Cisco VPN broken in Tiger

I’m having a marvelous time trying to get the Cisco VPN client working under Tiger.

Suffice to say that it doesn’t work despite the new version that is supposed to be Tiger compatible on any single CPU machine.

After doing some investigative work I’ve figured out how the client appears to work and exactly what is going wrong. Fixing it would require the source code and of course the sucker isn’t open source.

One of the joys of OS X is that under the hood is that BSD core writing logs and crash reports out. I tracked exactly what the VPN software was doing, indeed I watched it in the Process Viewer. It runs this nice little deamon, ‘cvpnd’ which then tries to spawn a copy of itself to handle the communications and fails on an ssid() call making the spawned copy crash and the original then times out attempting to communicate with the child and exits.

Just to improve things the Cisco GUI client doesn’t realise that the connection has now died and refuses to exit until it can close the connection, attempting to communicate with a process that is no longer there – great bounds checking, guys. You gotta force quit the sucker.

Fortunately they also give you a command line client that works much better. Well, it still won’t connect but at least it fails gracefully. Cisco also make it real easy to try and track these problems – unless you’re the designated Cisco peon they won’t talk to you, won’t let you download any client updates and won’t let you see a chunk of the documentation. Gotta love the paranoid.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s