10.6 Built-in Cisco VPN and SelfService

Cem
Valued Contributor

Ok here it is; I have sent this to over 20 people on this list so far and still I have been asked for it. So I have decided to post it here.

It works just fine for MacOS X 10.6.x built-in CiscoVPN. You can also use it with Casper Policy for quite deployment.

You can get the logo from the link below for Self Service.
http://rocketdock.com/addon/icons/14259

Please read the beginning of the script for instructions.

Script can do with the tidying up I guess...

Enjoy

Cem

#!/bin/sh

# This script configures built-in VPN (Cisco IP Sec) for logged in user. Server, Shared Secret, DNS Search Domains and Web Proxy
# Requires JAMF framework and "yourcompany VPN.networkConnect" package to be installed to the "/Applications/Utilities/" first. This file will be removed after.
# To edit this script, do "command - F" from your keyboard and use "Replace & Find" function from your favourite text editor.
# Simply replace "yourcompany" to your company name and replace "yourcompany.com" to your company domain, also "yourproxyserver" and "80" to your Web Proxy
#               
#           Configure "yourcompany VPN" settings with shared secret and server details from the network system preference;
#           Action->Export Configuration->"Export the default configuration" and be sure to check "Include items from the system keychain"
#           Then just edit the file (it's XML) and delete the value(s) in the XAuthName and XAuthPassword (if applicable) keys
#           Use Composer to package "yourcompany VPN.networkConnect" from this path "/Applications/Utilities/"
#           If you change the name "yourcompany VPN.networkConnect" or path "/Applications/Utilities/" make sure change them from the script too.
# 
# There are few changes to the original 2 scripts from Casper Resources Kit and few additions
# Partly written, edited & compiled 3 scripts (tested with 10.6)
#
# Cem Baykara - 10/2010
# 

####################################################################################################
#
# Copyright (c) 2010, JAMF Software, LLC.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the JAMF Software, LLC nor the
#                 names of its contributors may be used to endorse or promote products
#                 derived from this software without specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software, LLC's Resource Kit team. For more
#       information or support for the Resource Kit, please utilize the following resources:
#
#               http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
#               http://www.jamfsoftware.com/support/resource-kit
#
#       Please reference our SLA for information regarding support of this application:
#
#               http://www.jamfsoftware.com/support/resource-kit-sla
#
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   importVPN.sh -- Import VPN Settings.
#
# SYNOPSIS
#   sudo importVPN.sh
#   sudo importVPN.sh <mountPoint> <computerName> <currentUsername> <vpnFilePath> <vpnInterfaceName>
#
# DESCRIPTION
#   This script will import a .networkConnect file that has been packaged and deployed to a 
#   system.
#
#   Prior to running this script, the VPN should be configured on a machine, and a
#   configuration should be created.  Once a VPN has been configured, navigate to the
#   Network pane within the System Preferences application and highlight the VPN service you
#   wish to export.  Then click the settings button near the "+" and "-" icon and select
#   "Export Configurations".  Save the file to a location like the Desktop.  Finally, create a
#   package of this file using Composer.
#
#   When deploying the package, ensure that this script has been edited so that the
#   "vpnFilePath" parameter properly points to the location of the .networkConnect file as it
#   was packaged.  Deploy the package, and run the script with a priority of "After" to import
#   the VPN settings for the user.  Please note that a user does need to be logged in while this
#   script is run.  We recommend running it via a policy triggered by "login" or "Self Service."
#
#   The VPN network interface name will remain generic unless the "vpnInterfaceName" variable is
#   specified.  Please note that the .networkConnect file does not contain the name of the
#   inteface.
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Created by Nick Amundsen on May 10th, 2010
# 
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################

# HARDCODED VALUES SET HERE

vpnFilePath="/Applications/Utilities/yourcompany VPN.networkConnect"      # Set this parameter to the path where the .networkConnect file will end up on the system.
                    # Example: "/Library/Application Support/JAMF/vpn.networkConnect"

vpnInterfaceName="yourcompany VPN" # Set this parameter to the name that should be set for the VPN in the System Preferences pane.
                    # Example: "Company VPN"





# CHECK TO SEE IF A VALUE WERE PASSED IN FOR PARAMETERS $4 AND, IF SO, ASSIGN THEM
if [ "$4" != "" ] && [ "$vpnFilePath" == "/Applications/Utilities/yourcompany VPN.networkConnect" ]; then
    vpnFilePath=$4
fi

if [ "$5" != "" ] && [ "$vpnInterfaceName" == "yourcompany VPN" ]; then
    vpnInterfaceName=$5
fi

####################################################################################################
# 
# VARIABLE VERIFICATION FUNCTION
#
####################################################################################################

verifyVariable () {
eval variableValue=$$1
if [ "$variableValue" != "" ]; then
    echo "Variable "$1" value is set to: $variableValue"
else
    echo "Variable "$1" is blank.  Please assign a value to the variable."
    exit 1
fi
}

####################################################################################################
# 
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################

# Verify Variables

verifyVariable vpnFilePath

# If  vpnInterfaceName is left blank, then it will not get renamed.


#Unlock the system.preferences privilege to allow this script to apply VPN network adapter
/usr/libexec/PlistBuddy -c "Set rights:system.preferences:class allow" /etc/authorization

