For those of you using the inbuilt VPN features on OS X, you may have noticed that from time to time it will stop wanting to connect. For me, pretty much any time I disconnect from VPN, the next time I try to connect I will get an unfriendly message that looks like this:
This happens to me way too often. It can happen when trying to connect, it can happen after disconnecting and then reconnecting, it can happen without any apparent provocation.
In the past it seemed like the only option was to completely restart OS X. As you can imagine, this is not an acceptable solution to someone who keeps a lot of apps open, needs to use VPN frequently, and who doesn’t wish to waste time rebooting for no good reason.
Thankfully, Joe Bernard was able to track down the solution and was kind enough to share it with me.
Apparently there’s a process in OS X called “racoon”. Racoon is in charge of VPN connections. Here’s what Apple’s man pages have to say about it:
racoon is used to setup and maintain an IPSec tunnel or transport channel, between two devices, over which network traffic is conveyed securely. This security is made possible by cryptographic keys and operations on both devices. racoon relies on a standardized network protocol (IKE) to automatically negotiate and manage the cryptographic keys (e.g. security associations) that are necessary for the IPSec tunnel or transport channel to function. racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with other hosts. The SPD (Security Policy Database) in the kernel usually triggers racoon. racoon usually sends all informational messages, warnings and error messages to syslogd(8) with the facility LOG_DAEMON and the priority LOG_INFO. Debugging messages are sent with the priority LOG_DEBUG. You should configure syslog.conf(5) appropriately to see these messages.
In a nutshell, Racoon gets borked. Sometimes this means that the racoon process needs to be restarted, but in my experience 99% of the time it means that it’s not actually running.
So, you can restart racoon from the terminal like so:
sudo /usr/sbin/racoon
I’ve also found that sometimes you need to restart the various networking interfaces you’re using. Because of this, I ended up writing a shell script I call fixnetwork.sh:
sudo ifconfig en0 down sudo ifconfig en1 down sudo ifconfig en0 up sudo ifconfig en1 up sudo /usr/sbin/racoon
I put this in my home directory, set it to be executable, and can run it like so:
~/fixnetwork.sh
Works like a charm for me. No more reboots to fix borked VPN connections! Productivity, here I come!
DougHughes.net 