VPN Client User Guide for Mac OS X, Release 4.6 - Installing the VPN Client [Cisco VPN Client]

Table Of Contents

Installing the VPN Client

Verifying System Requirements

Gathering Information You Need

Obtaining the VPN Client Software

Preconfiguring the VPN Client

Preconfiguring the User Profile

Preconfiguring the Global Profile

Bundling a Root Certificate with the Installation Package for Darwin

Installing the VPN Client

Authentication

VPN Client Installation Process

Introduction

Accepting the License Agreement

Selecting the Application Destination

Choosing the Installation Type

CLI Version Install Script Notes

Uninstalling the VPN Client

Installing the VPN Client

This chapter describes how to install the VPN Client for Mac OS X.

Verifying System Requirements

The VPN Client for Mac OS X runs on any Power Macintosh or compatible computer with the Macintosh operating system Versions 10.2 or later and 30 MB of hard disk space.

Mac OS X VPN Clients support only single interface FastEthernet network adapters. This VPN Client does not support any multiport adapters.

Gathering Information You Need

To configure and use the VPN Client, you might need the following information.

You can normally obtain this information from the system administrator of the private network you want to access. The system administrator might have preconfigured much of this data.

•Hostname or IP address of the secure gateway you are connecting to

•Your IPSec Group Name (for preshared keys)

•Your IPSec Group Password (for preshared keys)

•If authenticating with a digital certificate, the name of the certificate

•If authenticating through one of the following methods, your username and password

–The secure gateway's internal server

–A RADIUS server

–An NT Domain server

•If authenticating through a token vendor, your username and PIN

•If you are configuring backup server connections, the hostnames or IP addresses of the backup servers

Obtaining the VPN Client Software

The VPN Client software is available from the Cisco website and comes as a disk image file (vpnclient-<version>-GUI.k9.dmg). Only system administrators can obtain and distribute the VPN Client software.

To obtain the installer:

Step 1 Copy or download the image file to your Desktop.

Step 2 Double-click to extract the VPN Client installer to your Desktop.

Step 3 The image file remains on the Desktop.

Preconfiguring the VPN Client

This section describes how to distribute preconfigured configuration files (user profiles) and GUI preference files to the VPN Client installer.

•To distribute custom user profiles to the installer program, place the files in the Profiles folder of the VPN Client installer.

•To distribute custom images, place the files in the Resources folder of the VPN Client installer.

•To distribute custom global profiles, place the vpnclient.ini in the root folder of the VPN Client installer directory.

Note Refer to the Cisco VPN Client Administrator Guide for information on creating user profiles, global profiles, and the complete list of file parameters, keywords, and values.

To access the installer directory

Step 1 Double-click the vpnclient installer icon. (Figure 2-1).

Figure 2-1 Installer Icon

Alternately, you can right-click (control-click) the VPN Client installer icon and choose Open from the menu.

Figure 2-2 shows the vpnclient installer directory. This directory contains the installer package and any preconfigured files in the Profiles and Resources folders.

Figure 2-2 VPN Client Installer Directory

Preconfiguring the User Profile

The VPN Client uses parameters that must be uniquely configured for each remote user of the private network. Together these parameters make up a user profile, which is contained in a profile configuration file (.pcf file).

To distribute preconfigured profiles, copy the configuration files (.pcf files) into the Profiles folder in the vpnclient installer directory.

Any file with a .pcf extension found in this folder is placed in the Profiles directory when the VPN Client is installed.

Preconfiguring the Global Profile

A global profile sets rules for all remote users; it contains parameters for the VPN Client as a whole. The name of the global profile file is vpnclient.ini. Place the vpnclient.ini file in the VPN Client Installer directory, at the same level as the Profiles and Resources folders.

The vpnclient.ini file controls the following features:

•Control of logging services by class

•Certificate enrollment

•Missing group warning message

•VPN Client GUI preferences, such as window locations and sizes

If you do not preconfigure a global profile, the vpnclient.ini file is populated with default settings. Each time you make changes, the vpnclient.ini file is updated and stored.

