Fix VPN dropouts on Mac OSX

1. Connect to the VPN (so OSX generates the racoon configuration file)

2. Copy the generated configuration file to /etc/racoon:

    $ sudo cp /var/run/racoon/ /etc/racoon ( being the IP address of the server address)

3. Edit the racoon configuration file with your favorite editor (vim):

    $ sudo vim /etc/racoon/racoon.conf

4. At the bottom of the file comment out the line:

   # include "/var/run/racoon/*.conf" ;

5. ... and instead include the copied file (which we will edit):

   include "/etc/racoon/" ;

6. Edit the generated configuration file with your favorite editor (vim):

    $ sudo vim /etc/racoon/

7. Disable dead peer detection:

    dpd_delay 0;

8. Change proposal check to claim from obey:

     proposal_check claim;

9. Change the proposed lifetime in each proposal (24 hours instead of 3600 seconds):

     lifetime time 24 hours;

10. Disconnect and reconnect (this time racoon will use your custom configuration)

11. Use the VPN for at least 45 minutes and hopefully it won't drop! 


The most important thing is to change the proposal_check option. From the racoon.conf manual:

proposal_check level;

    claim     If the responder's lifetime length is longer than the initiator's or the 

                 responder's key length is shorter than the initiator's, the responder will

                 use the initiator's value.  If the responder's lifetime length is shorter than the 

                 initiator's, the responder uses its own length AND sends a RESPONDER-

                 LIFETIME notify message to an initiator in the case of lifetime (phase 2 only)


Caveats: if you use multiple VPN connections you have to copy all configuration files to /etc/racoon and add appropriate include lines. If your VPN server changes IP you have to remember to update this file since changing it in System Preferences won't have an effect, etc.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk