MacOS provides native support for connecting to the IT Services Cisco-based VPN service. Please note that IT Services support the current and two previous versions of macOS only; for details of supported versions please refer to the Apple Mac Support page.
Configuring the native VPN client on macOS. Printer-friendly version. Once you have configured a network interface on your Mac to connect to the IT Services VPN service you can make a VPN connection whenever you need to. To connect via the inbuilt client: Open System Preferences. FortiClient 5.0 Beta. Fortinet's FortiClient for MacOS solution is capable of providing remote access using IPSec or SSL VPN.
This document contains instructions on how to configure the native VPN client that comes with macOS. In order to use the VPN service you will also need to have the necessary Remote Access Services username and passwords - for details see the main IT Services VPN Service page.
Please make sure that you have read the introduction and general requirements, which apply to all VPN clients, before attempting to configure your computer or mobile device to connect to the VPN.
1. Requirements
There are a number of requirements necessary in order to use the VPN service on Apple Macintoshes; these are detailed below.
- Your computer must be running a supported version of macOS (see Apple Mac Support page for details).
- You computer must already have a connection to the Internet (e.g. via NTL, Compuserve, broadband, ADSL, etc., etc.)
- You must have a Remote Access Services account.
- You must be able to log on as an Administrator of your Mac.
2. Obtaining the prerequisite information for configuring the inbuilt VPN client
As part of the process of configuring the inbuilt VPN client you will need to supply some group configuration information. Members of Oxford University can download a file containing this information from the IT Services Self-Registration Software Registration and Downloads web page. Once on this page select VPN client
from the list. On the next page that appears select VPN shared credentials
. A window containing the information should now pop up on your desktop. Make a note of the IPSec secret
as you will need this information later on (it will be referred to as the shared secret) and then close the window using the close window link.
You have now obtained the information that you need from the Self-registration web pages.
3. Configuring and using the inbuilt VPN client
To use the macOS inbuilt support for Cisco VPN you will first need to open [System Preferences]
, which you can do from the dock, the [Apple]
menu or by finding it in the Applications
folder.
From the [System Preferences]
window click the Network
icon to bring up the Network window.
Click the +
at the bottom of the left hand pane to bring up a dialogue window to add a new network interface. Within the dialogue window make the follow changes:
- set the
Interface
drop down menu toVPN
- set the
VPN type
drop down menu toCisco IP Sec
- change the
Service Name
field to something that is meaningful to you, egVPN (OUCS)
Finally, click the Create
to add the new interface. This will return you to the Network window with the newly added interface ready to configure. To configure the interface make the following changes:
- set the
Server Address
field tovpn.ox.ac.uk
- set the
Account name
andPassword
fields to your remote access account name and password
Next click the Authentication Settings..
button to bring up another dialogue window which requires the following information:
- click the
Shared secret
radio button and fill in the text field using the information that you obtained earlier - set the
Group Name
field tooxford
Click the OK
button to return to the Network window. If you are likely to use the VPN client regularly you may want to include the status of the VPN connection in your menu bar. If you do want to do this you must tick the check box labelled Show VPN status in menu bar
.
Finally, click the Apply
button to complete the configuration for this new VPN interface. The new interface should now appear in the left hand pane indicated by a locked padlock icon. Note that the status of the interface will show as Not connected.
To make a connection to the VPN service simply click the Connect
found on the Network window. (This can be found underneath the Authentication Settings..
button.) Once the connection has been established the Network window will show that the status of the VPN interface has changed to Connected and it will display the connect time and the IP address.
4. Connecting to the IT Services VPN service using the inbuilt VPN client
Once you have configured a network interface on your Mac to connect to the IT Services VPN service you can make a VPN connection whenever you need to. To connect via the inbuilt client:
- Open
[System Preferences]
- Click the
Network
icon to switch to the Network window - Select the VPN connection you configured previously (in this example called
VPN (OUCS)
) in the left hand pane - Click the
Connect
button (found underneath theAuthentication Settings..
button)
Do remember to disconnect from the VPN service once you no longer need it by clicking the Disconnect
button within the Network window.
Alternatively, if you chose to include the status of the VPN connection in your menu bar by ticking the box labelled Show VPN status in menu bar during the configuration process you can connect and disconnect using the VPN icon in the top menu bar. Look for the VPN icon in the top menu bar and click the icon to bring up the drop down menu.
Simply choose the [Connect]
option from this menu to make a VPN connection. You can also use this menu to disconnect your session once you no longer need it.
5. Further Information
For information on firewalls and IP address allocations refer to the IT Services VPN Service technical details page.
If you have problems with the inbuilt client you may be advised to use the Cisco AnyConnect Client. Instructions are available from the Configuring the AnyConnect Client on Mac OS X Systems page.