Skip to main content
Solved

Screen Sharing w/ Laptops off-network

  • November 30, 2018
  • 8 replies
  • 36 views
J
Forum|alt.badge.img+6

Feel like this is a dumb question - but my search hasn't yielded anything obvious.

I work in government Mac environment. I can ARD/JAMF Remote/Screen Share into any Mac hardwired onto my network.

When users are on their laptop, I can't figure out a good way to do so. All my users use VPN when offsite. Their computers are enrolled in my JSS, but is there a way to reliably remote into their machines if I need to? Inter-office I would just find them in ARD or type their IP into screen sharing... how can I do it for laptops on offsite wifi (but behind our VPN)

Best answer by hkabik

Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.

#!/bin/bash


for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do
    Ifconfig_result=`ifconfig | grep -A2 "$i"`
    IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`
    if [ -n "$IP" ] ; then
        echo "<result> $IP </result>"
    fi          
done

    8 replies

    H
    Forum|alt.badge.img+16
    • hkabik
    • Honored Contributor
    • November 30, 2018

    Put the VPN ip range into ARD if possible and scan for their machine name?

    Create an EA that finds their VPN IP address and have them run a recon from the self service app so you can determine their IP to screen share in manually?

    M
    Forum|alt.badge.img+7
    • mistacabbage
    • Contributor
    • December 2, 2018

    https://remotixcloud.com/

    pete_c
    Forum|alt.badge.img+16
    • pete_c
    • Honored Contributor
    • December 2, 2018

    Create a new policy scoped to all laptops (or at least the ones that connect via your VPN), set the trigger as Network State Change with execution frequency Ongoing, then under Files & Processes run:

    echo "Waiting 5sec to acquire IP address.." && sleep 5 && /usr/local/bin/jamf log
    D
    Forum|alt.badge.img+3
    • daniel_hayden
    • New Contributor
    • December 3, 2018

    I use this as an EA and as a self service Command to display VPN IP for Help Desk Calls

    !/bin/bash

    ##################################################################

    A script that gets the IP address of the machine while connected to a VPN

    ##################################################################

    localip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | head -1
    vpnip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | grep -v "$localip"

    if [ "$vpnip" != "" ]; then echo "<result>$vpnip</result>"
    else vpnip="Not Connected"
    fi

    Delete under Here for EA ###

    windowType="utility"
    windowPosition=""
    title=""
    heading="Your VPN IP"
    description="Your VPN IP is: $vpnip"
    icon="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Resources/vpngui.icns"
    iconSize=""

    "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfhelper" -windowType "$windowType" -windowPosition "$windowPosition" -title "$title" -heading "$heading" -description "$description" -icon "$icon" -iconSize "$iconSize" -button1 "Close" -defaultButton 1 -countdown "$timeout" -timeout "$timeout"

    J
    Forum|alt.badge.img+6
    • jan_rosenfeld
    • Author
    • Contributor
    • December 3, 2018

    thank you everyone - all of this is immensely helpful!

    J
    Forum|alt.badge.img+6
    • jan_rosenfeld
    • Author
    • Contributor
    • December 3, 2018

    Little update on this:

    Scripts were reporting that VPN was status "not connected" even though it was. Did some digging and realized that the client we use (Cisco AnyConnect) doesn't interface with the "Native" VPN setting on OSX. Meaning it doesn't show up as a network, meaning the script doesn't see it.

    Did some troubleshooting via Cisco and found out that the tunneled IP is listed within the AnyConnect app itself, and not anywhere in the OS. Working on a way for JSS to snag that now, but probably will just have users read it to me if I need it. -J

    H
    Forum|alt.badge.img+16
    • hkabik
    • Honored Contributor
    • Answer
    • December 3, 2018

    Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.

    #!/bin/bash


for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do
    Ifconfig_result=`ifconfig | grep -A2 "$i"`
    IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`
    if [ -n "$IP" ] ; then
        echo "<result> $IP </result>"
    fi          
done
      J
      Forum|alt.badge.img+6
      • jan_rosenfeld
      • Author
      • Contributor
      • December 5, 2018

      @hkabik this worked really well. in my environment I was able to parse it down to ifconfig utun1 | grep -w MYIPRANGE | awk '{print $2}'

      Terms & ConditionsCookie settingsAccessibility statement