Screen Sharing w/ Laptops off-network

jan_rosenfeld
New Contributor III

Feel like this is a dumb question - but my search hasn't yielded anything obvious.

I work in government Mac environment. I can ARD/JAMF Remote/Screen Share into any Mac hardwired onto my network.

When users are on their laptop, I can't figure out a good way to do so. All my users use VPN when offsite. Their computers are enrolled in my JSS, but is there a way to reliably remote into their machines if I need to? Inter-office I would just find them in ARD or type their IP into screen sharing... how can I do it for laptops on offsite wifi (but behind our VPN)

1 ACCEPTED SOLUTION

hkabik
Valued Contributor

Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.

#!/bin/bash


for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do
    Ifconfig_result=`ifconfig | grep -A2 "$i"`
    IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`
    if [ -n "$IP" ] ; then
        echo "<result> $IP </result>"
    fi          
done

View solution in original post

8 REPLIES 8

hkabik
Valued Contributor

Put the VPN ip range into ARD if possible and scan for their machine name?

Create an EA that finds their VPN IP address and have them run a recon from the self service app so you can determine their IP to screen share in manually?

mistacabbage
Contributor

https://remotixcloud.com/

pete_c
Contributor III

Create a new policy scoped to all laptops (or at least the ones that connect via your VPN), set the trigger as Network State Change with execution frequency Ongoing, then under Files & Processes run:

echo "Waiting 5sec to acquire IP address.." && sleep 5 && /usr/local/bin/jamf log

daniel_hayden
New Contributor III

I use this as an EA and as a self service Command to display VPN IP for Help Desk Calls

!/bin/bash

##################################################################

A script that gets the IP address of the machine while connected to a VPN

##################################################################

localip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | head -1
vpnip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | grep -v "$localip"

if [ "$vpnip" != "" ]; then echo "<result>$vpnip</result>"
else vpnip="Not Connected"
fi

Delete under Here for EA ###

windowType="utility"
windowPosition=""
title=""
heading="Your VPN IP"
description="Your VPN IP is: $vpnip"
icon="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Resources/vpngui.icns"
iconSize=""

"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfhelper" -windowType "$windowType" -windowPosition "$windowPosition" -title "$title" -heading "$heading" -description "$description" -icon "$icon" -iconSize "$iconSize" -button1 "Close" -defaultButton 1 -countdown "$timeout" -timeout "$timeout"

jan_rosenfeld
New Contributor III

thank you everyone - all of this is immensely helpful!

jan_rosenfeld
New Contributor III

Little update on this:

Scripts were reporting that VPN was status "not connected" even though it was. Did some digging and realized that the client we use (Cisco AnyConnect) doesn't interface with the "Native" VPN setting on OSX. Meaning it doesn't show up as a network, meaning the script doesn't see it.

Did some troubleshooting via Cisco and found out that the tunneled IP is listed within the AnyConnect app itself, and not anywhere in the OS. Working on a way for JSS to snag that now, but probably will just have users read it to me if I need it. -J

hkabik
Valued Contributor

Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.

#!/bin/bash


for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do
    Ifconfig_result=`ifconfig | grep -A2 "$i"`
    IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`
    if [ -n "$IP" ] ; then
        echo "<result> $IP </result>"
    fi          
done

jan_rosenfeld
New Contributor III

@hkabik this worked really well. in my environment I was able to parse it down to ifconfig utun1 | grep -w MYIPRANGE | awk '{print $2}'