Apple - How to save password for Cisco IPSec in Mac native VPN client?

This looks like a very annoying and longstanding bug in Mac OS X/macOS.

10.6: Save Cisco IPSec password in the Keychain:

Mac OS X Snow Leopard added the support for Cisco IPSec VPN connections – that is, plain IPSec with XAuth authentication and mode_cfg.

That makes it two layers of authentication: first, Machine Authentication with a password (Shared Secret) or an X509 certificate. Then a traditional username-password pair for XAuth, both of which you can enter and save in the Account Name and Password fields respectively when you set up the connection. Trouble is, even though you entered your password and it is apparently saved in the keychain properly, Mac OS X keeps nagging you to manually enter the password every time you connect. Turns out this is a just bug with a simple fix.

Open the Keychain Access Application, select the System keychain and find your saved XAuth password entry in the list. Its Kind field will say IPSec XAuth Password. Open it, then on the Access Control tab click the Plus button to add another application. The file we need to select, /usr/libexec/configd, resides in a hidden folder. To navigate there, press Command+Shift+G, enter /usr/libexec, then pick configd in the dialog. Save your changes and that's it – your saved password should now work.

Another guide using pretty pictures: https://anders.com/guides/native-cisco-vpn-on-mac-os-x/

Apparently the same manual fix of adding configd to the Keychain-allowed applications has to be applied for using the built-in ipsec-vpn tools.

VPN ipsec Prompting Saved Password:

Symptoms:

On Mac OS X Snow Leopard (10.6.x) you are prompted to enter your VPN password even though you’ve previously saved it in the keychain You are using IPSec on the built in VPN client on Mac OS X Snow Leopard

Explanation:

This is caused by a problem with the Keychain Access item for the VPN IPSec connection. A two minute fix will sort it out for you.

Solution:

  • Launch Keychain Access by clicking Applications > Utilities > Keychain Access
  • On the left upper pane, under Keychains select System
  • On the left lower, under Category select All Items
  • On the right side of the screen scroll to the bottom and locate the two items called VPN(IPSec)
  • Double-click the VPN(IPSec) whos kind is IPSec XAuth Password
  • Click the Access Control button/tab. The applications permitted to use this keychain item will be displayed below. If you’re prompted for your password, enter it.
  • Click the plus (+) sign
  • When the Finder window appears, press Cmd + Shift + G on your keyboard
  • When the Go To Folder dialog appears, enter /usr/libexec
  • Click Go
  • When the /usr/libexec folder appears scroll to configd, select it and click Add
  • Click Save Changes
  • Close Keychain Access and try connecting to your VPN again

Tags:

Macos

Vpn

Wifi

Network

Recent Posts