Bundling a Root Certificate with the Installation Package for Darwin

To use mutual authentication, the VPN Client computer must have a root certificate installed. You can bundle a root certificate with the installation package so that the root certificate is installed automatically. The following steps place a root certificate with the installation package. The root certificate is contained in a file. The name of the file must be rootcert with no extension.

Step 1 In the GUI, double-click vpnclient-darwin-<version>-K9.dmg or using the CLI, open vpnclient-darwin-<version>-K9.dmg.

Step 2 In the GUI, drag and drop the root certificate into the CiscoVPNClient folder on the desktop, making sure the file is renamed to rootcert or using the CLI, enter the following command.
cp -f <path_to_root_cert>/<root_cert_filename> /Volumes/CiscoVPNClient
Step 3 In the GUI, press <Apple>-E while focusing on the CiscoVPNClient folder or using the CLI, enter the following command.
umount /Volumes/CiscoVPNClient
Installing the VPN Client

The following sections describe how to install the VPN Client software. The VPN Client for Mac OS X installer program installs, by default, both the graphical user interface and the command-line version of the VPN Client. However, you are not required to install the GUI. See the "Choosing the Installation Type" section for more information.

Note We recommend that you uninstall any previous version of the VPN Client for Mac OS X before you install a new version. For more information, see "Uninstalling the VPN Client" section.

Authentication

Before you can start the installation process, you must show that you have installation privileges.

Step 1 Open the installer package by double-clicking the Cisco VPN Client.mpkg file that resides in the installer directory. (See Figure 2-2).

The Authorization window appears (Figure 2-3). You must have an administrator password to install the VPN Client application.

Figure 2-3 Authorization Window

Step 2 Click the lock to authenticate your password. The Authenticate dialog box appears (Figure 2-4).

Figure 2-4 Authenticate Dialog Box

Step 3 Enter your administrator username and a password or challenge phrase.

Step 4 Click OK.

If the authentication is successful, continue to the installation process. Contact your network administrator if you cannot authenticate for installation.

VPN Client Installation Process

You must complete all steps in the VPN Client installation process before you can use the VPN Client software.

At any time during the installation process, you can go back to a previous step and adjust your selections.

The installation process includes the following steps:

•Introduction

•Accepting the License Agreement

•Selecting the Application Destination

•Choosing the Installation Type

Introduction

The first window that appears during installation is the introduction. The right pane of the Introduction window (Figure 2-5) lists system requirements. The left pane displays each of the installation steps. As you complete each step, it is highlighted with a blue bullet.

Figure 2-5 Cisco VPN Client—Introduction Window

Click Continue.

Accepting the License Agreement

You are required to read and accept the Cisco software license agreement before you can continue with the installation process (See Figure 2-6).

Figure 2-6 Cisco Licence Agreement

Before you accept the license agreement, you can:

•Print the license agreement.

•Save the license agreement to a file.

•Go Back to the Introduction window.

•Continue and agree to the terms in the license agreement.

When you have completely read the Cisco VPN Client software license agreement, click Continue.

To continue with the installation, click Agree.

Selecting the Application Destination

If your workstation has more than one disk drive, you can select the destination volume to install the VPN Client on your workstation. Figure 2-7 shows the Select Destination window.

Figure 2-7 Select Destination Window

Click Continue. The VPN Client is installed in the Applications directory.

Choosing the Installation Type

The default installation process installs the following packages with the VPN Client application:

•VPN Client application binaries (includes everything in the directory /usr/local/bin, including the ipseclog).

•VPN Client graphical user interface.

•VPN Client kernel extension

•VPN Client profiles (includes the global profile, vpnclient.ini, and any user profiles, *.pcf files).

•VPN startup (the system startup script to automatically start the client at boot time).

The VPN Client application binaries and the VPN Client kernel extension must be part of your installation. However, installing the other three packages is optional.

To install all packages, click Install on the Easy Install window (Figure 2-8).

Figure 2-8 Easy Install Window

To choose which packages to install, click Customize to open the Custom Install window (Figure 2-9).

Figure 2-9 Custom Install Window

The packages with the blue check box are optional. To make a package part of your installation, check the blue box. To remove a package from your installation, uncheck the blue box.

Click Easy Install to return to the default installation packages, or Install to continue with a custom installation.

A progress bar lists the installation steps as they occur (Figure 2-10).

