Using the OSX Cisco VPN Client (and getting around error 51).

Create a script to get around the Error 51 that stops the Cisco client from launching.

As with any installation on any computing platform, it is good practice to ensure important data is backed up in case unforeseen difficulties arise.
Review all instructions on this page before you begin.

Page dependencies (ensure you have access to everything you need before you begin).
Commands issued at the command prompt in this section are done so as superuser or root unless otherwise specified. When installed, OSX does not ask for a root password to be specified. Either set a root password using sudo passwd root so that you can log in as superuser, or enter the commands listed in this guide prefixed with 'sudo'.

Text file editing from the command line.
If these instructions require the editing of text based files then a handful of vi commands are listed below for reference. For a full command list go to http://www.chem.brown.edu/instructions/vi.html or search Google.
vi [filename] Opens the vi text editor. [filename] creates or opens a particular file to edit.
i or INSERT key Enters 'insert' mode allowing editing of text within a file.
ESCape key Exits insert mode.
: (colon) Shows command input line.
u Undo last change (when not in Insert mode)
q! When entered on the input line this command will quit without saving changes.
wq When entered on the input line this command will write changes and quit.

Page format.
Text in this format indicates command line entry by the user.
Text in this format indicates an error returned by the system.
Text in this format indicates a normal return from the system.
Beware of similar characters such as 1(one), l(lowercase L), 0(zero), O(uppercase 'o'), | (pipe – Shift ' ' usually).
Text enclosed in [square brackets] indicates a build-specific variable such as a version number or user name.

This page was written for OSX Tiger and may contain content or instructions that are not relevant to other distributions.
This information is provided for guidance only. Use of these instructions is deemed to be at your own risk.
R3UK Limited welcomes comment on this information but cannot guarantee a reply and provides no technical support. Please use one of the many dedicated OSX forums or IRC channels if you require assistance.
Text colours and fonts used in the formatting of this page relating to command input and output are used for illustration purposes. Actual command line colours and fonts will vary according to individual system preferences.
GUI instructions were written for the OSX Tiger desktop environment and may differ for other desktop environments.

As part of our cross platform move we've got a couple of Mac OSX Tiger machines in for those that want them. One of the early problems we hit was Vodafone 3G access as our existing 3G cards were not compatible with ExpressCard or desktop Macs. Fortunately Vodafone have just started supplying the Huawei USB modem which has an OSX driver. Installation of this device is simple and a 3G connection can be established or terminated through Internet Connect.

While that's all well and good, we need Cisco IPSEC VPN access over this connection. While Cisco are to be applauded for providing a Mac client for their software, it does have an annoying bug (our version is 4.9.01). Network interfaces that drop in and out (e.g. PPP over dial-up or over 3G) cause the client to issue an Error 51 about their being no live network interfaces when the client starts. This happens after the 3G connection has been terminated and re-established and can can be fixed fairly easily by restarting the Cisco daemon with this command....

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

The problem for us is that we don't want our users to have to open up terminal windows and issue this command every time they want to initiate a VPN connection. Fortunately the answer is quite straightforward - we'll create a script to do the work and make it executable from the dock. The users will then just have to click an icon to restart their daemon and launch their Cisco application.

Open Applications/Utilities/Terminal. Either log in as superuser or prefix the commands below with 'sudo'. First we will amend the wheel group so that this particular command can be issued without a password being requested. Type:


Edit the line below the heading that reads:
“# Same thing without a password” .... to read:

%wheel ALL=(ALL) NOPASSWD: /System/Library/StartupItems/CiscoVPN/CiscoVPN

Now to edit the group permissions and make the relevant user a member of the wheel group...

vi /etc/group

Edit the line that reads “wheel:*:0:root” to read wheel:*:0:root,[username]
.... where [username] is the local username of the user.

Create a new text file (call it whatever you like, in this case it's 'myvpn.sh') and open it for editing...

vi myvpn.sh

Populate the text file with the following:

# starts Cisco VPN client
# just a wrapper
sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart
sleep 2
/Applications/VPNClient.app/Contents/MacOS/VPNClient &

The function of the script (after the comment lines) is as below:
Line 1 restarts the daemon
Line 2 pauses the script for two seconds while the daemon restarts
Line 3 starts the VPN client application (the ampersand at the end of the line quits the script).

Make the script executable:
chmod +x myvpn.sh

Now you can run and test the script with ./myvpn.sh or use Platypus to convert the script into an executable that can be double-clicked or dragged onto the dock for single-click launching.

Interestingly, the built-in Apple VPN client refused to even find our external IP address (although it would ping okay), and after the Apple client had been run the Cisco client would stop connecting too. Only a reboot would cure it.

Thanks to Nigel for coming up with most of the above!

Did the information on this page help you? If so, please help to fund this site by clicking one of our sponsored ads...