How to securely connect to BT OpenZone using VPN without installing the Cisco VPN software, on a Mac

Well, I figured it out, so I thought I'd post it.

  1. Open Network preferences.
  2. Click on the "+" in the bottom-left (you may need to unlock it with an admin password first).
    Add Network Interface button in Mac Networking Preferences
  3. Select "VPN" from Interface, "Cisco IPSec" for VPN Type and put whatever you like in Service Name.
    VPN creating settings
  4. Click "Create".
  5. Connect to a BT OpenZone SSID but don't log in.
  6. Click on "security" at the bottom right and go through to the "free download" of Cisco VPN software.
  7. Download the software.
  8. Now you can log in to OpenZone with your usual username and password.
  9. Mount the disk image you downloaded.
  10. Don't instal it, but look in Profiles/ in the disk image and open BTOpenzone-client.pcf using a text editor (Fraise, for example).
  11. Look for the text after "Host". It may be "86.189.0.254". Put this in as "Server Address" in the Network settings.
    VPN settings
  12. Look for the text after "Username". It may be "vpn-client". Put this in as Account Name.
  13. Look for the long strong of alphanumerics after "enc_UserPassword". You can't put this in as a password because it's encrypted, but it uses some bizarrely pointless encryption, and can be easily decrypted using a web utility.  Put this in as Password. Mine decrypted to something hilariously non-dictionary-attack-proof. I assume this is the same for everyone who downloads the utility, but perhaps not.
  14. Click on "Authentication Settings...".
  15. Look for the text after "enc_GroupPwd". Put this in as Shared Secret.
  16. Look for the text after "GroupName". It may be "wbb-client-vpn". Put this in as Group Name.
  17. Click OK.
  18. Now click "Apply", and "Connect", and you should be securely connected to OpenZone's VPN!

Apparent bug: it seems to ask for the password every few minutes and won't let you continue until you click "cancel" (unsecured) or enter it.  Can't figure out why... Edit: Oh, turns out this is a bug, with a fix.

PS. I found a guide here which has similar instructions, but I only found it after I'd written this ;)

2 comments

  1. Stuart Gipp says:

    NEEEEEEEERRRRRRRRRRRRRRRRRRRRRRD

Leave a comment

Your email address will not be published. Required fields are marked *