Manually removing Cisco VPN on OS X

For Christmas my MacBook Pro hard drive decided to die at the ripe old age of 6 months. Go Hitachi!

I restored from a Time Machine backup and installed the full 10.5.6 update. After rebooting the Cisco VPN kernel module would load, attach to the VMware interfaces and immediately trigger a kernel panic and halt the machine after attaching to en0, the onboard ethernet.

I'm fairly positive that no one at Cisco works full-time on the ipsec VPN client anymore given that it never works with a new release of OS X and seems to stop working on alternating dot-release updates. Cisco isn't biased though, the ipsec client still doesn't work right on 32-bit Vista (hey, Vista is only two years old, these things take time!), and there is not, nor will there ever be, an ipsec client for 64-bit versions of Windows.

The latest release of the VPN client for OS X is 4.9.01 (0100), which was released over a year ago on December 6, 2007. Cisco's commitment to the product is evident with the release notes for their "latest" version, which is still listed as 4.9.00 (0050). While this is a bit tongue in cheek, I do think that Cisco's ipsec vpn client is a dead product. They're pushing the SSL/TLS AnyConnect VPN client hard, and AnyConnect shows signs of being an actively mantined product. It also supports x64 versions of Windows.

Manually removing the VPN client

Reboot into single user mode by holding command-S while the computer boots
Remount the / filesystem as read-write (it's read-only by default)
```
/sbin/mount -uw /
```
Run the uninstaller:
```
/usr/local/bin/vpn_uninstall
```

At this point things will either work, or you'll receive an error saying that you need to be the super user (root). That's odd considering you ARE root.

The problem is in these two lines:

ID="/usr/bin/id"
WHOAMI=`$ID|sed -e 's/(.*//'`

When you're in single-user mode the id command fails, returning "Bus error" instead of a line like

uid=501(cfg) gid=20(staff) groups=20(staff),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin)

You'll need to edit the vpn_uninstall script by hand and fake the check. Use nano or your preferred editor to edit the file.

nano /usr/local/bin/vpn_uninstall

Add a new line right after WHOAMI=`$ID|sed -e 's/(.*//'`:

WHOAMI="uid=0"

The file should now look like:

ID="/usr/bin/id"
WHOAMI=`$ID|sed -e 's/(.*//'`
WHOAMI="uid=0"

Save the file (ctrl+o, enter, ctrl+x, enter) and re-run /usr/local/bin/vpn_uninstall. At this point it should uninstall successfully and you can type reboot to restart sans-vpn client.

Tags: Cisco, OS X, VPN, Windows, x64

Posted on Wednesday, December 31st, 2008 at 11:00 am | Filed under Software, Technology
You can follow any responses to this entry through the Comments feed.
Post a Comment | Trackback URL | Permalink URL

One Response to “Manually removing Cisco VPN on OS X”

Stephen Hultquist Says:
March 2nd, 2009 at 12:31 pm
Thanks; this turned out to be very helpful!

Recent Posts
Recent Comments
- andy rosenstock on Deploying tokens to the RSA SecurID iPhone Application
- Si on BlackBerry App World EULA – In Pictures
- Gin on ColdFusion – SQLServer JDBC Driver Unsupported data conversion
Categories
- BlackBerry
- Development
- iPhone
- JavaScript
- links
- Personal
- Software
- Tablet PC
- Technology
- VMware
RSS Links
- Posts RSS Feed
- Comments RSS Feed
Subscribe by E-mail
Archives
Revenue
Recommended
Services used and recommended by Corey.
- The best text and binary newsgroup service around. 365 day binary retention on August 7, 2009.
- Back up your Exchange Server, SQL Server and more. Built on rsync.

The views expressed on these pages are mine alone and not those of any past or present employer. All information presented on this site was obtained lawfully and not through disclosure under the terms of an NDA.