If you are having an issue with the Cisco VPN client after upgrading to OS X Mavericks, here is the solution...
open a terminal (iterm)
# edit the sysctl.conf file
sudo vim /etc/sysctl.conf
# comment out the following line.
kern.ipc.maxsuckbuf=512000.
Your file should look like this after you edit...
#
# Tuning network for broadband
#
# START
# kern.ipc.maxsockbuf=512000
net.inet.tcp.sendspace=131072
net.inet.tcp.recvspace=358400
# END
# Last step is to reboot.
/etc/sysctl.conf doesn't exist in OSX.
ReplyDeleteOn Mavericks, it does exist.
DeleteI'm running Mavericks and the above file does not exist.
DeleteThe network tuning lines is from the Apple Broadband Tuner ( http://support.apple.com/downloads/Broadband_Tuner_1_0 ). Most OS X installs were not from that era, and don't have those lines.
ReplyDeleteThis was from a default Mountain lion install upgraded to Mavericks.
DeleteI tried it this morning, no luck. I also did not have this file available.
ReplyDeleteThis worked perfectly for me. (Original system OS was Mountain Lion, upgraded to Mavericks.) Thank you, thank you, thank you Khalid!
ReplyDeleteI'm glad to see it worked for you as well. Thanks for the feedback.
Delete100% worked for me. Stock ML install from March 2013 when I bought it new. Cheers man, you saved me hours of nonsense!
ReplyDeleteWhere is this file? In what directory?
ReplyDeleteNever mind. I don't have that file in my /etc directory. Ugh.
ReplyDeleteI am missing the sysctl.conf file as well. Can someone post a working copy of one? Not sure if I copy it in place if it will work or not.
ReplyDeleteA file /etc/sysctl.conf can be created, and system will read it on next boot.
ReplyDeleteYou have net.inet.tcp.recvspace value set to 358400, but default value is 131072.
On my Mavericks installation:
$uname -a
Darwin macbookpro.local 13.0.0 Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64 x86_64
$ ls /etc/sysctl.conf
ls: /etc/sysctl.conf: No such file or directory
$ sysctl -a | grep kern.ipc.maxsockbuf
kern.ipc.maxsockbuf: 4194304
$ sysctl -a | grep net.inet.tcp.sendspace
net.inet.tcp.sendspace: 131072
$ sysctl -a | grep net.inet.tcp.recvspace
net.inet.tcp.recvspace: 131072
Anyconnect have reconnects each 5 minutes... Can you show kern.ipc.maxsockbuf value on your system? Perhaps net.inet.tcp.recvspace need to be changed, not sure...
I can create the file? How? I read your post, but it's all Greek to me.
ReplyDeleteJust place text files named as 'sysctl.conf' to the /etc directory.
DeleteBut if you not clearly know what are you doing with this file please wait. Maybe values we are discuss are not solve the problem. I need to check it, but I can't do it right now.
Anyway, you have been warned, be careful.
sysctl.conf - is kernel tuning file. System read it on boot and in case mistakes, wrong line, etc... booting can stuck or performance may degrade.
Confirmed cases where this has fixed the issue has been Mountain Lion upgraded to Mavericks.
ReplyDeleteKhalid, can you show values of kern.ipc.maxsockbuf, net.inet.tcp.sendspace and net.inet.tcp.recvspace keys on system which AnyConnect work without issue?
DeleteThe file in the post is the original from my system. Also, I have 8GB RAM on a MBP and it works for me. So 16GB not required.
DeleteI have iMac with 16Gb of RAM and MBP-13 with 8Gb of RAM. Mavericks installed on both, upgrade from ML to Mavericks. iMac with 16Gb RAM works fine with Anyconnect.
