Fixing Cisco VPN Client 4.9 With Parallels Desktop 3.0 on Mac OS X
The new Parallels Desktop 3.0 for Mac is out! At first, everything looks great! Then I noticed my Cisco VPN Client v4.9 stopped working.
I tried uninstalling both the VPN client and Parallels, then reinstalling and everything worked until I rebooted. So, that wasn't going to work. After doing a ton of digging around, I found this post that suggested a fix that works!
Bring up a terminal and execute an ifconfig -a:
$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
vmnet8: flags=8862<BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.91.1 netmask 0xffffff00 broadcast 172.16.91.255
ether 00:50:56:c0:00:08
vmnet1: flags=8862<BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.197.1 netmask 0xffffff00 broadcast 172.16.197.255
ether 00:50:56:c0:00:01
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:17:f2:cd:20:02
media: autoselect status: inactive
supported media: autoselect 10baseT/UTP <half-duplex>
10baseT/UTP vfull-duplex>
10baseT/UTP <full-duplex,hw-loopback>
10baseT/UTP <full-duplex,flow-control>
100baseTX <half-duplex>
100baseTX <full-duplex>
100baseTX <full-duplex,hw-loopback>
100baseTX <full-duplex,flow-control>
1000baseT <full-duplex>
1000baseT <full-duplex,hw-loopback>
1000baseT <full-duplex,flow-control> none
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
tunnel inet -->
inet6 fe80::219:e3ff:fe06:93f0%en1 prefixlen 64 scopeid 0x7
inet 192.168.1.97 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:19:e3:06:93:f0
media: autoselect status: active
supported media: autoselect
vlan: 0 parent interface: <none>
bond interfaces: <none>
wlt1: flags=41<UP,RUNNING> mtu 1500
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030
inet 169.254.90.185 netmask 0xffff0000 broadcast 169.254.255.255
lladdr 00:19:e3:ff:fe:69:37:c4
media: autoselect <full-duplex> status: inactive
supported media: autoselect <full-duplexv
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::21c:42ff:fe00:0%en2 prefixlen 64 scopeid 0xa
inet 10.0.1.3 netmask 0xffffff00 broadcast 10.0.1.255
ether 00:1c:42:00:00:00
media: autoselect status: active
supported media: autoselect
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::21c:42ff:fe00:1%en3 prefixlen 64 scopeid 0xb
inet 10.0.2.12 netmask 0xffffff00 broadcast 10.0.2.255
ether 00:1c:42:00:00:01
media: autoselect status: active
supported media: autoselect
Find the interface that starts with "fw". In my case, mine is called "fw0". Next, shut off the interface:
$ sudo ifconfig fw0 down
fw0's flags will now be 8822 and now the Cisco VPN client should work!
But what happens if you reboot? Oops! The fw0 interface comes back on. Disable the interface when the Cisco VPN subsystem is started:
$ sudo pico /System/Library/StartupItems/CiscoVPN/CiscoVPN
Then change the StartService() function to look like this:
StartService ()
{
#disable fw0
/sbin/ifconfig fw0 down
if [ -d $CISCO_VPN_DIR ]; then
ConsoleMessage "Starting Cisco Systems VPN Driver"
kextload $CISCO_VPN_DIR
fi
}
Test with a quick reboot and everything should work!
Comments
Just need to know how to use Pico...
Hi
this is great, but since I don't usually get involved in using the Terminal, could you help me out with the "for dummies" version. As in how do we make sure we put the right stuff in the right place using Pico and how do we save it as an overwrite of the existing file?
That would really help.
Thanks in advance
Using Pico
Using Pico is pretty simple. Double click the Macintosh HD and navigate to:
Launch the terminal and type the following at the command prompt:
In order to edit the startup script, you must have super user access. The
sudocommand will allow you to run a command as the super user. Just type your password in when it prompts for the password and then Pico will launch:Find the
StartService()function and add the bolded text:StartService () { #disable fw0 /sbin/ifconfig fw0 down if [ -d $CISCO_VPN_DIR ]; then ConsoleMessage "Starting Cisco Systems VPN Driver" kextload $CISCO_VPN_DIR fi }Remember, your interface may be called something other than
fw0such asfw1. Press CTRL-X when you are finished and it Pico will prompt you to save:Press "Y" to save and you should be good to go. Give your box a quick reboot and just make sure that everything works.
