#88 applejack auto restart impacts VPN

1.6.x
closed
3
2012-10-09
2010-07-14
steve k
No

After waiting anxiously for applejack 1.6 I just recently downloaded and installed it, planning on submitting a well-deserved donation. However, I was disappointed to realize that after the restart my Cisco VPN stopped working. I eventually figured out what I had to do, but the behavior of VPN changed, and this impacts my ability to work with my other Corporate cronies. What changed is that after entering the passcode (which consists of a personal PIN followed by a six-digit number from my RSA SecureID card) another dialog box appeared requesting the "next PASSCODE". This second dialog box NEVER appeared before applejack 1.6 was used. Somehow using applejack has changed the configuration parameters of VPN, or otherwise has affected VPN configuration files in such a way that this second dialog now appears (I figured out I just had to add the next six-digit passcode from my RSA SecureID card, but this was never necessary).

Anyway, this is more than annoying, but tells me there might be some action performed by applejack that is affecting configuration files, or at least impacting VPN. I am now hesitant to use it for fear continued use might further compromise my network, and I rely too heavily on that to risk exposure to applejack. Needless to say I am vastly disappointed.

But many thanks for putting in the work so others may benefit from this useful tool.

Discussion

  • Kristofer Widholm

    First thing I would do is call the tech support of the corporate VPN supplier you are using. The most likely thing I can think of is that they've deleted or reset the keyfob registration. I've run into this problem before when they've had to do an emergency upgrade or complete reboot of their VPN server.

    It is possible that this is caused by one of AppleJack's cleanup routines. This is probably a good time to remind people that AppleJack is a troubleshooting tool, not a maintenance tool. The basic problem is that Apple (as well as other developers) do not always use cache files or plist files in compliant ways.

    Some Apple-built programs create cache files, and somehow fail to rebuild them properly after they are deleted--this despite the fact that a cache file, by definition, is always supposed to be deleteable without consequence. Apple is not the only company that does this, and it's possible Cisco also uses cache files in a non-compliant way.

    The second issue is that, if Cisco is storing some authentication token or key in a plist file, they might also be using non-standard plist XML.

    Please check the output of your AppleJack log (/var/log/AppleJack.log) for any mention of cisco vpn related files. Do you see any place where it mentions a preference file having been moved to the "corrupt" folder? Do you see any entries where cisco related files were deleted from cache?

    Did you run AppleJack in the deep cleaning mode, or the regular mode?

    What operating system version are you using, what is the make of your computer, and what version of Cisco VPN client are you using? If you were to attach a copy of your AppleJack log, we could make some progress here.

    I'm sorry you're having trouble, but I do think it's premature to pin the blame on AppleJack.

     
  • steve k

    steve k - 2010-07-19

    I have tried to re-create the problem over the weekend with no luck. So at the risk of looking like I don't know what I am doing, I am going to change this Status to Closed and move on.

    I used "applejack auto restart", logged in, and went to SL's VPN and logged in successfully, not requiring a subsequent PASSCODE as I had been previously prompted to do.

    I had check with my corporate IT department, and checks on there end showed everything was just fine. They could not explain the reason why I would have been prompted for a subsequent PASSCORD.

    I will keep my eye on this and reopen this bug if the issue reappears. It certainly should be at a low priority. Once I enter any subsequent PASSCODE, further VPN connection requests do not result in requiring the subsequent PASSCODE, so some sync-ing between the VPN client and VPN server must have been performed.

    Thanks for your time and effort in getting Applejack available for Snow Leopard.

     
  • Kristofer Widholm

    Thanks for your response. It does seem like this was a transient thing. Did you see any mention of any cisco -related files in the AppleJack log?

     
  • SourceForge Robot

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     

Log in to post a comment.