Can't Remove VPN Network Service Created by Configuration Profile

etippett
Contributor II

We're transitioning our client computers from one JSS to another. As part of this, we have to remove the current MDM profile before running the QuickAdd package to install the new one. We're doing so with the command profiles -R -p <uuid>. This is successfully getting rid of the MDM profile, as well as all configuration profiles that were installed by the JSS. However, the VPN network service that was created by one of the config profiles still exists. The '-' button to remove it in System Preferences is greyed out and trying to run networksetup -removenetworkservice <networkservicename> gives the following error:

You cannot remove CCAD VPN 1 because there aren't any other network services on IPv4.
** Error: The parameters were not valid.

Any ideas?

Thanks,
Eric

11 REPLIES 11

Valenzuela
New Contributor

Hello,

If you do a networksetup -listallnetworkservices does it show up in the list? If so, do a networksetup -removenetworkservice "CCAD VPN 1"

Let me know if that works.

Joseph Valenzuela

etippett
Contributor II

@Valenzuela Yes, it shows up in the output of networksetup -listallnetworkservices. However, as mentioned, I can't remove it with that command; it gives the error listed.

Thanks,
Eric

ljungholms
New Contributor

If you are going to install it again how about just removing JAMF completely?
sudo jamf -removeframework

etippett
Contributor II

@ljungholms Because I need the connection to the old JSS to stay up so that I can use it to push the QuickAdd package for my new JSS. Regardless -removeFramwork doesn't help with the original problem of the VPN network service not being removed along with its config profile.

Thanks for the input.

bvrooman
Valued Contributor

I ran into this one time. I ended up removing the service from /Library/Preferences/SystemConfiguration/preferences.plist manually (I think with Xcode) and it was a giant pain.

The fix is probably scriptable - the actual key to remove is somewhat ambiguous, but there's a UserDefinedName in the dictionary which follows, which would help find the correct one.

etippett
Contributor II

Well hey, @bvrooman ! Yeah, I figured that was an option, but didn't want to dig through getting the right command to nail just the right key.

Something I've learned: my mistake with this VPN profile was deploying it at the user-level. I did this so that the username field could be pre-filled, but I believe this is what's causing problems with removal. I'm now deploying a new VPN profile at the computer level, and the network service it creates removes just fine when the MDM profile is zapped.

For now I've got a workaround. Once the new VPN profile is installed and there is another service, it lets me remove the old one. I have no idea why it thinks the old VPN service is the only IPv4 service until this occurs, but, oh well!

Eric

giraffeman
New Contributor

If you cannot remove the network configuration because you get an error saying it is the only network service on ipv4, click the plus button to add another network configuration, and add one that would be on ipv4 such as 6 to 4, you can then use the terminal command to delete the configuration you were attempting to delete before, and remove the 6 to 4 using the minus button.

EthanCon
New Contributor

Hi Guys,

I am also running into this issue, and it's driving me nuts. We had to recently push out a full new VPN profile, and now I can delete that one, but the original remains even after removing the profile.

Anyone able to point me in the right direction?

etippett
Contributor II

@EthanCon You mean the profile is gone but the network service remains? If so, use the

networksetup -removenetworkservice SERVICENAME

command I mentioned in my original post.

ruth1963
New Contributor

Hi to all,

I have the same problem and have to delete my vpn service from network preferences. I am new to this and need some more specifications. How do I create another service? I created another wifi service.... it did not work.
Do you mean create another VPN service? Thanks for your help.

etippett
Contributor II

@ruth1963 I'm not sure I understand your question. To create another VPN service, simply create another configuration profile with the proper payload and push it out.