Jamf Nation Community

SVC-SBDJamfAdmi · ‎04-10-2020

The Cisco AnyConnect VPN Client version 4.8.01090 package installs successfully on a test Mac from a policy created in Jamf. However, how do I include the two .xml files into the VPN package so users can retrieve a VPN Cert from the SCEP server and choose which geographical VPN server to choose? The two .xml files need to be placed in the /opt/cisco/anyconnect/profile location. What's the most expedient way to do this?

stevewood · ‎04-10-2020

@SVC-SBDJamfAdmin

Installing Components of Cisco AnyConnect 4.7

That post talks about using the -applyChoiceChangesXML flag for the installer binary to install just portions of AnyConnect (rather than everything like DART, etc). Using a postinstall script you call the installer after placing the AnyConnect PKG in a temp location.

You can use the postinstall to also move the XML files into the proper locations. Just add the XML to the temp location and add the lines in the postinstall to move the files into their final destination.

Hopefully that gives you an idea of where to start.

ega · ‎04-10-2020

My approach was to put into /var/tmp 1)the vanilla VPN.pkg, 2) the choices.xml file for the Apple installer, and 3) another signed installer I made that places the 2 Cisco customized XML files into /opt/cisco/anyconnect/profile. Use Composer to package these into a signed package by dragging from /var/tmp, and use the post install script to call the command line installer binary for both packages like
/usr/sbin/installer -target / -pkg /var/tmp/vpn.pkg -applyChoiceChangesXML /var/tmp/vpnchoices.xml
/usr/sbin/installer -target / -pkg /var/tmp/vpncustomxml.pkg

So the "outside" installer will just put the 2 packages and vpnchoices.xml into /var/tmp. Then the post install script will use the command line installer tool to properly run both .pkg files.

Jamf Nation Community

Cisco AnyConnect VPN need to include xml files