Cisco AnyConnect is broken on Catalina. Throws up "The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established." error. Using version 4.7 of Cisco AnyConnect. Worked fine before upgrade to Catalina.
Cisco AnyConnect broken on Catalina
The same exact experience is occuring for me.
If I discover a workaround, I'll be sure to post about it here
Same thing happened with the first and successive betas of Mojave. The fix ended up being a new version of AnyConnect by Cisco.
Is there an alternative to AnyConnect can be used?
OpenConnect is an alternative, depending on what you are trying to connect to this might not be allowed. I have also not tested this on 10.15.
Depending on what you're trying to connect to, Cisco IPSec and others are available in macOS by default by adding a VPN interface in Network Preferences.
If your Mac is connected to an MDM use a profile pushed by it to whitelist the kext and see if it works after this. I expect the kext isn’t notarized so isn’t loading. Moving forward Cisco would need to ideally use DriverKit rather than a kext. I would create a support case with Cisco around this.
Same problem here.
version 4.7.0.3.0.52 is somehow working but getting "failed to load compliance module" error msg of system scan.
Maul. Do you have a link to offer for the download of this version? I can't seem to find it.
Try to start app via terminal with sudo. For me it worked.
Confirmed. This approach worked for me too. Thanks!
Can you provide the commands/instructions for this? I am not able to duplicate this.
Does this require using the 4.7.x variant of the client? I'm using 4.6.x and sudo-starting the app didn't improve the situation.
I am guessing something like this but it did not resolve my issue (obscured some information):
$ sudo /opt/cisco/anyconnect/bin/vpn connect vpn.domain.com
Cisco AnyConnect Secure Mobility Client (version 4.7.03052) .
Copyright (c) 2004 - 2019 Cisco Systems, Inc. All Rights Reserved.
>> state: Disconnected
>> state: Disconnected
>> notice: Ready to connect.
>> registered with local VPN subsystem.
>> contacting host (vpn.domain.com) for login information...
>> notice: Contacting vpn.domain.com.
>> Please enter your username and password.
0) Group1
1) Group2
Group: [Group2]
Username: [user@domain.com]
Password:
>> state: Connecting
>> notice: Establishing VPN session...
>> notice: The AnyConnect Downloader is performing update checks...
>> notice: Checking for profile updates...
>> notice: Checking for product updates...
>> notice: Checking for customization updates...
>> notice: Performing any required updates...
>> notice: The AnyConnect Downloader updates have been completed.
>> state: Connecting
>> notice: Establishing VPN session...
>> notice: Establishing VPN - Initiating connection...
>> notice: Establishing VPN - Examining system...
>> notice: Establishing VPN - Activating VPN adapter...
>> notice: Establishing VPN - Configuring system...
>> state: Disconnecting
>> notice: Disconnect in progress, please wait...
>> state: Disconnecting
>> error: The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established.
>> state: Disconnected
>> notice: Ready to connect.
VPN>
I am using Catalina Beta 2, and I experienced no issues with anyconnect.
What is the any-connect client version you are using?
it's 32bit application and Catalina only support 64bit...
Related discussion in cisco forum: https://community.cisco.com/t5/vpn-and-anyconnect/macos-catalina-10-15-support/m-p/3878816
MacOS Catalina Beta 3 with Cisco AnyConenct 4.7.01076 works fine for me without any issue.
I wonder what's differing from system to system here -- I loaded that exact version of the AnyConnect client, and I get the IP Forwarding table issue still, on the Beta 3 build.
I'm experiencing the same issue. Interestingly enough it throws this error when I try connect to the VPN while connected to my home Wifi (local cable modem ISP). But when I'm connected to my iPhone as a hotspot it works just fine. Go figure.
I have this issue on my home wifi. I suspect it has something to do with ipv4 addressing because I have found a work around. I turned on a guest wifi with different private ipv4 range. (i.e. 172.27.*.* instead of 192.168.1.* was the exact change. Maybe routing issues with 192.168.? just a wild guess.) My iPhone hotspot is also a work around. Hope this helps somebody.
I have tried iOS Personal Hotspot , and still getting CSD prelogin verification failed, also failing to get access to the latest build of AnyConnect from Cisco ( build June 2019) its saying my entitlement is not valid !! ahh other than this , MacOS Catalina was looking good , real shame
Same here.
I would sugest to submit feedback with Feedback Assistant.
My feedback number for this isssue is FB6706975.
Lets make it visible to Apple and Cisco.
logs
$ /opt/cisco/anyconnect/bin/vpn connect vpn.domain.com
Cisco AnyConnect Secure Mobility Client (version 4.7.04056) .
Copyright (c) 2004 - 2019 Cisco Systems, Inc. All Rights Reserved.
>> state: Disconnected
>> state: Disconnected
>> notice: Ready to connect.
>> registered with local VPN subsystem.
>> contacting host (vpn.domain.com) for login information...
>> notice: Contacting vpn.domain.com.
>> Please enter your username and password.
Username: [username@domain.com]
Password:
>> state: Connecting
>> notice: Establishing VPN session...
vpndownloader[2419:23070] NSSoftLinking - The function 'SLSIsSuppressedByScreenTime' can't be found in the (null) framework.
>> notice: The AnyConnect Downloader is performing update checks...
>> notice: Checking for profile updates...
>> notice: Checking for customization updates...
>> notice: Performing any required updates...
>> notice: The AnyConnect Downloader updates have been completed.
>> state: Connecting
>> notice: Establishing VPN session...
>> notice: Establishing VPN - Initiating connection...
>> notice: Establishing VPN - Examining system...
>> notice: Establishing VPN - Activating VPN adapter...
>> notice: Establishing VPN - Configuring system...
>> state: Disconnecting
>> notice: Disconnect in progress, please wait...
>> state: Disconnecting
>> error: The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established.
>> state: Disconnected
>> notice: Ready to connect.
VPN>
$
macOS Catalina 10.15 beta 4 (19A512f)
Sadly did not work for me (Catalina):
sudo /opt/cisco/anyconnect/bin/vpn connect vpn.redacted.com
sudo: unable to execute /opt/cisco/anyconnect/bin/vpn: Bad CPU type in executableI'm on AnyConnect version 4.5.05030 - I assume that's only 32 bit and Catalina is only 64 bit.