Cisco VPN AnyConnect

raghdasi
New Contributor III

Hello There,

I am wondering if there is anyone using Cisco VPN Any-connect 4.9 in macOS Big sur Beta? I installed it but it is giving me error right from start and I can't even launch it. Please see the attached screenshot for the error.
d1f6e03866dc49c18e4fab8c22ceacaa

Any help appreciated. Thanks.

1 ACCEPTED SOLUTION

takayuki
New Contributor III

Has anyone whitelisted the Cisco AnyConnonect 4.9.02028 System Extension (com.cisco.anyconnect.macos.acsockext) from JAMF Pro Configuration Profile successfully?

We attempted to whitelist the Team ID 'DE8Y96K9QP' but the following System Extension warning message is still prompted on macOS 11 Big Sur beta 6.

5db2e7fdb0524d87a8c096d2ff21f55f

View solution in original post

56 REPLIES 56

tcandela
Valued Contributor II

@MacJunior I'm going to be using the configuration profile settings not that file from any connect.
What did you end up doing?

MacJunior
Contributor III

I ended up creating a config profile like this one and it worked!

5bab85787c804382ac1511a185445e2b

70b2e9595c7844cb80788b67eb17e10a

92c5be5d2ec843349a0779d02a8918ae

fgonzale
Contributor

@kgam kudos for the Content Filter screenshot it's working great

wmateo
Contributor

Has anyone figured out a way to supress the notification dialog so that it does not show on first launch? 5b83c936fb634c5898dd402d996e6782

MacJunior
Contributor III

It worked for me .. I had to specify system extension "com.cisco.anyconnect.macos.acsockext", here are my config profiles :

d66eddc9e4dc4fc5b31cd735d6ce6d95

0ed5fef80a284d2f9c868b6aba054443

746671dd78a74b348abe3e5a6355a0d1

tcandela
Valued Contributor II

does this system extension have to get installed on Big Sur even if the mac is having an in place upgrade from Mojave or Catalina and has AnyConnect 4.9.04053 currently installed?

MacJunior
Contributor III

yeah it has to be added since that mac is running Big Sur now.

The order is really important, you install the profile first then the app.

tcandela
Valued Contributor II

@MacJunior yeah but what if you're doing an in place upgrade to Big Sur and these applications that require system extensions are already installed?
What about applications like Box, Google drive file stream? These i setup kernel extensions for previously, not what happens with Big Sur? Especially if all these applications are installed prior to the in place upgrade to Big Sur?

MacJunior
Contributor III

tbh I haven't tried it yet but since Apple has deprecated KEXTs in Big Sur and moved to System extensions then -1 vendor needs to update their app and we need to approve their system extension.

Speaking of Drive File Stream .. how did you approved its kernel extension?

dwoodfill
New Contributor III

Can I resurrect this post? I dont have a need for the filter portion, but the system/kernal are in place and Im still getting a prompt to the user. Machines are running Monterey. 

cboatwright
New Contributor III

Like everyone here, we are in the same boat plus additional fun! I have all the system extensions and content filter deployed, but our AnyConnect VPN (only portion of pkg we install & use) is stuck at v4.9.00086. We went to Cisco to download an updated version to deploy to our M1/BigSur users, but rudely found we need to pony up $$ to them for a new software service contract ~ despite already having all the Cisco hardware and VPN licenses. We do not want to spend money we don't need to (public ed) so hoping someone here can send me a download link for v4.9.04xxx+ which is required for "leveraging the System Extension framework available in macOS 11".

cboatwright
New Contributor III
The sample profile at the end of the cisco doc starting working when I got the 4.9.04043 installer. FYI

Please - anyone out there who can send our district a copy of this package?

ImAMacGuy
Valued Contributor II

@MacJunior Thank you for this! I had copied the example on one of Cisco's KB articles and it was slightly different. I changed the different ones to what's in your screen shots and everything worked.

oli
New Contributor III

@MacJunior I build exactly what's in the screenshots. But it didn't work. My test machine ist a MacBook Pro with M1 CPU. Can anyone confirm that this is working also on Apple Silicon?

Update: Finally I got it working: I had to uninstall and after a reboot reinstall AnyConnect. This works for my environment. I also think there is a bug in your screenshots in Content Filter -> Identifier: com.cisco.anyconnect.macos.acsock should be com.cisco.anyconnect.macos.acsockext

markdmatthews
Contributor

I have the silent-install working perfectly, but getting prompted when uninstalling for user interaction "Cisco AnyConnect Socket Filter is trying to modify a System Extension," when uninstalling via:
"/opt/cisco/anyconnect/bin/anyconnect_uninstall.sh"
"/opt/cisco/anyconnect/bin/dart_uninstall.sh"

These are being executed via Jamf and attempted as CuurectUser too...

hansjoerg_watzl
Contributor II

We configured the needed configuration profiles for Cisco AnyConnect (VPN) since Big Sur was released. We have no issues with installing it (Big Sur and Monterey). But when uninstalling it, we still get this popup window:

hansjoerg_watzl_0-1658732845289.png

As we normally run the following uninstall script before updating (installing) a new Cisco AnyConnect version, all of our users will see this popup, which is not, what we want of course.

#!/bin/bash

# Get VPN status
vpnstate=$(/opt/cisco/anyconnect/bin/vpn status | grep Disconnected)

# Check if vpn update can run. If vpn is connected, exit.
if [[ "$vpnstate" == *"Disconnected"* || ! -f /opt/cisco/anyconnect/bin/vpn ]]; then 
    echo "VPN not connected or not installed. Running Update Policy."
    sudo killall "Cisco AnyConnect Secure Mobility Client"

    sudo /opt/cisco/anyconnect/bin/vpn_uninstall.sh
    sudo /opt/cisco/anyconnect/bin/nvm_uninstall.sh
    sudo /opt/cisco/anyconnect/bin/websecurity_uninstall.sh

    sudo rm -rf /System/Library/StartupItems/CiscoVPN
    sudo rm -rf /Library/StartupItems/CiscoVPN
    sudo rm -rf /System/Library/Extensions/CiscoVPN.kext
    sudo rm -rf /Library/Extensions/CiscoVPN.kext
    sudo rm -rf /Library/Receipts/vpnclient-kext.pkg
    sudo rm -rf /Library/Receipts/vpnclient-startup.pkg
    
    sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn
    
    # Reinstalling Cisco AnyConnect
    /usr/local/bin/jamf policy -event anyconnect
    exit 0
else 
    echo "VPN is connected. Exit."
    exit 1
fi

 

Does anybody know, how we can suppress this popup when uninstalling Cisco AnyConnect? Thanks!

 

lrockwell
New Contributor

Has anyone used the above on macOS Ventura Beta?