Figure 2-10 Install Software Progress Window

When the installation is finished, a window appears to indicate whether the installation was successful (Figure 2-11).

Figure 2-11 Successful Installation Confirmation Window

Click Close.

If you do not receive this confirmation, the installation was not successful. You must start the installation process again from the beginning or contact your network administrator for assistance.

To begin using the Client, double-click the VPN Client application icon located in the Applications directory (Figure 2-12).

Figure 2-12 Location of VPN Client Application

CLI Version Install Script Notes

The VPN Client installer includes both the graphical user interface and the command-line version of the VPN Client for Mac OS X. You can choose to manage the VPN Client using only the command-line.

Use the following commands to start, stop, and restart VPN service:
/System/Library/StartupItems/CiscoVPN/CiscoVPN start
/System/Library/StartupItems/CiscoVPN/CiscoVPN stop
/System/Library/StartupItems/CiscoVPN/CiscoVPN restart
Alternately, you can use these commands to interact with the kernel extension:
sudo SystemStarter start CiscoVPN
sudo SystemStarter stop CiscoVPN
sudo SystemStarter restart CiscoVPN
During the installation process, the application binaries are copied to the specified destination directory.

Uninstalling the VPN Client

This section describes how to uninstall the VPN Client.

Note You must have administrator privileges to uninstall the VPN Client. If you do not have administrator privileges, you must have someone with administrator privileges uninstall the product for you.

Note We recommend that you uninstall any previous version of the VPN Client for Mac OS X before you install a new version.

The VPN Client uninstall script uninstalls any previous command-line or GUI version of the VPN Client from your workstation.

To uninstall the VPN Client for Mac OS X

Step 1 Open a terminal window.

Step 2 Run the following command:
sudo /usr/local/bin/vpn_uninstall
Step 3 Enter your password

Step 4 You are prompted to remove all profiles and certificates.

•If you answer yes, all binaries, startup scripts, certificates, profiles, and any directories that were created during the installation process are removed.

•If you answer no, all binaries and startup scripts are removed, but certificates, profiles, and the vpnclient.ini file remain.