Yes - You Can Do This Through The UI
Open Finder for your HD - then navigate to System->Library->StartupItems->CiscoVPN.
The CiscoVPN startup script should be there - single click on it - then select Open With - use TextEdit (or any other GUI editor you want to use) and edit the script as shown above (you can copy and paste the above change into the file).
Save the file and you should be all set!
Excellent!
Well, that was quick. Thanks so much. I edited it as you suggested. There was one extra step at the end which seemed to invite me to rename the file, but I just hit return and it saved. I restarted, the file looks like it should (I think the formatting is a little different, as the #disable fw0 is not indented) and the VPN still comes up OK. However, when I do an ifconfig -a I see that FW0 is still there and has an IP address. What's up with that?
Checking that fw0 is disabled
When you run
ifconfig, just make sure that thefw0's flags = 8822:fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 2030 inet 169.254.107.94 netmask 0xffff0000 broadcast 169.254.255.255 lladdr 00:19:e3:ff:fe:69:37:c4 media: autoselect <full-duplex> status: inactive supported media: autoselect <full-duplex>Excellent - part 2!
fw:0 flags=8822
So I gues I'm all set.
Thanks
Awesome
Thankyou very much for this fix, was doing my head in.
Thank you.
Hi,
I just wanted to thank you for this detailed blog. It was very easy to follow and allowed me to upgrade to 3.0 without a hitch.
Greg
What settings in Parallels
I am still not able to get this to work. What are your network settings in Parallels? I am using Bridge mode, but I have tried the others. Thanks!
Network Settings
I personally do shared networking because I want to be able to have my Mac talk to my VMs and vice versa when I don't have Internet access.
I have run bridge mode, but that was before I installed Parallels 3.0.
Can't this be done (via GUI) in the network preferences panel?
IIRC fw0 is the firewire port. So does it work just to turn off the firewire port in your network preferences panel? That should survive reboots just fine.
I can't test this since I don't have 3.0 installed yet.
No idea
The same thought crossed my mind. I did create a new Location with the firewire port and my modem disabled, but it didn't fix the problem. I didn't try just disabling firewire port for the "automatic" location. Give it a try and see what happens, then let everybody know how it turned out.
Disabling FireWire Port During Parallels Install Seems to Work
Disabling the FireWire port for networking when installing Parallels seems to work. After experiencing the "Error 51" problem, I:
I'm back up and running VPN and Parallels, without having to muck around in the config files. For me, turning the FireWire port off while Parallels is installed did the trick.
FWIW: I did turn the FireWire networking back on and things are still working fine.
This didn't work for me.
This didn't work for me.
Thanks.
It worked!
I noticed that my comments above were a little confusing.
The steps from Rich did not work (i.e. uninstalling parallels, disabling firewire, and then reinstalling). However, the steps in Chris' blog article worked wonderfully.
Thanks for one of the best
Thanks for one of the best tips I've run across in awhile...worked like a charm.
Awesome
Boom. Working, just wanted to thank you for the great discovery. I boggled on this
for at least a day. never would have thought fw0 interface was what broke it.
Gratitude
Thanks for the discovery and the write up.
Thanks, it worked for a while, but the error came back
Hi, I do not use parallels, in fact I am still using a G4 powerbook. but I got the same errors, and I did what you suggested here (I modified the file as shown here with Pico) and then I never got the 51 errors for about a week or so. Now the error came back, when when I check, the fw0 interface is mapped to 8822, not 8863 as before.
What else can I do now???
Reinstall the VPN client?
Can you reinstall the VPN client? Has your configuration changed recently that would cause this to break?
work around
Thanks, I will try to reinstall the VPN, but for now I found this work around:
$ sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
Fabulous!!
