Background
This guide is aimed to fix the following error, given while trying to connect to a VPN using Endian ConnectApp:
There are two ways to fix this kind of issue, based on your Mac OS X installed version.
Mac OS X High Sierra 10.13 or later
MacOS High Sierra 10.13 introduces a new feature that requires user approval before loading new third-party kernel extensions. This feature will require to follow the below procedure in order to have Endian ConnectApp working correctly. Further information at this Apple Support technical note.
If you are encountering this Endian ConnectApp error and you have Mac OS X version High Sierra 10.13 or a more recent one, you will need to go to System Preferences > Security & Privacy > General tab where you will find a window similar to the below one after having clicked on the lock icon and given requested permissions:
If you will find that there is a kernel extension by Mattias Nissler to be allowed, click on Allow and you will be able to use Endian ConnectApp as expected.
MAC OS X before High Sierra version 10.13
With these MAC OS X versions, there is need to use the terminal and Recovery mode to be able to unlock the kernel extensions needed by Endian ConnectApp. In order to check if there is need to apply the following procedure, open a terminal on your Apple computer and issue the following command:
sudo kextload /Library/Extensions/{tun,tap}.kext
and if the above command output will be similar to the following:
/Library/Extensions/tun.kext failed to load - (libkern/kext) system policy prevents loading; check the system/kernel logs for errors or try kextutil(8).
/Library/Extensions/tap.kext failed to load - (libkern/kext) system policy prevents loading; check the system/kernel logs for errors or try kextutil(8).
there is need to follow the below procedure.
Open a terminal on your Apple computer and issue the following command:
echo ".dump kext_policy" | sudo sqlite3 /private/var/db/SystemPolicyConfiguration/KextPolicy
which should give you an output similar to the following:
PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE kext_policy ( team_id TEXT, bundle_id TEXT, allowed BOOLEAN, developer_name TEXT, flags INTEGER, PRIMARY KEY (team_id, bundle_id) );
[...]
INSERT INTO kext_policy VALUES('KS8XL6T9FZ','net.sf.tuntaposx.tap',0,'Mattias Nissler',1);
INSERT INTO kext_policy VALUES('KS8XL6T9FZ','net.sf.tuntaposx.tun',0,'Mattias Nissler',1);
[...]
COMMIT;
As show on the above example, you will have to look into lines which contains net.sf.tuntaposx.tap and net.sf.tuntaposx.tun devices and, if the two above numbers, highlighted with bold style, are both 0, then you will need to note the team_id as show above (in above case, that is KS8XL6T9FZ) and proceed as follows:
- Reboot your Apple computer to Recovery Mode (this is usually done Command + R on your keyboard during boot procedure).
- Open a terminal, then substitute into below command the <DISK> parameter with your main hard disk directory name and <TEAM> parameter with the previously found team_id, then issue the modified command:
sudo /Volumes/<DISK>/usr/bin/sqlite3 /Volumes/<DISK>/private/var/db/SystemPolicyConfiguration/KextPolicy
update kext_policy set allowed = 1 where team_id = '<TEAM>';
- Reboot your Apple computer again into normal mode and issue the below command again which have to give you no output:
sudo kextload /Library/Extensions/{tun,tap}.kext
At this point you should be able to properly use Endian ConnectApp.
Comments