Fix Cisco IPSec VPN timeout on OSX

There is some kind of bug in the built in Cisco IPSec implementation on OSX since Mountain Lion.

A lot of users experience that the connection drops after everything from 45 to 75 minutes. There is a solution but it demands a bit of “hacking” on your part.

Here are the steps to follow :

1. Connect your Cisco IPSec connection
This will create a file in /var/run/racoon called x.x.x.x.conf, where the x´s represent the IP address you are connecting to.
2. Copy this file to /etc/racoon with :

3. Go to /etc/racoon and open the file for editing
4. The following values need to be edited :
Dead peer detection needs to be set to zero (0)

‘Proposal check’ needs to be changed from ‘obey’ into ‘claim’:

The lifetime value needs to be raised from 3600 seconds to a new value. In my case i set this to 168 hours. (any value you choose will do, but I found this is workable in most cases)You will have to change this in ALL Proposal sections.

5. Save the file
6. Now you need to open racoon.conf for editing
7. Right at the end of the file, change the following value :
Comment out ‘#’ at the very beginning of the last line that starts with ‘include’;
Then type the following line directly under that:

Make sure to use the name of the file you have created

Disconnect from your VPN service and reconnect.
Your connection will now stop dropping out.

One thought on “Fix Cisco IPSec VPN timeout on OSX

Leave a Reply

Your email address will not be published. Required fields are marked *