making a change to the router configuration to enable PPTP and using the built in Mac OS X VPN capabilities. See the article here http://blog.twinharbor.com/connect-to-the-linksys-rv082-vpn-from-mac-osx/# . I haven't tried it, so please reply if you have any success or problems.

electricfriends Sat, 08/07/2010 - 17:18
User Badges:

So did you ever have any success with 3rd party software or otherwise? I have to set up a VPN from a Mac to a WRV210. If you were successful, I would surely appreciate you providing any tips, or if possible your configurations (screenshots or otherwise). Thanks.

Joachim Kern Thu, 09/16/2010 - 04:33
User Badges:
  • Cisco Employee,

Cisco Ip sec works just fine on MacOSX.

WRV210 does not support Cisco Ip sec but standrd Ip sec.

ipsecuritas works fine with Cisco Small Business Routers and no, you do not need a static address.

electricfriends Sat, 09/18/2010 - 05:51
User Badges:

That's good to hear. However, I have not been able to find any documentation on settings and whatnot for using IPSecuritas with the WRV210. Would you know of or have any guidelines or tips on setting up the WRV210 and IPSecuritas in order to make a connection? All I can find is this QuickVPN client, which appears to be Windows only. In IPSecuritas, the wizard only has WRV200 and WRVS4400N under Linksys, and only PIX under Cisco. I have read a couple of comments that something changed between WRV200 and WRV210, so the connection method is not the same.

wintechllc Sat, 03/26/2011 - 12:12
User Badges:

Just for the sake of SEO: CISCO VPN MAC CLIENT SA 500 SA520 SA540


Dear Cisco, you have done it again.


I realize Alejandro isn't with us at this point, but my advice to any fellow frustrated mac users that paid hard earned money for an SA500 series router is that you may be out of luck. If a team of two engineers, three technicians, and Cisco Small Business Support can't make this work over a three day period...you too may have difficulty! Just sayin'!


We tried any number of published configurations (QVPN/IPSecuritas and SShrew/XAuth) as well as every possible combindation we could think of, using every level of security. When Cisco says that you can establish a tunnel they are correct. The problem is when you want to transmit data over the tunnel. If anyone at Cisco would like to take on the challenge with one of our techs (feel free to reference our case tied to my ID) you can find us at http://www.wintechgroup.net


So, our only option was to enable the Mac OS Server VPN client and configured passthrough and NAT rules on the SA520. We opted for the built-in client, but any client should work once the SA is only used to create holes. Now I rant; we have long since drank your kool-aid. We market your products. We rely on the SBCS/UC500 products for ourselves and our clients. We do good work (and learning to do better homework), and then you release another half-baked product that runs Linksys RVS software (read the SSL ceritificate if you can get that far) as a "small business product". Are we a little ahead of the curve as a Apple Technology provider? Quite possibly. Should Cisco be somewhere near the curve and make a router and client that can support the, oh, millions of MacBook products (not to consider Minis, Pros, etc.) that are sold every month? Ya think?


Give us a client that works and I will gladly recant my rant.

wintechllc Fri, 05/06/2011 - 12:15
User Badges:

In reposnse to an e-mail frpom Mike, what you will need are the correct NAT Rules to bypass the Cisco VPN service in favor of your Snow Leopard server. Those ports can be found here:


http://support.apple.com/kb/ts1629


Start with 1702 and 1732 and work your way our from there. You will need to disable your Cisco VPN Polcies, and build cutom Services for each port you require under Firewall > Services. Then, the rules themselves are built under Firewall > IPv4 Rules.


We have found the Apple SL Server VPN servicve to be less than stable (wait and see) so I would always recommend writing a chron job to restart that service every day/night for best reliability.


Good Luck!

Alejandro Gallego Fri, 05/06/2011 - 21:21
User Badges:
  • Cisco Employee,

Hey am still around... in places.


Have you guys looked at my other docs for the SA500 routers. IPSecuritas should really work with no problems so long as we are creating IPSec tunnels to the router not the server. One thing I have found tricky but did figure out, was when we had multiple subnets. Unless the FW has really changed and broke this again, my docs should still be valid.

If i get you fixed do I win and SA500? 

wintechllc Mon, 05/09/2011 - 05:59
User Badges:

Thanks Alejandro, glad you're still makign an appearance!


I would ask that you please revisit this in your lab with curent firmware. We would prefer to use router-based VPN in every case. We have/had a single subnet and tried IPSecuritas in every possible IPSec configuration. We lost unrecoverable hours in the process. Havign said that it is appreciated to find configuration docs like yours. If you can make your and ours work I will gladly retract my comments and give you an adhesive gold star!


: )

Joachim Kern Mon, 05/09/2011 - 06:14
User Badges:
  • Cisco Employee,

Hi

you can use the MAcOS X built in Ipsec (Cisco) client to connect to SA500 (using mode-config)


Jo,

Alejandro Gallego Mon, 05/09/2011 - 08:40
User Badges:
  • Cisco Employee,

I do not have access to a SA500 but looks like we can now use Network Configuration and create an IPSec connection with the Cisco option. So try that out and let us know.


Thanks Joaqim!