Any ideas how to set up access from a OSX mac into a VPN created by a Watchguard 1000? Apparntly when they create a user profile on the Watchguard it spits out a config file that just gets dropped into the.
I use both the Apple VPN client (L2TP over IPSec in Network preferences) and Checkpoint Endpoint Security client to connect to work.
Watchguard Vpn Client For Mac Will Not Connect To Internet
I installed Yosemite last night and today I can not connect to work using VPN. It connects to the server but fails.
The Checkpoint software gives a bit more feedback: 'Connection Failed: Enforce Firewall Policy failed'. This occurs after authentication of my username/password.
Both clients work fine on my MacBook which still has Mavericks.
Mac mini, OS X Yosemite (10.10)
I think the unerlying issue is that Yosemite will not load kext (kernel extensions) unless they are signed by an authorized kernel extension developer. However in 10.8 and earlier, kexts could not be signed and signed kexts for 10.9+ will not load in <10.9.
I experienced the same issue loading unsigned tuntaposx for the vpnc cisco client.
You can override this behavior and allow the cpfw.kext to load in Yosemite by putting your computer into kext developer mode. This essentially reverts to the 10.9 behavior by allowing unsigned kexts to load.
Now reboot and your kext should load.
You can revert by doing this:
According to the debug logs this is related to a problem with loading /System/Library/Extensions/cpfw.kext
Deleting the site and re-creating it does not fix this problem.
Uninstalling and re-installing the Check Point Endpoint Security client (version E75.01) worked for me too and I am using a static IP (not DHCP) on my mac mini.
Note about uninstalling the Endpoint Security client E75.x and newer: Open the original DMG package you used to install the client and launch the Uninstaller shown. If you get an error message about your security settings not allowing non-appstore apps or untrusted applications from launching, hold down the Control key and then click on the Uninstaller. Selecting Open at this point will allow the Uninstaller to run.
I did confirm the uninstall removed and the reinstall did create a new /System/Library/Extensions/cpfw.kext file. I did not have to reboot but note I did shutdown the client before running the uninstaller.
However this may be a temporary fix as there is a Checkpoint Forum entry about another person who has also encountered this problem and has fixed it by uninstalling and installing but on a reboot the problem came back for them. That person tried versions E80.41 and E80.42. See https://forums.checkpoint.com/forums/thread.jspa?threadID=21491&tstart=0
Another Check Point Mac VPN Yosemite thread is reporting similar issues where some claim their client still works after a reboot but others, including the author of the above thread, who continue to see the problem return after a reboot: https://forums.checkpoint.com/forums/thread.jspa?threadID=21181&tstart=0
Version 80.60 has been released by Checkpoint. It works for me so far.
Download from: Endpoint Security VPN for Mac E80.60
Brian's answer regarding kext developer mode also worked.
Vpn Client Mac
I set my Wifi to DHCP instead of static IP, then VPN worked for me.
I completly removed Check Point Endpoint Security client (version E80.42), rebooted computer and installed it again. Now it works ok. My WiFi is getting IP from router via DHCP.
I just re-installed Endpoint Security E75.01 after closing it (not un-installing it) and it worked correctly again.
Same thing is happening here. L2TP VPN fails if I have a static IP. If I switch to DHCP it works. I'm connecting to a Sonicwall NSA4500.
Fun bug, Apple. Hope it gets resolved in 10.10.1.
I tried the suggested solutions and they did not correct my issue. I reinstalled Yosemite to get my Apple IPSec client to work. The issue returned so I also turned off automatic updates for the OS and all applications. So far the issue has not returned for a third visit.
As of Yosemite 10.10.2 it seems Apple fixed the bug.
You must log in to answer this question.
protected by Community♦Oct 20 '14 at 3:07
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?