If you are having an issue with the Cisco VPN client after upgrading to OS X Mavericks, here is the solution...
open a terminal (iterm)
# edit the sysctl.conf file
sudo vim /etc/sysctl.conf
# comment out the following line.
Your file should look like this after you edit...
# Tuning network for broadband
# Last step is to reboot.
/etc/sysctl.conf doesn't exist in OSX.ReplyDelete
On Mavericks, it does exist.Delete
I'm running Mavericks and the above file does not exist.Delete
The network tuning lines is from the Apple Broadband Tuner ( http://support.apple.com/downloads/Broadband_Tuner_1_0 ). Most OS X installs were not from that era, and don't have those lines.ReplyDelete
This was from a default Mountain lion install upgraded to Mavericks.Delete
I tried it this morning, no luck. I also did not have this file available.ReplyDelete
This worked perfectly for me. (Original system OS was Mountain Lion, upgraded to Mavericks.) Thank you, thank you, thank you Khalid!ReplyDelete
I'm glad to see it worked for you as well. Thanks for the feedback.Delete
100% worked for me. Stock ML install from March 2013 when I bought it new. Cheers man, you saved me hours of nonsense!ReplyDelete
Where is this file? In what directory?ReplyDelete
Never mind. I don't have that file in my /etc directory. Ugh.ReplyDelete
I am missing the sysctl.conf file as well. Can someone post a working copy of one? Not sure if I copy it in place if it will work or not.ReplyDelete
A file /etc/sysctl.conf can be created, and system will read it on next boot.ReplyDelete
You have net.inet.tcp.recvspace value set to 358400, but default value is 131072.
On my Mavericks installation:
Darwin macbookpro.local 13.0.0 Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64 x86_64
$ ls /etc/sysctl.conf
ls: /etc/sysctl.conf: No such file or directory
$ sysctl -a | grep kern.ipc.maxsockbuf
$ sysctl -a | grep net.inet.tcp.sendspace
$ sysctl -a | grep net.inet.tcp.recvspace
Anyconnect have reconnects each 5 minutes... Can you show kern.ipc.maxsockbuf value on your system? Perhaps net.inet.tcp.recvspace need to be changed, not sure...
I can create the file? How? I read your post, but it's all Greek to me.ReplyDelete
Just place text files named as 'sysctl.conf' to the /etc directory.Delete
But if you not clearly know what are you doing with this file please wait. Maybe values we are discuss are not solve the problem. I need to check it, but I can't do it right now.
Anyway, you have been warned, be careful.
sysctl.conf - is kernel tuning file. System read it on boot and in case mistakes, wrong line, etc... booting can stuck or performance may degrade.
Confirmed cases where this has fixed the issue has been Mountain Lion upgraded to Mavericks.ReplyDelete
Khalid, can you show values of kern.ipc.maxsockbuf, net.inet.tcp.sendspace and net.inet.tcp.recvspace keys on system which AnyConnect work without issue?Delete
The file in the post is the original from my system. Also, I have 8GB RAM on a MBP and it works for me. So 16GB not required.Delete
I have iMac with 16Gb of RAM and MBP-13 with 8Gb of RAM. Mavericks installed on both, upgrade from ML to Mavericks. iMac with 16Gb RAM works fine with Anyconnect.ReplyDelete
16Gb machine - kern.ipc.maxsockbuf = 8388608 (8Mb for network buffer)
8Gb machine - kern.ipc.maxsockbuf = 4194304 (4Mb for network buffer)
4Mb of buffer size apparently is not enough for Anyconnect. In my situation Anyconnect every 4 minutes make reconnection on my 8Gb MacBook, but work stable on 16Gb iMac.
kern.ipc.maxsockbuf on most systems is can be changed, but on Mavericks CAN NOT.
Trying to change this causes to a message "Sysctl: kern.ipc.maxsockbuf: the result is too large".
So... if your Mac has less 16Gb of RAM this solution is not for you.
I have 8GB of RAM and its working fine after the fix above.Delete
I don't have the file either. I upgraded from ML but for some reason I don't have that file.ReplyDelete
I created the file inside the /etc folder, rebooted, but no success. It still reconnects every 3 minutes as I can see through the Statistics Window. Although I would say the network connection itself lasts less than 2 minutes. The rest of the 3 minutes it just freezes up.
Just FYI, my Cisco AnyConnect version is 3.1.02040 running on an 8Gb Mac Mini.
Thanks for all your efforts out there!
Uninstalled v3.1.02040 and installed v3.1.03103 with no success either. The sysctl.conf file was not there, nor it helped creating it. FYI.Delete
Hi, I tried creating and changing the values in /etc/sysctl.conf file and rebooted, but there is no luck. I am using MacBook Pro with 8GB RAM and upgraded from Mountain Lion to Mavericks.ReplyDelete
my Cisco AnyConnect version is 3.1.04072
Yep... The amount of memory, as I wrote earlier, does not affect the Anyconnect, problem is deeper.ReplyDelete
Some time ago I set net.inet.ip.scopedroute=0 in /Library/Preferences/SystemConfiguration/com.apple.Boot.plist.
After removing any added lines from com.apple.Boot.plist Anyconnect is WORKING without repeated reconnects. It's strange, but I checked several times.
General idea - remove all kernel flags and parameters set by third-party programms, or your self.
