- Jamf Nation Community
- Products
- Jamf Pro
- Re: Screen Sharing w/ Laptops off-network
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2018 12:57 PM
Feel like this is a dumb question - but my search hasn't yielded anything obvious.
I work in government Mac environment. I can ARD/JAMF Remote/Screen Share into any Mac hardwired onto my network.
When users are on their laptop, I can't figure out a good way to do so. All my users use VPN when offsite. Their computers are enrolled in my JSS, but is there a way to reliably remote into their machines if I need to? Inter-office I would just find them in ARD or type their IP into screen sharing... how can I do it for laptops on offsite wifi (but behind our VPN)
Solved! Go to Solution.
Labels:
- Labels:
-
Jamf Remote
-
Remote Control
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-03-2018 02:57 PM
Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.
#!/bin/bash
for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do
Ifconfig_result=`ifconfig | grep -A2 "$i"`
IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`
if [ -n "$IP" ] ; then
echo "<result> $IP </result>"
fi
done
Reply
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2018 01:44 PM
Put the VPN ip range into ARD if possible and scan for their machine name?
Create an EA that finds their VPN IP address and have them run a recon from the self service app so you can determine their IP to screen share in manually?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-01-2018 08:53 PM
https://remotixcloud.com/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2018 09:20 AM
Create a new policy scoped to all laptops (or at least the ones that connect via your VPN), set the trigger as Network State Change with execution frequency Ongoing, then under Files & Processes run:
echo "Waiting 5sec to acquire IP address.." && sleep 5 && /usr/local/bin/jamf log
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2018 06:38 PM
I use this as an EA and as a self service Command to display VPN IP for Help Desk Calls
!/bin/bash
##################################################################
A script that gets the IP address of the machine while connected to a VPN
##################################################################
localip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | head -1
vpnip=ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d -f2 | grep -v "$localip"
if [ "$vpnip" != "" ]; then
echo "<result>$vpnip</result>"
else
vpnip="Not Connected"
fi
Delete under Here for EA ###
windowType="utility"
windowPosition=""
title=""
heading="Your VPN IP"
description="Your VPN IP is: $vpnip"
icon="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Resources/vpngui.icns"
iconSize=""
"/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfhelper" -windowType "$windowType" -windowPosition "$windowPosition" -title "$title" -heading "$heading" -description "$description" -icon "$icon" -iconSize "$iconSize" -button1 "Close" -defaultButton 1 -countdown "$timeout" -timeout "$timeout"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-03-2018 01:18 PM
thank you everyone - all of this is immensely helpful!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-03-2018 01:52 PM
Little update on this:
Scripts were reporting that VPN was status "not connected" even though it was. Did some digging and realized that the client we use (Cisco AnyConnect) doesn't interface with the "Native" VPN setting on OSX. Meaning it doesn't show up as a network, meaning the script doesn't see it.
Did some troubleshooting via Cisco and found out that the tunneled IP is listed within the AnyConnect app itself, and not anywhere in the OS. Working on a way for JSS to snag that now, but probably will just have users read it to me if I need it. -J
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-03-2018 02:57 PM
Pulse Secure works much the same way. I user this extension attribute script to pull the VPN IP address. I just have user run a recon from Self Service so it populates in the JSS and I know what IP to connect to.
#!/bin/bash
for i in $(ifconfig -a | grep "^utun*" | cut -d ":" -f 1); do
Ifconfig_result=`ifconfig | grep -A2 "$i"`
IP=`echo "$Ifconfig_result" | awk '/inet / && $2 != "127.0.0.1"{print $2}'`
if [ -n "$IP" ] ; then
echo "<result> $IP </result>"
fi
done
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2018 08:05 AM
@hkabik this worked really well. in my environment I was able to parse it down to ifconfig utun1 | grep -w MYIPRANGE | awk '{print $2}'
