Jamf Nation Community

sardesm · ‎02-27-2015

Anyone know of a way to complete this, i have machines with vpn profiles that are not all nam,ed the same. I want to standardize the adapter via a configuration profile , is there a way to script the removal of a profile with the name VPN in the service title?

justinrummel · ‎02-27-2015

I assume your VPN settings are using L2TP (vs. PPTP). To test and see what we may remove, I would create an extension attribute to record the value of:

system_profiler SPNetworkDataType | grep -B2 L2TP | head -n 1 | awk '{gsub(":", "", $1); print $1}'

This will give you a list of all the VPN settings that are L2TP. You can then verify the names by doing a custom report, and if you are happy base a new script that will then delete the network service that is found.

#!/bin/sh

ns=`system_profiler SPNetworkDataType | grep -B2 L2TP | head -n 1 | awk '{gsub(":", "", $1); print $1}'`
echo "Now removing ${ns}"
sudo networksetup -removenetworkservice "${ns}"

exit 0

View solution in original post

May · ‎02-27-2015

We just needed to do the same thing,

if you're in a rush*

i used the Network Services List EA to get a list of all the current VPN names (the EA doesn't work on 10.10 though)

and used a *quick and dirty script to remove all names found,

#!/bin/sh

# Remove old VPN configurations with the following names -

/usr/sbin/networksetup -removenetworkservice "VPN one"

/usr/sbin/networksetup -removenetworkservice "drunkenly namedVpN"

/usr/sbin/networksetup -removenetworkservice "VPN.YOURDOMAIN.COM"

/usr/sbin/networksetup -removenetworkservice "VPN (PPTP)"

/usr/sbin/networksetup -removenetworkservice "VPN"

i did say it was dirty! and the script will show as failing in the logs as it's trying to remove all of the services when the machine will have only one.

View solution in original post

justinrummel · ‎02-27-2015

Want to clarify, there are existing Configuration Profiles for VPN installed on clients, however, they vary in name. You want to remove these Configuration Profiles and install a new one?

If that is the case, why not just change the name or delete the old Configuration Profile?

sardesm · ‎02-27-2015

There are currently no configuration profiles, vpn configuration was entered manually by various techs.

justinrummel · ‎02-27-2015

So here is my theory, We need to take the list of all network services and compare them to the hardware ports names. Your outliers are most likely VPN settings (e.g. rummel.co)

justinrummel@Rummel-MBPr ~> networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
rummel.co
Thunderbolt Ethernet
Thunderbolt Bridge
Wi-Fi
Bluetooth DUN
iPhone USB

justinrummel@Rummel-MBPr ~> networksetup -listallhardwareports | awk '/Hardware Port: / {print $3 " " $4}'
Bluetooth DUN
Wi-Fi 
Bluetooth PAN
Thunderbolt 1
Thunderbolt 2
Thunderbolt Bridge

Seems like an easy thing for python, but my python skills are poor. Will try to get something, but won't be surprised if someone has a way to do this already.

- Justin

justinrummel · ‎02-27-2015

Nevermind, the above idea is bad as I now see iPhone USB and that Thunderbolt 1 & 2 do not represent Thunderbolt Bridge. I'll think of other ideas.

justinrummel · ‎02-27-2015

I assume your VPN settings are using L2TP (vs. PPTP). To test and see what we may remove, I would create an extension attribute to record the value of:

system_profiler SPNetworkDataType | grep -B2 L2TP | head -n 1 | awk '{gsub(":", "", $1); print $1}'

This will give you a list of all the VPN settings that are L2TP. You can then verify the names by doing a custom report, and if you are happy base a new script that will then delete the network service that is found.

#!/bin/sh

ns=`system_profiler SPNetworkDataType | grep -B2 L2TP | head -n 1 | awk '{gsub(":", "", $1); print $1}'`
echo "Now removing ${ns}"
sudo networksetup -removenetworkservice "${ns}"

exit 0

sardesm · ‎02-27-2015

Using Cisco IPSec.

sardesm · ‎02-27-2015

modified to system_profiler SPNetworkDataType | grep -B2 IPSec | head -n 1 | awk '{gsub(":", "", $1); print $1}'

#!/bin/sh

ns=system_profiler SPNetworkDataType | grep -B2 IPSec | head -n 1 | awk '{gsub(":", "", $1); print $1}'
echo "Now removing ${ns}"
sudo networksetup -removenetworkservice "${ns}"

exit 0

sardesm · ‎02-27-2015

Removal script doesn't seem to remove all VPN Services.

justinrummel · ‎02-27-2015

I only assumed one script vs and array of multiple settings. You may have to run in a couple of times if they are getting picked off one-by-one.

