Configuring the native VPN client on Mac OS X 10.6 and above

IT Services

Configuring the native VPN client on Mac OS X 10.6 and above

Contents

1. Requirements
2. Obtaining the prerequisite information for configuring the inbuilt VPN client
3. Configuring and using the inbuilt VPN client
4. Connecting to the OUCS VPN service using the inbuilt VPN client
5. Further Information

Mac OS X versions 10.6 (Snow Leopard) and above provide native support for connecting to the OUCS Cisco-based VPN service. Alternatively OUCS also provide the Cisco AnyConnect VPN client which also supports OS X 10.6 (Snow Leopard) and 10.7 (Lion).

This document contains instructions on how to configure the native VPN client that comes with Mac OS X 10.6 and above. In order to use the VPN service you will also need to have the necessary Remote Access Services username and passwords - for details see the main OUCS VPN Service page.

Please make sure that you have read the introduction and general requirements, which apply to all VPN clients, before attempting to configure your computer or mobile device to connect to the VPN.

1. Requirements

There are a number of requirements necessary in order to use the VPN service on Apple Macintoshes; these are detailed below.

Your computer must be running Mac OS X version 10.6.0 or above.
You computer must already have a connection to the Internet (e.g. via NTL, Compuserve, broadband, ADSL, etc., etc.)
You must have a Remote Access Services account.
You must be able to log on as an Administrator of your Mac.

If you are running a version of Mac OS X lower than 10.6 you will need to refer instead to the document on Configuring the AnyConnect Client on Mac OS X Systems.

2. Obtaining the prerequisite information for configuring the inbuilt VPN client

As part of the process of configuring the inbuilt VPN client you will need to supply some group configuration information. Members of Oxford University can download a file containing this information from the OUCS Self-Registration Software Registration and Downloads web page. Once on this page select VPNC Client for Linux/Unix from the list and click the Submit button. You will see a page that asks you to accept the University regulations relating to the use of Information Technology facilities and the University's general Disclaimer of Liability. After you have read these documents click the Accept button to proceed. This will bring you to the download page where you can click the vpnc configuration file link to download the configuration file. A window containing the information should now pop up on your desktop. Make a note of the IPSec secret as you will need this information later on (it will be referred to as the shared secret) and then close the window using the close window link.

You have now obtained the information that you need from the Self-registration web pages.

3. Configuring and using the inbuilt VPN client

To use Mac OS X's inbuilt support for Cisco VPN you will first need to open [System Preferences], which you can do from the dock, the [Apple] menu or by finding it in the Applications folder.

Figure images/systempreferences.png [System Preferences window showing all preferences]

From the [System Preferences] window click the Network icon to bring up the Network window.

Figure images/networkpreferences.png [System Preferences Network window]

Click the + at the bottom of the left hand pane to bring up a dialogue window to add a new network interface. Within the dialogue window make the follow changes:

set the Interface drop down menu to VPN
set the VPN type drop down menu to Cisco IP Sec
change the Service Name field to something that is meaningful to you, eg VPN (OUCS)

Figure images/addingnewinterface.png [Dialogue to add a new interface within System Preferences Network window]

Finally, click the Create to add the new interface. This will return you to the Network window with the newly added interface ready to configure. To configure the interface make the following changes:

set the Server Address field to vpn.ox.ac.uk
set the Account name and Password fields to your remote access account name and password

Figure images/addingnewinterface-2.png [Window to configure the newly added network (VPN) interface]

Next click the Authentication Settings... button to bring up another dialogue window which requires the following information:

click the Shared secret radio button and fill in the text field using the information that you obtained earlier
set the Group Name field to oxford

Figure images/adding-group-info.png [Window prompting for group information whilst configuring newly added network (VPN) interface]

Click the OK button to return to the Network window. If you are likely to use the VPN client regularly you may want to include the status of the VPN connection in your menu bar. If you do want to do this you must tick the check box labelled Show VPN status in menu bar.

Finally, click the Apply button to complete the configuration for this new VPN interface. The new interface should now appear in the left hand pane indicated by a locked padlock icon. Note that the status of the interface will show as Not connected.

Figure images/newinterfaceadded.png [System Preferences Network window showing the newly configured network (VPN) interface]

To make a connection to the VPN service simply click the Connect found on the Network window. (This can be found underneath the Authentication Settings... button.) Once the connection has been established the Network window will show that the status of the VPN interface has changed to Connected and it will display the connect time and the IP address.

4. Connecting to the OUCS VPN service using the inbuilt VPN client

Once you have configured a network interface on your Mac to connect to the OUCS VPN service you can make a VPN connection whenever you need to. To connect via the inbuilt client:

Open [System Preferences]
Click the Network icon to switch to the Network window
Select the VPN connection you configured previously (in this example called VPN (OUCS)) in the left hand pane
Click the Connect button (found underneath the Authentication Settings... button)

Do remember to disconnect from the VPN service once you no longer need it by clicking the Disconnect button within the Network window.

Alternatively, if you chose to include the status of the VPN connection in your menu bar by ticking the box labelled Show VPN status in menu bar during the configuration process you can connect and disconnect using the VPN icon in the top menu bar. Look for the VPN icon in the top menu bar and click the icon to bring up the drop down menu.

Figure images/menubaricon.png [Using the inbuilt VPN client via the top menu bar]

Simply choose the [Connect] option from this menu to make a VPN connection. You can also use this menu to disconnect your session once you no longer need it.

5. Further Information

For information on firewalls and IP address allocations refer to the OUCS VPN Service technical details page.

If you have problems with the inbuilt client you may prefer to use the Cisco AnyConnect Client. Instructions are available from the Configuring the AnyConnect Client on Mac OS X Systems page.