Cisco’s VPN client software is pretty standard and most people have access to it through their subscriptions or jobs. OS X users don’t actually need it though because we can use the built-in VPN client in System Preferences as an alternative!
In this entry, I’ll explain how to extract the necessary information from a profile
configuration file (
.pcf), typically bundled with your employer’s VPN client,
to use with the OS X System Preferences application.
Extract vars from a
.pcf with a text editor. It should look like this:
[main] UserPassword= enc_UserPassword= AuthType= GroupName=GROUP_NAME GroupPwd= enc_GroupPwd=ENCYPTED_GROUP_PASSWORD EnableISPConnect= ISPConnectType= ISPConnect= ISPPhonebook= ISPCommand= Username=USERNAME SaveUserPassword= UserPassword= enc_UserPassword= NTDomain= EnableBackup= BackupServer= EnableMSLogon= MSLogonType= EnableNat= TunnelingMode= TcpTunnelingPort= CertStore= CertName= CertPath= CertSubjectName= CertSerialHash= SendCertChain= PeerTimeout= EnableLocalLAN= Description= Host=HOST_HERE
Note the values for these lines:
[main] GroupName=GROUP_NAME enc_GroupPwd=ENCYPTED_GROUP_PASSWORD Username=USERNAME Host=HOST_HERE
Decrypt the Group Password
Download this decryption library: cisco-decrypt.c
You’ll need to compile this file. It’s likely that you will need to install
to compile it. The easiest way to do this is to install it using
Homebrew, follow the simple instructions on the Homebrew homepage.
Homebrew, run this command to install
brew install libgcrypt
Next, compile the cisco-decrypt program by running this command:
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
Finally, decrypt your group password by running this command, replacing
with your group password (from the
Note the returned value, which is your group password.
Setup the Network Connection
System Preferences and click
Network in the middle row. The left pane
shows a list of all your network connections. Click the plus icon at the bottom
of the left pane.
In the window that appears, choose the following settings:
Create and then click the
Authentication Settings... button.
Shared Secret field, enter the decrypted group password. In the group name
field, enter the
GROUP_NAME from the
Ok and then
Connect, enter your usual password, and you should be good to go!
If you connect to this VPN often, you can check the box next to “Show VPN status in menu bar” to activate the menu bar dropbown. I recommend it 100%.