Jamf Nation Community

Ok here it is; I have sent this to over 20 people on this list. It works
just fine for 10.6 built-in CiscoVPN. Also attached the script and the
logo for Self Service.

Enjoy
Cem

#!/bin/sh

# This script configures built-in VPN (Cisco IP Sec) for logged in user.
Server, Shared Secret, DNS Search Domains and Web Proxy
# Requires JAMF framework and "yourcompany VPN.networkConnect" package to
be installed to the "/Applications/Utilities/" first. This file will be
removed after.
# To edit this script, do "command - F" from your keyboard and use
"Replace & Find" function from your favourite text editor.
# Simply replace "yourcompany" to your company name and replace
"yourcompany.com" to your company domain, also "yourproxyserver" and "80"
to your Web Proxy
# # Configure "yourcompany VPN" settings with shared secret and server
details from the network system preference;
# Action->Export Configuration->"Export the default configuration" and
be sure to check "Include items from the system keychain"
# Then just edit the file (it's XML) and delete the value(s) in the
XAuthName and XAuthPassword (if applicable) keys
# Use Composer to package "yourcompany VPN.networkConnect" from this
path "/Applications/Utilities/"
# If you change the name "yourcompany VPN.networkConnect" or path
"/Applications/Utilities/" make sure change them from the script too.
# # There are few changes to the original 2 scripts from Casper Resources
Kit and few additions
# Partly written, edited & compiled 3 scripts (tested with 10.6)
#
# Cem Baykara - 10/2010
#

###########################################################################
#########################
#
# Copyright (c) 2010, JAMF Software, LLC. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
are met:
# Redistributions of source code must retain the above
copyright
# notice, this list of conditions and the following
disclaimer.
# Redistributions in binary form must reproduce the above
copyright
# notice, this list of conditions and the following
disclaimer in the
# documentation and/or other materials provided with the
distribution.
# * Neither the name of the JAMF Software, LLC nor the
# names of its contributors may be used to endorse or
promote products
# derived from this software without specific prior
written permission.
#
# THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE
# DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
###########################################################################
#########################
#
# SUPPORT FOR THIS PROGRAM
#
# This program is distributed "as is" by JAMF Software, LLC's
Resource Kit team. For more
# information or support for the Resource Kit, please utilize the
following resources:
#
# http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
# http://www.jamfsoftware.com/support/resource-kit
#
# Please reference our SLA for information regarding support of this
application:
#
# http://www.jamfsoftware.com/support/resource-kit-sla
#
###########################################################################
#########################
#
# ABOUT THIS PROGRAM
#
# NAME
# importVPN.sh -- Import VPN Settings.
#
# SYNOPSIS
# sudo importVPN.sh
# sudo importVPN.sh <mountPoint> <computerName> <currentUsername>
<vpnFilePath> <vpnInterfaceName>
#
# DESCRIPTION
# This script will import a .networkConnect file that has been packaged
and deployed to a # system.
#
# Prior to running this script, the VPN should be configured on a machine,
and a
# configuration should be created. Once a VPN has been configured,
navigate to the
# Network pane within the System Preferences application and highlight the
VPN service you
# wish to export. Then click the settings button near the "+" and "-"
icon and select
# "Export Configurations". Save the file to a location like the Desktop.
Finally, create a
# package of this file using Composer.
#
# When deploying the package, ensure that this script has been edited so
that the
# "vpnFilePath" parameter properly points to the location of the
.networkConnect file as it
# was packaged. Deploy the package, and run the script with a priority of
"After" to import
# the VPN settings for the user. Please note that a user does need to be
logged in while this
# script is run. We recommend running it via a policy triggered by
"login" or "Self Service."
#
# The VPN network interface name will remain generic unless the
"vpnInterfaceName" variable is
# specified. Please note that the .networkConnect file does not contain
the name of the
# inteface.
#
###########################################################################
#########################
#
# HISTORY
#
# Version: 1.0
#
# - Created by Nick Amundsen on May 10th, 2010
# ###########################################################################
#########################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
###########################################################################
#########################

# HARDCODED VALUES SET HERE

vpnFilePath="/Applications/Utilities/yourcompany VPN.networkConnect" #
Set this parameter to the path where the .networkConnect file will end up
on the system. # Example: "/Library/Application Support/JAMF/vpn.networkConnect"

vpnInterfaceName="yourcompany VPN" # Set this parameter to the name that
should be set for the VPN in the System Preferences pane. # Example: "Company VPN"

# CHECK TO SEE IF A VALUE WERE PASSED IN FOR PARAMETERS $4 AND, IF SO,
ASSIGN THEM
if [ "$4" != "" ] && [ "$vpnFilePath" =
"/Applications/Utilities/yourcompany VPN.networkConnect" ]; then vpnFilePath=$4
fi

if [ "$5" != "" ] && [ "$vpnInterfaceName" == "yourcompany VPN" ]; then vpnInterfaceName=$5
fi

###########################################################################
#########################
# # VARIABLE VERIFICATION FUNCTION
#
###########################################################################
#########################

verifyVariable () {
eval variableValue=$$1
if [ "$variableValue" != "" ]; then echo "Variable "$1" value is set to: $variableValue"
else echo "Variable "$1" is blank. Please assign a value to the variable." exit 1
fi
}

###########################################################################
#########################
# # SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
###########################################################################
#########################

# Verify Variables

verifyVariable vpnFilePath

# If vpnInterfaceName is left blank, then it will not get renamed.

#Unlock the system.preferences privilege to allow this script to apply VPN
network adapter
/usr/libexec/PlistBuddy -c "Set rights:system.preferences:class allow"
/etc/authorization