	VPN Client User Guide for Mac OS X, Release 4.6
	Installing the VPN Client
VPN Client User Guide for Mac OS X, Release 4.6 Index Preface Understanding the VPN Client Installing the VPN Client Navigating the User Interface Configuring Connection Entries Establishing a VPN Connection Enrolling and Managing Certificates Managing the VPN Client	Download this chapter Installing the VPN Client Download the complete book VPN Client User Guide for Mac OS X, Release 4.6 (PDF - 2 MB) Table Of Contents Installing the VPN Client Verifying System Requirements Gathering Information You Need Obtaining the VPN Client Software Preconfiguring the VPN Client Preconfiguring the User Profile Preconfiguring the Global Profile Bundling a Root Certificate with the Installation Package for Darwin Installing the VPN Client Authentication VPN Client Installation Process Introduction Accepting the License Agreement Selecting the Application Destination Choosing the Installation Type CLI Version Install Script Notes Uninstalling the VPN Client Installing the VPN Client This chapter describes how to install the VPN Client for Mac OS X. Verifying System Requirements The VPN Client for Mac OS X runs on any Power Macintosh or compatible computer with the Macintosh operating system Versions 10.2 or later and 30 MB of hard disk space. Mac OS X VPN Clients support only single interface FastEthernet network adapters. This VPN Client does not support any multiport adapters. Gathering Information You Need To configure and use the VPN Client, you might need the following information. You can normally obtain this information from the system administrator of the private network you want to access. The system administrator might have preconfigured much of this data. •Hostname or IP address of the secure gateway you are connecting to •Your IPSec Group Name (for preshared keys) •Your IPSec Group Password (for preshared keys) •If authenticating with a digital certificate, the name of the certificate •If authenticating through one of the following methods, your username and password –The secure gateway's internal server –A RADIUS server –An NT Domain server •If authenticating through a token vendor, your username and PIN •If you are configuring backup server connections, the hostnames or IP addresses of the backup servers Obtaining the VPN Client Software The VPN Client software is available from the Cisco website and comes as a disk image file (vpnclient-<version>-GUI.k9.dmg). Only system administrators can obtain and distribute the VPN Client software. To obtain the installer: Step 1 Copy or download the image file to your Desktop. Step 2 Double-click to extract the VPN Client installer to your Desktop. Step 3 The image file remains on the Desktop. Preconfiguring the VPN Client This section describes how to distribute preconfigured configuration files (user profiles) and GUI preference files to the VPN Client installer. •To distribute custom user profiles to the installer program, place the files in the Profiles folder of the VPN Client installer. •To distribute custom images, place the files in the Resources folder of the VPN Client installer. •To distribute custom global profiles, place the vpnclient.ini in the root folder of the VPN Client installer directory. Note Refer to the Cisco VPN Client Administrator Guide for information on creating user profiles, global profiles, and the complete list of file parameters, keywords, and values. To access the installer directory Step 1 Double-click the vpnclient installer icon. (Figure 2-1). Figure 2-1 Installer Icon Alternately, you can right-click (control-click) the VPN Client installer icon and choose Open from the menu. Figure 2-2 shows the vpnclient installer directory. This directory contains the installer package and any preconfigured files in the Profiles and Resources folders. Figure 2-2 VPN Client Installer Directory Preconfiguring the User Profile The VPN Client uses parameters that must be uniquely configured for each remote user of the private network. Together these parameters make up a user profile, which is contained in a profile configuration file (.pcf file). To distribute preconfigured profiles, copy the configuration files (.pcf files) into the Profiles folder in the vpnclient installer directory. Any file with a .pcf extension found in this folder is placed in the Profiles directory when the VPN Client is installed. Preconfiguring the Global Profile A global profile sets rules for all remote users; it contains parameters for the VPN Client as a whole. The name of the global profile file is vpnclient.ini. Place the vpnclient.ini file in the VPN Client Installer directory, at the same level as the Profiles and Resources folders. The vpnclient.ini file controls the following features: •Control of logging services by class •Certificate enrollment •Missing group warning message •VPN Client GUI preferences, such as window locations and sizes If you do not preconfigure a global profile, the vpnclient.ini file is populated with default settings. Each time you make changes, the vpnclient.ini file is updated and stored. Bundling a Root Certificate with the Installation Package for Darwin To use mutual authentication, the VPN Client computer must have a root certificate installed. You can bundle a root certificate with the installation package so that the root certificate is installed automatically. The following steps place a root certificate with the installation package. The root certificate is contained in a file. The name of the file must be rootcert with no extension. Step 1 In the GUI, double-click vpnclient-darwin-<version>-K9.dmg or using the CLI, open vpnclient-darwin-<version>-K9.dmg. Step 2 In the GUI, drag and drop the root certificate into the CiscoVPNClient folder on the desktop, making sure the file is renamed to rootcert or using the CLI, enter the following command. cp -f <path_to_root_cert>/<root_cert_filename> /Volumes/CiscoVPNClient Step 3 In the GUI, press <Apple>-E while focusing on the CiscoVPNClient folder or using the CLI, enter the following command. umount /Volumes/CiscoVPNClient Installing the VPN Client The following sections describe how to install the VPN Client software. The VPN Client for Mac OS X installer program installs, by default, both the graphical user interface and the command-line version of the VPN Client. However, you are not required to install the GUI. See the "Choosing the