Skip to main content
Solved

Deploying AnyConnect without the Web Security Module


Did this topic help you find an answer to your question?
Show first post

32 replies

Forum|alt.badge.img+7
  • Valued Contributor
  • 99 replies
  • February 12, 2019

I highly suggest using this little puppy... Makes life so much easier!

installPKGfromDMG with extra parameters for supplying an xml answer file within your DMG container

Create your xml file, add it into your DMG next to your PKG... Create a policy to cache the DMG, add this script (after priority) and supply parameters

dmgName="" # Required eg anyconnect.dmg
forcesuccessflag="" # Optional
useinstallerapp="" # Optional eg YES
allowUntrusted="" # Optional
applyChoiceChangesXMLFile="" # Optional eg myfileinsidethedmg.xml

Supplying parameter 5/forcesuccessflag with "YES" without quotes and case sensitive allows PKG exit code to be bypassed and returns a forced exit code of 0 to the JSS (if needed).

Supplying parameter 6/useinstallerapp with "YES" without quotes and case sensitive forces the use of macOS native installer binary to install the PKG.

Supplying parameter 7/allowUntrusted with "YES" without quotes and case sensitive allows to bypass an invalid or expired certificate embedded within the PKG.

Supplying parameter 8/applyChoiceChangesXMLFile with an XML filename allows the PKG to be supplied an xml answerfile. The xml file MUST be beside the PKG wrapped in your DMG.

Please take careful note, that parameters 7 (allowUntrusted) and 8 (applyChoiceChangesXMLFile) are dependent on parameter 6 (useinstallerapp) being YES. I've also added mpkg if no pkg is found within the DMG. Additionally all parameters will be parsed in the logs so one can see if, when, and where something went wrong.


Forum|alt.badge.img
  • New Contributor
  • 1 reply
  • February 28, 2019

For anyone that is still trying to get just the VPN package out of the AnyConnect DMG, it's as simple as following these steps:

  1. Download AnyConnect DMG from Cisco.
  2. Extract AnyConnect.pkg from DMG to your Desktop.
  3. Run the following commands in Terminal:
mkdir AnyConnectVPN
pkgutil --expand AnyConnect.pkg AnyConnect
cp -r AnyConnect/vpn_module.pkg ./
cp -r vpn_module.pkg/* AnyConnectVPN/
pkgutil --flatten AnyConnectVPN AnyConnectVPN.pkg
rm -r ./AnyConnect.pkg ./AnyConnect ./AnyConnectVPN ./vpn_module.pkg

That should remove the VPN module from the Cisco AnyConnect PKG and turn it into a stand-alone deployable PKG that installs with no errors like it does when you try to install just the vpn_module.pkg.


Forum|alt.badge.img+3
  • New Contributor
  • 6 replies
  • December 17, 2019

This still works on 4.8 btw, thanks it was driving me spare.


Forum|alt.badge.img+4
  • Contributor
  • 11 replies
  • July 10, 2021

@d.williams Your steps Worked Great! I just packaged the 4.10 client. Thank you! If we wanted to include the .xml file with the connect-to sites on it, where would we place that in this? Or is this even possible?


iJake
Forum|alt.badge.img+21
  • Contributor
  • 279 replies
  • July 10, 2021

I'd advise using Choices XML rather than repackaging our installer. This is how I do it for us internally: https://www.jamf.com/jamf-nation/discussions/23198/cisco-anyconnect-4-4#responseChild140881


Forum|alt.badge.img+4
  • Contributor
  • 11 replies
  • July 15, 2021
iJake wrote:

I'd advise using Choices XML rather than repackaging our installer. This is how I do it for us internally: https://www.jamf.com/jamf-nation/discussions/23198/cisco-anyconnect-4-4#responseChild140881


@iJake Just curios... if we only wanted the VPN component from the install list, is there any reason why we can't just use the WebDeploy version of the 4.10 AnyConnect installer? anyconnect-macos-4.10.01075-webdeploy-k9.pkg


iJake
Forum|alt.badge.img+21
  • Contributor
  • 279 replies
  • July 15, 2021
machattan wrote:

@iJake Just curios... if we only wanted the VPN component from the install list, is there any reason why we can't just use the WebDeploy version of the 4.10 AnyConnect installer? anyconnect-macos-4.10.01075-webdeploy-k9.pkg


That installer is meant to be delivered by the headend for autoupdates. I've never tried to use it standalone so can't say for sure but likely you'd be advised against it officially.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings