Fix for VPN failing to reconnect after sleep

Apple's built-in VPN clients are useful, but some people may experience a problem with the connections refusing to start up after the system is woken from sleep, giving a "Configuration Error" message.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

Apple's built-in VPN clients are exceptionally useful for connecting your system securely to a remote network, and offer options of PPTP, L2TP over IPsec, and Cisco IPsec protocols that each support various authentication methods. While convenient, some people may have problems with the VPN connections failing to start up after the system is woken from sleep.

This does not happen all the time, but when it does the system will give the error message, "Configuration error. Check settings and try to reconnect," and even once you have then done so, the system will not reconnect. While restarting the system will get the VPN connection running again, this will require you to quit your applications and break your work flow, and there are other approaches that may be faster and more convenient.

Change VPN settings
If this error happens, you might try changing some of your VPN settings and then reverting the changes before attempting another connection. Go to the Network system preferences, select your VPN connection, and change the server address or log-in name, or another option in the Advanced settings. Close the system preferences to save the settings, open them and change them back, and then try connecting.

If this does not work, the next step is to try relaunching the key management process (called "racoon") that is used by IPsec connections such as those used by the VPN clients. This can be done by either of the following methods:

Restart the launch daemon
As with most system processes in OS X, racoon is run as a daemon (background process that requires little user input) that is controlled by the system launcher launchd. The configuration settings for the launcher are stored in a property list that is loaded at start-up, and which is given the identification name com.apple.racoon so it can be managed from the command line if needed. By using the launchctl command for managing the launcher, you can tell this process to start or stop, and thereby reload it.

  1. Open the Terminal (in the /Applications/Utilities/ folder) and enter the following command:

    sudo launchctl stop com.apple.racoon

  2. Provide your password when prompted (it will not be shown)

  3. Run the following command to start the racoon process:

    sudo launchctl start com.apple.racoon

Reload the racoon configuration
The last option is to tell the racoon process to reload its configuration directly. While using the launchctl command will relaunch racoon, if the problem is just with the racoon configuration not loading correctly, then simply telling the process to reload its configuration may help. To do this, open the Terminal and enter the following command:

sudo racoonctl reload-config

Again, provide your password when prompted, and then try the VPN connection to see if it will connect properly.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.