Automating VPN setup with built-in OS X VPN client

perrycj
Contributor III

Hey was just wondering if anyone has used a script to automate VPN setup with OS X's built-in VPN client. I've tried using an Applescript but it kind of works in 10.8 and doesn't work at all in 10.9. The script is very similar to the one found here:

http://blog.affirmix.com/2011/01/12/how-to-configure-a-vpn-in-mac-os-x-usingapplescript/

Wanted to see what everyone else was using (if anything at all). Thanks in advance.

15 REPLIES 15

nessts
Valued Contributor II

use a configuration profile

c0n0r
Contributor

There are two options that I know of...
1) a .mobileconfig file out of Casper or ProfileManager, installed either over MDM or the bash command "profiles"
2) a complex script using the bash command "networksetup"

perrycj
Contributor III

@nessts I would like too but unfortunately it requires a username for authentication which is unique to the user who logs in. I don't have generic credentials to use, which is why I am looking for a scripting solution.

c0n0r
Contributor

If you script the installation of the mobileconfig in a package, than the user is provided a system-UI for password entry.

If you are setting it up at imaging time, than you can store the mobileconfig file somewhere and craft up a LaunchDaemon to install it once there is an active console user.

Either way, root is actually running the script, so password issues at that point become moot.

nessts
Valued Contributor II

Hey Conor long time no talk, using Casper at the new job?
and if you put the vpn icon in the menu bar each user can add their credentials at the time of VPN connection so no need to worry about per user settings either.

perrycj
Contributor III

@nessts When you make the configuration profile within the JSS, it's required to enter a username for authentication for a VPN configuration profile. That's what I was referring to, sorry if it was unclear. Otherwise the configuration profile can't be saved and used. Oh and I'm on 8.73.

nessts
Valued Contributor II

so for username put changethis and set the password to a
if you use profile manager there is no requirement for a username and password.

c0n0r
Contributor

@perrycj It requires there to be something in the username field, yes, but you can easily use "Enter your username" or some such.

@nessts We have Casper in limited pilot to about 1% of our users. We are hoping to go into production early next year. I can go into more detail offline if you're interested (Rick has my contact info).

nessts
Valued Contributor II

good to hear @c0n0r you will like it much more than Altiris :)

perrycj
Contributor III

@nesstss @c0n0r good points ha. I'll try that and report back if it works in our environment. Thanks for the feedback.

bentoms
Release Candidate Programs Tester

@perrycj you could try: http://macmule.com/2011/12/22/how-to-silently-setup-vpn-on-10-6-10-7/

But i'd really recommend a config profile & use:

$USERNAME

In the username field to grab the username of the logged in user (well logging in user).

yumyum
New Contributor

There is also an open source command line tool written in Objective-C which might help you: https://github.com/halo/macosvpn

It pretty much simulates using the Systems Preferences Network pane, only using the native SystemPreferences API. It's also faster than AppleScript.

rderewianko
Valued Contributor II

I wrote this awhile ago for our corporate vpn's we didn't like the idea of storing the VPN in a script and needed the ability to provide our Infrastructure team a place to swap out shared key's them without getting their hands dirty.
https://github.com/pingidentity/JamfScripts/tree/master/SelfServiceVPNDeployment

dlondon
Valued Contributor

Hi @nessts just wondering about your comment such a long time ago on 12/5/2013 about putting the vpn icon on the he menu bar. Is there a way to do that in an automated way?

Regards,

David

dlondon
Valued Contributor

Sorry @nessts I should have looked more. This conversation covers the vpn icon https://www.jamf.com/jamf-nation/discussions/9745/show-vpn-on-the-menu-bar