#Ensure assistive device access is enabled
if [ -f /private/var/db/.AccessibilityAPIEnabled ];then
        echo "Assistive Device Access is already enabled."
    else
        echo "Enabling Access for Assistive Devices for Script to Properly Run..."
        /usr/bin/touch /private/var/db/.AccessibilityAPIEnabled
fi

#Import .networkConnect file
echo "Importing Network Adapter..."
/usr/bin/open "$vpnFilePath"

#Click the "Apply" button for the user
/usr/bin/osascript << EOF > /dev/null 2>&1

tell application "System Events"
    tell process "System Preferences"
        tell window "Network"

            click button "Apply"
            click button "Show VPN status in menu bar"
        end tell
         end tell
end tell

EOF

#Rename the interface if the variable was specified
if [ "$vpnInterfaceName" != "" ]; then
    echo "Renaming the VPN interface to $vpnInterfaceName..."
    /usr/sbin/networksetup -renamenetworkservice "VPN (IPSec)" "$vpnInterfaceName"
fi

#Lock the system.preferences privilege
/usr/libexec/PlistBuddy -c "Set rights:system.preferences:class user" /etc/authorization

#Quit System Preferences
/usr/bin/osascript << EOF > /dev/null 2>&1

tell application "System Events"
    tell application "System Preferences" to quit
end tell

EOF

#Return all network adapters
echo "The following network adapters are present after the import:
$(/usr/sbin/networksetup -listallnetworkservices)"

/bin/sleep 5 #allow some time

# This script configures built-in VPN (Cisco IP Sec) 'search doamins'
# (tested with 10.6)
# Written by Cem Baykara 2010

sudo networksetup -setsearchdomains 'yourcompany VPN' 'yourcompany.com'

/bin/sleep 5 #allow some time

####################################################################################################
#
# Copyright (c) 2010, JAMF Software, LLC.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the JAMF Software, LLC nor the
#                 names of its contributors may be used to endorse or promote products
#                 derived from this software without specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software, LLC's Resource Kit team. For more
#       information or support for the Resource Kit, please utilize the following resources:
#
#               http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
#               http://www.jamfsoftware.com/support/resource-kit
#
#       Please reference our SLA for information regarding support of this application:
#
#               http://www.jamfsoftware.com/support/resource-kit-sla
#
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   setWebProxy.sh -- Configure a web proxy for a specified network interface
#
# SYNOPSIS
#   sudo setWebProxy.sh
#   sudo setWebProxy.sh <mountPoint> <computerName> <currentUsername> <networkInterface>
#                           <proxyAddress> <port> 
#
#   If the $networkInterface parameter is specified (parameter 4), this is the Netowrk Interface for
#   which the search domains will be set.  The expected values for the $networkInterface parameter can
#   be found by running the command:
#
#       networksetup -listallnetworkservices
#
#   If the $proxyAddress parameter is specified (parameter 5), this is the proxy address that will
#   be set.
#
#   If the $port parameter is specified (parameter 6), this is the port to which the proxy traffic
#   be passed.
#
#   If no parameters are specified for parameters 4, 5 or 6, the hardcoded value in the script will be 
#   used.
#
# DESCRIPTION
#   This script will configure the web proxy on the specified network interface.
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.1
#
#   - Created by Nick Amundsen on July 11th, 2008
#   - Modified by Nick Amundsen on August 5th, 2008
#
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################



# HARDCODED VALUES ARE SET HERE
networkInterface="yourcompany VPN"
proxyAddress="yourproxyserver"
port="80"


# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "networkInterface"
if [ "$4" != "" ] && [ "$networkInterface" == "yourcompany VPN" ];then
    networkInterface=$4
fi

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 5 AND, IF SO, ASSIGN TO "proxyAddress"
if [ "$5" != "" ] && [ "$proxyAddress" == "yourproxyserver" ];then
    proxyAddress=$5
fi

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 6 AND, IF SO, ASSIGN TO "port"
if [ "$6" != "" ] && [ "$port" == "80" ];then
    port=$6
fi

####################################################################################################
# 
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################

if [ "$networkInterface" == "" ]; then
    echo "Error:  No network interface has been specified."
    exit 1
fi

if [ "$proxyAddress" == "" ]; then
    echo "Error:  No proxy address has been specified."
    exit 1
fi

if [ "$port" == "" ]; then
    echo "Error: No port was specified."
    exit 1
fi

OS=`/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print substr($1,1,4)}'`

if [[ "$OS" < "10.5" ]]; then
    echo "Setting web proxy for OS $OS..."
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setwebproxy "$networkInterface" "$proxyAddress" "$port"
else
    echo "Setting web proxy for OS $OS..."
    /usr/sbin/networksetup -setwebproxy "$networkInterface" "$proxyAddress" "$port"
fi

#remove config file
rm /Applications/Utilities/yourcompany VPN.networkConnect

#Display Dialog
/usr/sbin/jamf displayMessage -message "VPN Imported" -background
1 ACCEPTED SOLUTION

Cem
Valued Contributor

Script was used successfully by many organisations.

View solution in original post

1 REPLY 1

Cem
Valued Contributor

Script was used successfully by many organisations.