May · ‎02-27-2015

We just needed to do the same thing,

if you're in a rush*

i used the Network Services List EA to get a list of all the current VPN names (the EA doesn't work on 10.10 though)

and used a *quick and dirty script to remove all names found,

#!/bin/sh

# Remove old VPN configurations with the following names -

/usr/sbin/networksetup -removenetworkservice "VPN one"

/usr/sbin/networksetup -removenetworkservice "drunkenly namedVpN"

/usr/sbin/networksetup -removenetworkservice "VPN.YOURDOMAIN.COM"

/usr/sbin/networksetup -removenetworkservice "VPN (PPTP)"

/usr/sbin/networksetup -removenetworkservice "VPN"

i did say it was dirty! and the script will show as failing in the logs as it's trying to remove all of the services when the machine will have only one.

sardesm · ‎02-27-2015

Trying to get the following to work but I think I have syntax errors somewhere.

#!/bin/sh

# Detects all network hardware & creates services for all installed network hardware
/usr/sbin/networksetup -detectnewhardware

IFS=$' '

#Loops through the list of network services
for i in $(networksetup -listallnetworkservices | tail +2 );
do

# Get a list of all services beginning 'VPN'
# If your service names are different to the below, you'll need to change the criteria
if [[ "$i" =~ *VPN* ]] ; then
ns=/usr/sbin/networksetup -listallnetworkservices "$i" | head -1 | cut -c 6-

sudo networksetup -removenetworkservice "$i"
fi
done

exit 0

mscottblake · ‎02-27-2015

@sardesm The only thing that looks out of place is the use of sudo near the end.

Beyond that, why are you setting $ns if you are not using it anywhere? Should that be the variable in the networksetup -removenetworkservice statement?

sardesm · ‎02-27-2015

As is the script works but it removes only variables such as "VPN network" but not if the name is "networkVPN"

sardesm · ‎02-27-2015

ok so im here

This will remove

My VPN
VPN MY

but not MyVPN or VPNMY

still think I'm getting syntax wrong somewhere or inputting the wrong variable here

if [[ "$i" =~ 'VPN' ]] ; then

#!/bin/sh

# Detects all network hardware & creates services for all installed network hardware
/usr/sbin/networksetup -detectnewhardware

IFS=$' '

#Loops through the list of network services
for i in $(networksetup -listallnetworkservices | tail +2 );
do

# Get a list of all services containing 'VPN'
# If your service names are different to the below, you'll need to change the criteria
if [[ "$i" =~ 'VPN' ]] ; then

/usr/sbin/networksetup -removenetworkservice "$i"
fi
done

exit 0

mscottblake · ‎02-27-2015

@sardesm][/url, try this:

#!/bin/sh

# Detects all network hardware & creates services for all installed network hardware
/usr/sbin/networksetup -detectnewhardware

IFS=$'
'

# Loops through the list of network services containing VPN
for service in $(/usr/sbin/networksetup -listallnetworkservices | grep "VPN" ); do
    /usr/sbin/networksetup -removenetworkservice "${service}"
done

exit 0

sardesm · ‎03-02-2015

Still not removing all....... hmmm try to bang head against wall again today.

sardesm · ‎03-04-2015

Think quick and dirty it is because i cannot seem to get anything else to work. Thanks guys.

joshuasee · ‎03-04-2015

Oddly, I noticed that removing the quotes around the service name in the script seemed to help for some names in 10.10.2 .

Are you getting any error messages?

rm10245 · ‎09-21-2016

Looking at using the script posted by @mscottblake I ran into the same issue that the last occurrence of the VPN profile cannot be removed which is a problem especially if you only have one instance you are trying to purge.

Errors as follows:"You cannot remove {VPN Profile Name} because there aren't any other network services on IPv4."

Looking at manual for networksetup -removenetworkservice here I noticed it states "You cannot use this command to delete the last remaining service for a hardware port. To do so, you use the -setnetworkserviceenabled command."

My workaround was to rename the last instance of the profile and set it to disabled. More of a hack instead of a permanent solution so if anyone else has any other suggestions please kindly advise.

ammonsc · ‎11-14-2016

@mscottblake is their a way in your script to not delete a profile that has VPN of a certain name? like "My Company VPN"

mscottblake · ‎11-14-2016

@ammonsc If you add a grep -v "foo" to a command, it will remove anything that matches "foo", similar to how grep "foo" only grabs things that match "foo".

For instance:

#!/bin/sh

# Detects all network hardware & creates services for all installed network hardware
/usr/sbin/networksetup -detectnewhardware

IFS=$'
'

# Loops through the list of network services containing VPN
for service in $(/usr/sbin/networksetup -listallnetworkservices | grep "VPN" | grep -v "My Company VPN" ); do
    /usr/sbin/networksetup -removenetworkservice "${service}"
done

exit 0

I have not tested this in any way, and other than the issue listed above where you can't remove the last interface, I don't see anything wrong with it.

ammonsc · ‎11-14-2016

@mscottblake I get "grep: VPN”: No such file or directory"

Jamf Nation Community

Delete VPN Profile from CommandLine