Personal tools
University Computing Service

Information & documentation

Making a Virtual Private Dial-up Network (VPDN) Connection to the CUDN with Mac OS X using the Cisco client

G58

A PDF version of this document is also available.

1. Virtual Private Networking with OS X

This leaflet covers the installation, setup and troubleshooting of the components necessary to create a VPN connection to the University network (CUDN) over a modem, broadband, ADSL or remote ethernet connection using the Cisco client. It is assumed that for the purposes of this document that you already have a network connection established outside cam.ac.uk (i.e. outside the CUDN). This document is not about making the initial network connection.

Important Note:
All 10.7 Macs, and some 10.6 Macs, default to running the operating system in 64 bit mode. Unfortunately this is incompatible with the VPN client supplied by Cisco. Please contact mac-support@ucs.cam.ac.uk for details of a temporary workaround.

To check if your Snow Leopard Mac is running the 64 bit version of OS X do the following:

  1. Open System Profiler from /Applications/Utilities
  2. Select Software from the list on the left. If "64-bit Kernel and Extensions" displays Yes then you will need to connect Mac Support.

1.1 What is a Virtual Private Network (VPN)?

A virtual private network is a network which uses encryption to provide a secure connection through an otherwise insecure network, typically the Internet. Or in other words "private data travelling over public IP infrastructure". This is not a new concept, but is becoming increasingly important as people need to access their IT resources when away from home, or when using external ISP providers. In this particular case, the connection is a VPDN (a virtual private dial-up connection).

1.2 What you will need to do

To use the VPDN service you need

  • a Raven account to download the Cisco client
  • a copy of the Cisco VPDN client software. N.B. Mac OS X includes a VPDN client, but this does not work with the Cambridge VPDN server. The correct version can be downloaded from CISCO VPDN Client
  • an account on the VPDN service. Register by completing the online form at http://userforms.csx.cam.ac.uk/vpdn
  • to register with the VPDN service that you will use the Cisco VPDN client

1.2.1 Registering to use the CISCO client.

Before you attempt to connect via VPDN, you will need to tell the VPDN service that you will be using the Cisco client:

  • Start up the terminal program and enter ssh vpdn@vpdn-admin.csx.cam.ac.uk (There is no password prompt at this stage.)
  • You will then be prompted for your CRSid and dedicated VPDN password. When you have logged in, press c to indicate that you wish to use the Cisco client, and then q to quit.

Terminal window with options being set

1.2.2 Installing the Cisco client on your Mac OS X computer

The Macintosh Cisco clients are available from CISCO VPDN Client. You will need to choose the correct client for your version of the operating system. If you are not sure which version of OS X you have check under the About this Mac from the Apple menu

MacOS version windows

In this example the version of the client needed will be the one for MacOS 10.4.8 and above. If you have a version of MacOS which 10.4.0 or greater but less than 10.4.8 you must update your OS version prior to installing the Cisco client. You may otherwise experience difficulties with your Mac.

Install the client on your Macintosh by double-clicking the Cambridge VPDN installer package and follow the on-screen instructions. The application will be installed in your Applications folder.

1.2.3 Setting up the CISCO client and connecting

Open the application and click on the 'Connection Entries' tab and then on the 'vpdn' entry. You will now need to customize the client with your own CRSid and password.

Connections list for vpdn client

Login using your CRSid and VPDN password:

Login window

Click OK and the connection is made. If the connection is successful the application should minimize itself to the dock. You can make a further check by using Status from the menu and then Statistics. Under the Tunnel Details you should see an address in the 131.111.7.x range

Connected client window

You should now be connected via VPDN

1.2 Shutting down your VPDN Connection

Since your VPDN connection relies on another connection being in place (i.e. broadband or an existing dialup connection) before it will work, setting the normal timeout limits will fail. The VPDN server and the client (your machine) exchange messages at least once a minute to make sure that each other are still there, which means that your machine is never "idle" (which most timeout mechanisms rely on to work). To close down the VPDN connection cleanly, double-click on the VPDN client window and click Disconnect.

1.3 Collecting a new shared-key

The client software that you have installed is preconfigured to use a 'shared key'. From time to time, you will need to reconfigure your client when the shared key changes:

  • Connect to the VPDN admin, as in 1.2.1 above, login and when you are connected, type k to collect a new shared key. Copy the key.
  • Open the VPDN client software and click the Modify icon.

Properties window

  • paste the new shared key into the Password box and the Confirm Password box.
  • Click Save to save the settings.

2. Troubleshooting Your VPDN Connection

There are such a variety of possible causes for the VPDN connection not to work that the main ones are difficult to summarise. One potential problem arises if you have a wireless router (or a network device other than a simple cable modem) which is not configured to allow access to the VPDN server. You can check connectivity by opening a terminal window as before and typing the command ping vpdn-access-cisco.csx.cam.ac.uk. If the response is similar to the following, you have a connection::

Terminal window dislaying ping command.

It is also possible that you may have to adjust software supplied by your ISP to allow the VPDN to work properly. For example Plusnet has a firewall setup which may complicate access to the VPDN. If you have recently updated your operating system then you may need to check whether there is a more recent version of the Cisco client available - see CISCO VPDN Client or email the UCS Service Desk ( service-desk@ucs.cam.ac.uk).

You are recommended to uninstall the old client before installing a new version. Please see 'How do I uninstall the VPN CISCO client under Mac OS X?' for details.

Last updated: October 2011