Jamf Nation Community

We just had to do this in our org.  Luckily, I already had a script ready which:

• Checked for an active VPN connection before proceeding
• If the VPN connection was active, it quit and would show "Failed" in the Jamf policy
• If it wasn't active, it called the uninstaller for all the pieces we had in place
• Then it installed the VPN package I preconfigured before uploading into Jamf Admin

Here it is:

#!/bin/bash
# Written by Steve Summers
# ifconfig is searching for a connection to the VPN.  If a device
# is connected, the IP variable will contain the IP address.  If a device is not
# connected, it does not return anything.  

# You'll need to input the first 2 octets of your institutions IP range when a
# device is connected.

IP=$(ifconfig | grep -E '(ip\.range)' -A 3 -B 1)

# This is a simple test condition, the -z tests for a "ZERO" in the IP variable
# If the customer is on the vpn, IP will not be zero and the script will end
# If the customer is NOT on the vpn, the condition is true, and the script runs
# the removal of the old and installs the new.

if [[ -z $IP ]]; then
 echo "VPN Not Connected, uninstalling old and installing new version..."

# this calls the silent uninstaller.  we don't use the one in applications
 sudo /opt/cisco/anyconnect/bin/umbrella_uninstall.sh
 sleep 20
 sudo /opt/cisco/anyconnect/bin/anyconnect_uninstall.sh
 sleep 30
# policy to install the new VPN
sudo jamf policy -id <your Policy ID here>
sleep 180

else
 echo "VPN Connected, exiting..."
 exit 1
fi

IP=$(ifconfig | grep -E '(ip\.range)' -A 3 -B 1)