#Ensure assistive device access is enabled
if [ -f /private/var/db/.AccessibilityAPIEnabled ];then echo "Assistive Device Access is already enabled." else echo "Enabling Access for Assistive Devices for Script to Properly
Run..." /usr/bin/touch /private/var/db/.AccessibilityAPIEnabled
fi

#Import .networkConnect file
echo "Importing Network Adapter..."
/usr/bin/open "$vpnFilePath"

#Click the "Apply" button for the user
/usr/bin/osascript << EOF > /dev/null 2>&1

tell application "System Events" tell process "System Preferences" tell window "Network"

click button "Apply" click button "Show VPN status in menu bar" end tell end tell
end tell

EOF

#Rename the interface if the variable was specified
if [ "$vpnInterfaceName" != "" ]; then echo "Renaming the VPN interface to $vpnInterfaceName..." /usr/sbin/networksetup -renamenetworkservice "VPN (IPSec)"
"$vpnInterfaceName"
fi

#Lock the system.preferences privilege
/usr/libexec/PlistBuddy -c "Set rights:system.preferences:class user"
/etc/authorization

#Quit System Preferences
/usr/bin/osascript << EOF > /dev/null 2>&1

tell application "System Events" tell application "System Preferences" to quit
end tell

EOF

#Return all network adapters
echo "The following network adapters are present after the
import: $(/usr/sbin/networksetup -listallnetworkservices)"

/bin/sleep 5 #allow some time

# This script configures built-in VPN (Cisco IP Sec) 'search doamins'
# (tested with 10.6)
# Written by Cem Baykara 2010

sudo networksetup -setsearchdomains 'yourcompany VPN' 'yourcompany.com'

/bin/sleep 5 #allow some time

###########################################################################
#########################
#
# Copyright (c) 2010, JAMF Software, LLC. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
are met:
# Redistributions of source code must retain the above
copyright
# notice, this list of conditions and the following
disclaimer.
# Redistributions in binary form must reproduce the above
copyright
# notice, this list of conditions and the following
disclaimer in the
# documentation and/or other materials provided with the
distribution.
# * Neither the name of the JAMF Software, LLC nor the
# names of its contributors may be used to endorse or
promote products
# derived from this software without specific prior
written permission.
#
# THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE
# DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
###########################################################################
#########################
#
# SUPPORT FOR THIS PROGRAM
#
# This program is distributed "as is" by JAMF Software, LLC's
Resource Kit team. For more
# information or support for the Resource Kit, please utilize the
following resources:
#
# http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
# http://www.jamfsoftware.com/support/resource-kit
#
# Please reference our SLA for information regarding support of this
application:
#
# http://www.jamfsoftware.com/support/resource-kit-sla
#
###########################################################################
#########################
#
# ABOUT THIS PROGRAM
#
# NAME
# setWebProxy.sh -- Configure a web proxy for a specified network interface
#
# SYNOPSIS
# sudo setWebProxy.sh
# sudo setWebProxy.sh <mountPoint> <computerName> <currentUsername>
<networkInterface>
# <proxyAddress> <port>
#
# If the $networkInterface parameter is specified (parameter 4), this is
the Netowrk Interface for
# which the search domains will be set. The expected values for the
$networkInterface parameter can
# be found by running the command:
#
# networksetup -listallnetworkservices
#
# If the $proxyAddress parameter is specified (parameter 5), this is the
proxy address that will
# be set.
#
# If the $port parameter is specified (parameter 6), this is the port to
which the proxy traffic
# be passed.
#
# If no parameters are specified for parameters 4, 5 or 6, the hardcoded
value in the script will be
# used.
#
# DESCRIPTION
# This script will configure the web proxy on the specified network
interface.
#
###########################################################################
#########################
#
# HISTORY
#
# Version: 1.1
#
# - Created by Nick Amundsen on July 11th, 2008
# - Modified by Nick Amundsen on August 5th, 2008
#
###########################################################################
#########################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
###########################################################################
#########################

# HARDCODED VALUES ARE SET HERE
networkInterface="yourcompany VPN"
proxyAddress="yourproxyserver"
port="80"

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO
"networkInterface"
if [ "$4" != "" ] && [ "$networkInterface" == "yourcompany VPN" ];then networkInterface=$4
fi

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 5 AND, IF SO, ASSIGN TO
"proxyAddress"
if [ "$5" != "" ] && [ "$proxyAddress" == "yourproxyserver" ];then proxyAddress=$5
fi

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 6 AND, IF SO, ASSIGN TO
"port"
if [ "$6" != "" ] && [ "$port" == "80" ];then port=$6
fi

###########################################################################
#########################
# # SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
###########################################################################
#########################

if [ "$networkInterface" == "" ]; then echo "Error: No network interface has been specified." exit 1
fi

if [ "$proxyAddress" == "" ]; then echo "Error: No proxy address has been specified." exit 1
fi

if [ "$port" == "" ]; then echo "Error: No port was specified." exit 1
fi

OS=`/usr/bin/defaults read /System/Library/CoreServices/SystemVersion
ProductVersion | awk '{print substr($1,1,4)}'`

if [[ "$OS" < "10.5" ]]; then echo "Setting web proxy for OS $OS..." /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Suppor
t/networksetup -setwebproxy "$networkInterface" "$proxyAddress" "$port"
else echo "Setting web proxy for OS $OS..." /usr/sbin/networksetup -setwebproxy "$networkInterface" "$proxyAddress"
"$port"
fi

#remove config file
rm /Applications/Utilities/yourcompany VPN.networkConnect

#Display Dialog
/usr/sbin/jamf displayMessage -message "VPN Imported" -background