ReplyDelete16Gb machine - kern.ipc.maxsockbuf = 8388608 (8Mb for network buffer)
8Gb machine - kern.ipc.maxsockbuf = 4194304 (4Mb for network buffer)
4Mb of buffer size apparently is not enough for Anyconnect. In my situation Anyconnect every 4 minutes make reconnection on my 8Gb MacBook, but work stable on 16Gb iMac.
kern.ipc.maxsockbuf on most systems is can be changed, but on Mavericks CAN NOT.
Trying to change this causes to a message "Sysctl: kern.ipc.maxsockbuf: the result is too large".
So... if your Mac has less 16Gb of RAM this solution is not for you.
I have 8GB of RAM and its working fine after the fix above.
DeleteI don't have the file either. I upgraded from ML but for some reason I don't have that file.
ReplyDeleteI created the file inside the /etc folder, rebooted, but no success. It still reconnects every 3 minutes as I can see through the Statistics Window. Although I would say the network connection itself lasts less than 2 minutes. The rest of the 3 minutes it just freezes up.
Just FYI, my Cisco AnyConnect version is 3.1.02040 running on an 8Gb Mac Mini.
Thanks for all your efforts out there!
Uninstalled v3.1.02040 and installed v3.1.03103 with no success either. The sysctl.conf file was not there, nor it helped creating it. FYI.
DeleteHi, I tried creating and changing the values in /etc/sysctl.conf file and rebooted, but there is no luck. I am using MacBook Pro with 8GB RAM and upgraded from Mountain Lion to Mavericks.
ReplyDeletemy Cisco AnyConnect version is 3.1.04072
Yep... The amount of memory, as I wrote earlier, does not affect the Anyconnect, problem is deeper.
ReplyDeleteSome time ago I set net.inet.ip.scopedroute=0 in /Library/Preferences/SystemConfiguration/com.apple.Boot.plist.
After removing any added lines from com.apple.Boot.plist Anyconnect is WORKING without repeated reconnects. It's strange, but I checked several times.
General idea - remove all kernel flags and parameters set by third-party programms, or your self.
Check boot arguments in Terminal by command:
sysctl -a kern.bootargs
Output should be:
$ sysctl -a kern.bootargs
kern.bootargs:
$
Check the /Library/Preferences/SystemConfiguration/com.apple.Boot.plist for any non-default strings. It should look like this:
Kernel Flags
com.apple.Boot.plist may be binary plist. Convert it by command in Terminal:
plutil -convert xml1 /Library/Preferences/SystemConfiguration/com.apple.Boot.plist -o ~/Desktop/com.apple.Boot.plist
А Text file will appear on your Desktop, open it, if no nothing non-default don't touch /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
Check net.inet.ip.scopedroute in Terminal by command:
sysclt -a net.inet.ip.scopedroute
Output should be:
$ sysctl -a net.inet.ip.scopedroute
net.inet.ip.scopedroute: 1
If you see 'net.inet.ip.scopedroute: 0' you need set it to 1.
Edit /Library/Preferences/SystemConfiguration/com.apple.Boot.plist, like
.......
Kernel Flags
net.inet.ip.scopedroute=1
......
In my case it helped.
Oh NO... XML tags cleaned
DeleteI set my recvspace to the number from the original post above, as such:
ReplyDelete$ sysctl -w net.inet.tcp.recvspace=358400
net.inet.tcp.recvspace: 131072 -> 358400
It worked. I have now been successfully connected through VPN for 27+ minutes, without creating a "sysctl.conf" file, and without rebooting. However, after setting my recvspace to 358400, I then attempted to set maxsokbuf to a higher value, which then resulted in me being kicked out to the login screen and had to login again. I'm on a late 2009 iMac with 4GB of RAM. Following are the values I have:
kern.ipc.maxsockbuf = 4194304
net.inet.tcp.sendspace = 131072
net.inet.tcp.recvspace = 358400
Stoked!
Thanks for sharing Dan. Hopefully this helps the folks with a similar setup.
