Note: This built-in Mac OS VPN service is only supported for Mac OS 10.4 or higher. Those running Mac OS 10.2 or 10.3 may download the Cisco VPN client from ITCom at:

• http://www.itcom.itcs.umich.edu/vpn/software/mac.html

CAEN offers the built-in Mac OS X VPN service to all members of the U-M community. This can be used to connect to the CAEN Wireless network in College of Engineering buildings and the Duderstadt Center. It can also be used to connect through the U-M Wireless network on Central Campus. Finally, this service can be used to connect remotely from home or off-campus. This may be preferable to those who do not want to install the Cisco VPN client on their Mac.

Setup & Configuration

First, download the zipped VPN Configuration Files (CAENOSXVPN.zip) to your desktop. Open the file and double click the CAENOSXVPN.internetconnect file to open the Internet Connect application. You should see the following window:

Note: The file may open as a text file. If this happens, click the file once and select Get Info from the File menu. You can now rename the file to remove the .txt extension, and re-associate the file with Internet Connect, as shown below:

Make sure VPN (L2TP) is selected and click OK. You will next see the following window:

Enter your U-M uniqname as the Account Name. Click the Summary globe in the upper left corner of the screen, and save the profile you just edited:

Open the folder /Library/Preferences:

If you have an edu.mit.kerberos file in your Preferences folder, rename it to something like edu.mit.kerberos.bak. Now place the edu.mit.Kerberos file (which you downloaded earlier in zip form) in your /Library/Preferences folder. Note: You will need administrative (or superuser) rights for this step:

Note: If you are using Mac OS 10.5, you will need to follow these steps before attempting to connect:

• From the Apple menu select System Preferences...
• Click to open the Network option.
• Highlight VPN (L2TP) on the left of the window, and click Advanced...
• Under the Options tab, make sure Send all traffic over VPN connection is selected, and click OK.

Finally, open the Internet Connect application, and select VPN (L2TP). Make sure CAEN OSX VPN is the selected configuration:

Click the Connect button, and enter your UMICH.EDU (Kerberos) password when prompted:

You should now be connected to CAEN's Mac VPN server, and have access the Internet.

Troubleshooting

If the above instructions do not work, or you are having trouble connecting, there are a few you can check:

• Make sure you only have one Kerberos realm defined in the edu.mit.Kerberos file: UMICH.EDU
• Make sure the Kerberos realm is defined in all upper-case letters, as shown above (i.e. not umich.edu, but UMICH.EDU)
• If you're behind a router or firewall make sure the following ports are open to your computer:
  • IKE NAT Traversal: 4500 UDP
  • IPSec ESP: 50 UDP
  • Kerberos: 88 TCP and UDP
  • VPN ISAKMP/IKE: 500 UDP
  • VPN L2TP: 1701 UDP
• There is a conflict between the Mac OS VPN client and Cisco's VPN client. Both clients may co-exist on the same machine, but once the Mac client is used it captures the IKE port (500) and will not relinquish it without a reboot, making the Cisco VPN client inoperable. To fix this problem when it occurs, open the Terminal program and type sudo killall racoon.

Further Information

For further help with setting up the Mac OS X VPN, you can contact the CAEN Hotline in the Duderstadt Center, or search Apple's help pages:

• http://www.apple.com/macosx/