VPN - Setup for Mac

Issue/Question

  • How do I connect to the OSU VPN on macOS?

Environment

  • Oregon State University
  • Student, Employee, Associate
  • Mac
  • VPN

Explanation

For details on who can use the VPN, please see: Who is Eligible for VPN Access? 

Mac users must install the Cisco AnyConnect client to connect to the new VPN server at vpn.oregonstate.edu. The built-in VPN client that comes with the macOS will no longer work.

Resolution

Index

Install Cisco AnyConnect Client

  1. Navigate to https://oregonstate.app.box.com/v/cisco-vpn-clients 
    • Note: you will need to sign in to Box with your OSU account in order to access the VPN installers.
  2. Download the AnyConnect file for MacOS.
  3. Open the DMG and double click on AnyConnect.pkg.
  4. Accept the license agreement and complete the installation.
  5. Only the VPN needs to be installed - The other add-ons can be unchecked (currently not used by OSU).
  6. Note: If all of the installation options are grayed out, try uninstalling previous versions of Cisco AnyConnect first.
  7. Follow steps to allow the Cisco System Extension if prompted.
  8. When complete, you should see the message "The installation was successful."

Connect to the VPN

  1. Open the Cisco AnyConnect Secure Mobility Client
  2. Enter vpn.oregonstate.edu and click connect.

    Caution: If you see "sds.oregonstate.edu" in the server name, please change it to "vpn.oregonstate.edu".
  3. A Cisco AnyConnect Login screen will appear with a connection type window behind it.
    1. Full tunnel vs. Split Tunnel selection: Hidden behind the login screen will be another window labeled "Cisco AnyConnect | vpn.oregonstate.edu" with a drop-down menu to select your connection type. 
    2. Full tunnel is the initial default for most users. If you switch from full tunnel to split tunnel, the split tunnel option will remain selected in future. For details about which to use, see: VPN - Full Tunnel vs. Split Tunnel
    3. Enter your OSU username and password in the login window and click "Login". You will be prompted to do Duo two-step login.

 

Troubleshooting

Uninstall from macOS using "Uninstall AnyConnect"

If the application is still installed do this:

  1. From the Finder go to the Applications folder.
  2. Look for the Cisco folder and open it
  3. Then double click on Uninstall Anyconnect to start the uninstall process
  4. Follow instructions to uninstall VPN program

Uninstall from macOS using vpn_uninstall.sh

  1. As root, run the following shell script from the Terminal:
    • sudo /opt/cisco/anyconnect/bin/vpn_uninstall.sh
  2. You will be prompted for your password. Once you enter it, just follow the steps

Uninstall from macOS Manually

  1. Enter these commands to clean out the old Cisco VPN kernel extension and reboot the system.
    • sudo -s
    • rm -rf /System/Library/StartupItems/CiscoVPN
    • rm -rf /Library/StartupItems/CiscoVPN
    • rm -rf /System/Library/Extensions/CiscoVPN.kext
    • rm -rf /Library/Extensions/CiscoVPN.kext
    • rm -rf /Library/Receipts/vpnclient-kext.pkg
    • rm -rf /Library/Receipts/vpnclient-startup.pkg
  2. reboot
  3. If you installed the Cisco VPN for Mac version 4.1.08005 package, enter these commands to delete the misplaced files. The deletion of these files will not affect your system, since applications do not use these misplaced files in their current location.
    • sudo -s
    • rm -rf /Cisco\ VPN\ Client.mpkg
    • rm -rf /com.nexUmoja.Shimo.plist
    • rm -rf /Profiles
    • rm -rf /Shimo.app
    • exit
  4. Enter these commands if you no longer need the old Cisco VPN Client or Shimo.
    • sudo -s
    • rm -rf /Library/Application\ Support/Shimo
    • rm -rf /Library/Frameworks/cisco-vpnclient.framework
    • rm -rf /Library/Extensions/tun.kext
    • rm -rf /Library/Extensions/tap.kext
    • rm -rf /private/opt/cisco-vpnclient
    • rm -rf /Applications/VPNClient.app
    • rm -rf /Applications/Shimo.app
    • rm -rf /private/etc/opt/cisco-vpnclient
    • rm -rf /Library/Receipts/vpnclient-api.pkg
    • rm -rf /Library/Receipts/vpnclient-bin.pkg
    • rm -rf /Library/Receipts/vpnclient-gui.pkg
    • rm -rf /Library/Receipts/vpnclient-profiles.pkg
    • rm -rf ~/Library/Preferences/com.nexUmoja.Shimo.plist
    • rm -rf ~/Library/Application\ Support/Shimo
    • rm -rf ~/Library/Preferences/com.cisco.VPNClient.plist
    • rm -rf ~/Library/Application\ Support/SyncServices/Local/TFSM/com.nexumoja.Shimo.Profiles
    • rm -rf ~/Library/Logs/Shimo*
    • rm -rf ~/Library/Application\ Support/Shimo
    • rm -rf ~/Library/Application\ Support/Growl/Tickets/Shimo.growlTicket
    • exit
  5. Finally run this command:
    • sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn

VPN Checkbox is Greyed out and Cannot be Checked on macOS

  1. If the VPN checkbox is greyed out when installing AnyConnect, the Mac had an incomplete install/removal of VPN client.
  2. [Click Command +space bar] and type Terminal in Spotlight search.
  3. A Terminal window will appear. Copy the following command within the box and Paste into the Terminal window,then press Enter:
    • sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn
  4. Enter your Mac password and press Enter.NOTE: The password field does not move/scroll as you type.
  5. If the current Mac login account has Admin rights, the command will successfully bypass the (corrupt) installed Cisco VPN. If the current Mac login does not have administrator rights, then an admin user/password must be entered to complete this step.
  6. Retry the installation.

Can't Use Duo Security Key with VPN on macOS

Security keys work with the VPN login on Windows computers, but not on macOS. You will need to use the Duo mobile app, or you can generate a temporary Duo code at: duo.oregonstate.edu

Assistance

For assistance,contact the Service Desk.

33% helpful - 3 reviews

Details

Article ID: 51158
Created
Wed 3/28/18 11:42 AM
Modified
Fri 2/9/24 3:12 PM