Dude - you nailed it. Excellent work - Thanks.
Finally!
Thank you ever so much - this has been bugging me for ages!
This solved my problem too
This is an excellent tip!
I don't run parallels, nor do I have any other of the configurations that are commonly being listed in the forums as possible causes for this error. But I still couldn't run Cisco VPN client (any version up to 4.9.01 (0080)) no matter what I tried. The infamous Error 51 kept popping up.
This tip fixed it. Thank you so much!
Mark
PS: for the PICO challenged: if you happen to have BBEdit: just type
sudo bbedit /System/Library/StartupItems/CiscoVPN/CiscoVPN
in the terminal to open the file in BBEdit.
Problem Solved
I run 2 macs on a network and the VPN error was affecting the intel mac, not the g4. This fixed the VPN client on the intel mac. Thanks a million!
solved
thanks a lot ... works like charm
not working
Hi,
I wish it worked for me, but using sudo ifconfig fw0 down on Leopard it is not bringing fw0 down:
fw0: flags=8802 mtu 2030
lladdr 00:16:cb:ff:fe:68:5d:cc
media: autoselect status: inactive
supported media: autoselect
en1: flags=8863 mtu 1500
inet6 fe80::217:f2ff:fe4c:e095%en1 prefixlen 64 scopeid 0x6
inet 192.168.11.7 netmask 0xffffff00 broadcast 192.168.11.255
ether 00:17:f2:4c:e0:95
media: autoselect status: active
supported media: autosele .... etc
so, as you can see flags=8802 and not 8822, any idea why?
thanks !!!
paul
Hmm, works for me in Leopard
This method works for me. Perhaps your fw0 is actually fw1? I'm using 4.9.01.0030. You can try downloading 4.9.01.0080 from http://www.macupdate.com/info.php/id/10317.
Disable FW interface in Network preferences
The 4.9.01 (0080) client stopped working when I switched to Leopard, even after reinstalling. Your post helped me to find the solution. All I had to do was to disable the Firewire interface as network interface in my Network preferences.
Thankyou, quick and easy fix
Thankyou, quick and easy fix worked for me also.
But what if you need firewire networking?
This fix allows me to launch the client.. BUT I need the FW port to network in another Mac.. what do I do about that??
Re-enable firewire?
Can you re-enable firewire after you've VPN'd in?
Still doesn't work
Hi guys, I have followed the whole post step by step, downed fw0 etc... Still not working. I am running X.5 as well as Parallel Desktop... Any one else having the same issue under x.5? Any ideas?
Another solution to this issue
The fix above never worked properly for me but I did solve the problem in a different way.
http://www.astrangeweb.net/2008/04/24/problem-solved/
Thanks very much
Hi there,
It worked... The trick was to have the latest version of VPN client http://www.macupdate.com/info.php/id/10317 as well as following the steps. I work for an University department, and not only were the IT department not supplying me with the correct version of the VPN client they also didn't have any clue about how to resolve issues with Mac OS... Considering there are over 1500+ Mac in the university environment... Really unfortunate. Well, I can say I know more than they now! :)
Very good! Here is my
Very good! Here is my bookmark of this post! http://www.searchallinone.com/Other/Fixing_Cisco_VPN_Client_4-9_With_Par...
My process
Not running parallels yet I had this issue on a rogers network from Canada.
The above steps worked for me, but I had to make sure I ran:
$ sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
I'm guessing it's because it cahces the old driver settings, so if you make the above changes via pico, you have to force your os to pick it up. Hope this helps someone else out.
I had incompatibility!
Thanks for sharing
I've had mysterious problems: when working at home, I could not reach most of the web sites. Google worked, but that was about it.
Working in the office, I had no problems. Also, I got the pop-up you mention in your story.
I have reinstalled (fresh install) Leopard, but the problem came back.
I got the feeling it had something to do with Cisco VPN and/or VMWare Fusion. It turned out my feeling was right. After applying your fix, everything turned back to normal.
Thank you very much!
Post new comment