DeleteWorked. Mid 2013 MBA ML upgraded to Mavericks. No file existed so created file with textedit and save as a new document in desktop and moved to /etc folder. In the file, copied from above:
ReplyDelete# START
# kern.ipc.maxsockbuf=512000
net.inet.tcp.sendspace=131072
net.inet.tcp.recvspace=358400
# END
My VPN connect has not dropped or need to reconnect since. Thank you Khalid!
Glad to see it worked for you as well.
DeleteDan, did doing the sysctl -w ** commands result in your fix for the VPN working across reboots. The reason I asked is this page here "http://hints.macworld.com/article.php?story=20060616112919669&mode=print" has a statement "If you would like these changes to be preserved across reboots you can edit /etc/sysctl.conf".
ReplyDeleteYes, before I rebooted I installed the Apple Broadband Tuner (referred to earlier in the thread) and set the sysctl.conf values to those I used above.
DeleteTried setting the recvspace to 358400 on my MacBook Pro 8G with no help
ReplyDeleteMBP 2011, 8gb ram: I fixed my problem by having a connection to a Wifi and the network cable plugged in at the same time. Otherwise, wifi or cable alone, the connection dropped every 2-4min.
ReplyDeleteHope this can help someone.
MacBook Pro 8GB, I have changed recvspace to 358400 and still its not working :(
ReplyDeleteMy VPN drops every few minutes when connected at the office on wireless n connection. At home connecting from wireless g connection I have no issues at all. Hopefully all my hotels will be wireless g and I will be fine awaiting a fix. If not maybe I will try this fix....
ReplyDeleteGeorge
MBPr 15" 2012
ReplyDelete# START
# kern.ipc.maxsockbuf=512000
net.inet.tcp.sendspace=131072
net.inet.tcp.recvspace=358400
# END
works for me.
It didn't work at all with the above settings
ReplyDeleteThank you so much for this post!!! Editing the sysctl.conf file fixed my problem. Verizon recently had me install BroadbandTunner, which is probably what created that file (if it hadn't already existed) and messed up my vpn connection. Up until I did that, I was able to use AnyConnect without a problem even after upgrading to Maverick.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI have installed Broadband tuner http://support.apple.com/downloads/Broadband_Tuner_1_0 and comment out kern.ipc.maxsockbuf=512000 from /etc/sysctl.conf as stated in original post and rebooted. Cisco Anyconnect VPN still disconnects me after taking above steps. So this wasn't solution for me..
ReplyDeleteUsing
ReplyDeletekern.ipc.maxsockbuf=8388608
worked for me. I did not have the .conf file. The above works if used in the Terminal, but does not save across reboots:
sudo sysctl -w kern.ipc.maxsockbuf=8388608
So far, creating a sysctl.conf file has not fixed it on boot for me. Not sure if Mavericks doesn't read that file anymore? Going to try to find a way to ensure this change is made permanently or set on boot using launchd or something else.
This fixed my issue as well. Thanks for including what the finished product should look like. I thought I would have a built in excuse not to work from home since upgrading to Mavericks. Thanks for sharing this information Khalid! :)
ReplyDeleteThanks Man.. Worked like a charm!!!!
ReplyDeleteMountain Lion to Mavericks broke VPN for my client.
ReplyDeleteTried many many things to fix. He recently went to yosemite and same thing. Stumbled across this and IT DID THE TRICK!!! Client was ecstatic! Thank you!
So even if they went from mountain lion to mavericks to yosemite, this still fixes it.
Thanks for tracking this, i have the same issue. disconnects every 1-2 minutes with 10.9+Anyconnect 3.1. Looking at stats seems that Control Frames are not being received to me during outages. Worth mention i have the problem within my corporate network, from my home DSL it works ok. Thanks to greek vpn free support for helping me further.
ReplyDeleteJust try disabling IPv6:
ReplyDeletenetworksetup -setv6off Ethernet
networksetup -setv6off Wi-Fi
That worked for me, thanks!
Delete