Check boot arguments in Terminal by command:
sysctl -a kern.bootargs
Output should be:
$ sysctl -a kern.bootargs
Check the /Library/Preferences/SystemConfiguration/com.apple.Boot.plist for any non-default strings. It should look like this:
com.apple.Boot.plist may be binary plist. Convert it by command in Terminal:
plutil -convert xml1 /Library/Preferences/SystemConfiguration/com.apple.Boot.plist -o ~/Desktop/com.apple.Boot.plist
А Text file will appear on your Desktop, open it, if no nothing non-default don't touch /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
Check net.inet.ip.scopedroute in Terminal by command:
sysclt -a net.inet.ip.scopedroute
Output should be:
$ sysctl -a net.inet.ip.scopedroute
If you see 'net.inet.ip.scopedroute: 0' you need set it to 1.
Edit /Library/Preferences/SystemConfiguration/com.apple.Boot.plist, like
In my case it helped.
Oh NO... XML tags cleanedDelete
I set my recvspace to the number from the original post above, as such:ReplyDelete
$ sysctl -w net.inet.tcp.recvspace=358400
net.inet.tcp.recvspace: 131072 -> 358400
It worked. I have now been successfully connected through VPN for 27+ minutes, without creating a "sysctl.conf" file, and without rebooting. However, after setting my recvspace to 358400, I then attempted to set maxsokbuf to a higher value, which then resulted in me being kicked out to the login screen and had to login again. I'm on a late 2009 iMac with 4GB of RAM. Following are the values I have:
kern.ipc.maxsockbuf = 4194304
net.inet.tcp.sendspace = 131072
net.inet.tcp.recvspace = 358400
Thanks for sharing Dan. Hopefully this helps the folks with a similar setup.Delete
Worked. Mid 2013 MBA ML upgraded to Mavericks. No file existed so created file with textedit and save as a new document in desktop and moved to /etc folder. In the file, copied from above:ReplyDelete
My VPN connect has not dropped or need to reconnect since. Thank you Khalid!
Glad to see it worked for you as well.Delete
Dan, did doing the sysctl -w ** commands result in your fix for the VPN working across reboots. The reason I asked is this page here "http://hints.macworld.com/article.php?story=20060616112919669&mode=print" has a statement "If you would like these changes to be preserved across reboots you can edit /etc/sysctl.conf".ReplyDelete
Yes, before I rebooted I installed the Apple Broadband Tuner (referred to earlier in the thread) and set the sysctl.conf values to those I used above.Delete
Tried setting the recvspace to 358400 on my MacBook Pro 8G with no helpReplyDelete
MBP 2011, 8gb ram: I fixed my problem by having a connection to a Wifi and the network cable plugged in at the same time. Otherwise, wifi or cable alone, the connection dropped every 2-4min.ReplyDelete
Hope this can help someone.
MacBook Pro 8GB, I have changed recvspace to 358400 and still its not working :(ReplyDelete
My VPN drops every few minutes when connected at the office on wireless n connection. At home connecting from wireless g connection I have no issues at all. Hopefully all my hotels will be wireless g and I will be fine awaiting a fix. If not maybe I will try this fix....ReplyDelete
MBPr 15" 2012ReplyDelete
works for me.
It didn't work at all with the above settingsReplyDelete
Thank you so much for this post!!! Editing the sysctl.conf file fixed my problem. Verizon recently had me install BroadbandTunner, which is probably what created that file (if it hadn't already existed) and messed up my vpn connection. Up until I did that, I was able to use AnyConnect without a problem even after upgrading to Maverick.ReplyDelete
This comment has been removed by the author.ReplyDelete
I have installed Broadband tuner http://support.apple.com/downloads/Broadband_Tuner_1_0 and comment out kern.ipc.maxsockbuf=512000 from /etc/sysctl.conf as stated in original post and rebooted. Cisco Anyconnect VPN still disconnects me after taking above steps. So this wasn't solution for me..ReplyDelete
worked for me. I did not have the .conf file. The above works if used in the Terminal, but does not save across reboots:
sudo sysctl -w kern.ipc.maxsockbuf=8388608
So far, creating a sysctl.conf file has not fixed it on boot for me. Not sure if Mavericks doesn't read that file anymore? Going to try to find a way to ensure this change is made permanently or set on boot using launchd or something else.
This fixed my issue as well. Thanks for including what the finished product should look like. I thought I would have a built in excuse not to work from home since upgrading to Mavericks. Thanks for sharing this information Khalid! :)ReplyDelete
Thanks Man.. Worked like a charm!!!!ReplyDelete
Mountain Lion to Mavericks broke VPN for my client.ReplyDelete
Tried many many things to fix. He recently went to yosemite and same thing. Stumbled across this and IT DID THE TRICK!!! Client was ecstatic! Thank you!
So even if they went from mountain lion to mavericks to yosemite, this still fixes it.
Thanks for tracking this, i have the same issue. disconnects every 1-2 minutes with 10.9+Anyconnect 3.1. Looking at stats seems that Control Frames are not being received to me during outages. Worth mention i have the problem within my corporate network, from my home DSL it works ok. Thanks to greek vpn free support for helping me further.ReplyDelete
Just try disabling IPv6:ReplyDelete
networksetup -setv6off Ethernet
networksetup -setv6off Wi-Fi
That worked for me, thanks!Delete