Installation Type" section for more information. Note We recommend that you uninstall any previous version of the VPN Client for Mac OS X before you install a new version. For more information, see "Uninstalling the VPN Client" section. Authentication Before you can start the installation process, you must show that you have installation privileges. Step 1 Open the installer package by double-clicking the Cisco VPN Client.mpkg file that resides in the installer directory. (See Figure 2-2). The Authorization window appears (Figure 2-3). You must have an administrator password to install the VPN Client application. Figure 2-3 Authorization Window Step 2 Click the lock to authenticate your password. The Authenticate dialog box appears (Figure 2-4). Figure 2-4 Authenticate Dialog Box Step 3 Enter your administrator username and a password or challenge phrase. Step 4 Click OK. If the authentication is successful, continue to the installation process. Contact your network administrator if you cannot authenticate for installation. VPN Client Installation Process You must complete all steps in the VPN Client installation process before you can use the VPN Client software. At any time during the installation process, you can go back to a previous step and adjust your selections. The installation process includes the following steps: •Introduction •Accepting the License Agreement •Selecting the Application Destination •Choosing the Installation Type Introduction The first window that appears during installation is the introduction. The right pane of the Introduction window (Figure 2-5) lists system requirements. The left pane displays each of the installation steps. As you complete each step, it is highlighted with a blue bullet. Figure 2-5 Cisco VPN Client—Introduction Window Click Continue. Accepting the License Agreement You are required to read and accept the Cisco software license agreement before you can continue with the installation process (See Figure 2-6). Figure 2-6 Cisco Licence Agreement Before you accept the license agreement, you can: •Print the license agreement. •Save the license agreement to a file. •Go Back to the Introduction window. •Continue and agree to the terms in the license agreement. When you have completely read the Cisco VPN Client software license agreement, click Continue. To continue with the installation, click Agree. Selecting the Application Destination If your workstation has more than one disk drive, you can select the destination volume to install the VPN Client on your workstation. Figure 2-7 shows the Select Destination window. Figure 2-7 Select Destination Window Click Continue. The VPN Client is installed in the Applications directory. Choosing the Installation Type The default installation process installs the following packages with the VPN Client application: •VPN Client application binaries (includes everything in the directory /usr/local/bin, including the ipseclog). •VPN Client graphical user interface. •VPN Client kernel extension •VPN Client profiles (includes the global profile, vpnclient.ini, and any user profiles, .pcf files). •VPN startup (the system startup script to automatically start the client at boot time). The VPN Client application binaries and the VPN Client kernel extension must be part of your installation. However, installing the other three packages is optional. To install all packages, click Install on the Easy Install window (Figure 2-8). Figure 2-8 Easy Install Window To choose which packages to install, click Customize to open the Custom Install window (Figure 2-9). Figure 2-9 Custom Install Window The packages with the blue check box are optional. To make a package part of your installation, check the blue box. To remove a package from your installation, uncheck the blue box. Click Easy Install to return to the default installation packages, or Install to continue with a custom installation. A progress bar lists the installation steps as they occur (Figure 2-10). Figure 2-10 Install Software Progress Window When the installation is finished, a window appears to indicate whether the installation was successful (Figure 2-11). Figure 2-11 Successful Installation Confirmation Window Click Close. If you do not receive this confirmation, the installation was not successful. You must start the installation process again from the beginning or contact your network administrator for assistance. To begin using the Client, double-click the VPN Client application icon located in the Applications directory (Figure 2-12). Figure 2-12 Location of VPN Client Application CLI Version Install Script Notes The VPN Client installer includes both the graphical user interface and the command-line version of the VPN Client for Mac OS X. You can choose to manage the VPN Client using only the command-line. Use the following commands to start, stop, and restart VPN service: /System/Library/StartupItems/CiscoVPN/CiscoVPN start /System/Library/StartupItems/CiscoVPN/CiscoVPN stop /System/Library/StartupItems/CiscoVPN/CiscoVPN restart Alternately, you can use these commands to interact with the kernel extension: sudo SystemStarter start CiscoVPN sudo SystemStarter stop CiscoVPN sudo SystemStarter restart CiscoVPN During the installation process, the application binaries are copied to the specified destination directory. Uninstalling the VPN Client This section describes how to uninstall the VPN Client. Note* You must have administrator privileges to uninstall the VPN Client. If you do not have administrator privileges, you must have someone with administrator privileges uninstall the product for you. Note We recommend that you uninstall any previous version of the VPN Client for Mac OS X before you install a new version. The VPN Client uninstall script uninstalls any previous command-line or GUI version of the VPN Client from your workstation. To uninstall the VPN Client for Mac OS X Step 1 Open a terminal window. Step 2 Run the following command: sudo /usr/local/bin/vpn_uninstall Step 3 Enter your password Step 4 You are prompted to remove all profiles and certificates. •If you answer yes, all binaries, startup scripts, certificates, profiles, and any directories that were created during the installation process are removed. •If you answer no, all binaries and startup scripts are removed, but certificates, profiles, and the vpnclient.ini file remain.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.