Skip to main content

Feel like this is a dumb question - but my search hasn't yielded anything obvious.



I work in government Mac environment. I can ARD/JAMF Remote/Screen Share into any Mac hardwired onto my network.



When users are on their laptop, I can't figure out a good way to do so. All my users use VPN when offsite. Their computers are enrolled in my JSS, but is there a way to reliably remote into their machines if I need to? Inter-office I would just find them in ARD or type their IP into screen sharing... how can I do it for laptops on offsite wifi (but behind our VPN)

Put the VPN ip range into ARD if possible and scan for their machine name?



Create an EA that finds their VPN IP address and have them run a recon from the self service app so you can determine their IP to screen share in manually?

https://remotixcloud.com/

Create a new policy scoped to all laptops (or at least the ones that connect via your VPN), set the trigger as Network State Change with execution frequency Ongoing, then under Files & Processes run:



echo "Waiting 5sec to acquire IP address.." && sleep 5 && /usr/local/bin/jamf log

I use this as an EA and as a self service Command to display VPN IP for Help Desk Calls



!/bin/bash



##################################################################


A script that gets the IP address of the machine while connected to a VPN



##################################################################


localip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | head -1
vpnip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | grep -v "$localip"



if [ "$vpnip" != "" ]; then
echo "<result>$vpnip</result>"
else
vpnip="Not Connected"
fi



Delete under Here for EA ###



windowType="utility"
windowPosition=""
title=""
heading="Your VPN IP"
description="Your VPN IP is: $vpnip"
icon="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Resources/vpngui.icns"
iconSize=""



"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfhelper" -windowType "$windowType" -windowPosition "$windowPosition" -title "$title" -heading "$heading" -description "$description" -icon "$icon" -iconSize "$iconSize" -button1 "Close" -defaultButton 1 -countdown "$timeout" -timeout "$timeout"

thank you everyone - all of this is immensely helpful!

Little update on this:



Scripts were reporting that VPN was status "not connected" even though it was. Did some digging and realized that the client we use (Cisco AnyConnect) doesn't interface with the "Native" VPN setting on OSX. Meaning it doesn't show up as a network, meaning the script doesn't see it.



Did some troubleshooting via Cisco and found out that the tunneled IP is listed within the AnyConnect app itself, and not anywhere in the OS. Working on a way for JSS to snag that now, but probably will just have users read it to me if I need it.
-J

Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.



#!/bin/bash





for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do

    Ifconfig_result=`ifconfig | grep -A2 "$i"`

    IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`

    if [ -n "$IP" ] ; then

        echo "<result> $IP </result>"

    fi          

done

@hkabik this worked really well. in my environment I was able to parse it down to ifconfig utun1 | grep -w MYIPRANGE | awk '{print $2}'

Terms & ConditionsCookie settings