Set DNS Servers for VPN Profile

cgreid
New Contributor III

I need to push out a VPN payload that has its DNS servers set manually (Advanced/DNS under VPN settings in System Preferences) Is there a way to set the DNS servers for a VPN via script or terminal command?

2 ACCEPTED SOLUTIONS

adroitboy
New Contributor III

I had to do this for a search domain. The same method should apply.

I couldn't find something that would kickoff a script or policy once a config profile was installed. Instead, I used a run once policy that contained a network setup script, scoped to a smart group that contained machines that had the VPN adapter. I collect adapter names in an EA, but one could easily script it without that.

View solution in original post

cgreid
New Contributor III

I figured out another way to do it, with a little help from adroitboy.

I'm packaging the profile with a postinstall script that installs the profile and then sets the dns servers once installed.

View solution in original post

11 REPLIES 11

adroitboy
New Contributor III

I had to do this for a search domain. The same method should apply.

I couldn't find something that would kickoff a script or policy once a config profile was installed. Instead, I used a run once policy that contained a network setup script, scoped to a smart group that contained machines that had the VPN adapter. I collect adapter names in an EA, but one could easily script it without that.

cgreid
New Contributor III

Would you mind sharing your network setup script so that I can see what you did?

cgreid
New Contributor III

I figured out another way to do it, with a little help from adroitboy.

I'm packaging the profile with a postinstall script that installs the profile and then sets the dns servers once installed.

bentoms
Release Candidate Programs Tester

Shouldn't the VPN servers DHCP push these out?

cgreid
New Contributor III

Normally, yes. But we're a Medical Institution that is part of a University system. The Health System and the University have their own networks. The VPN is on the University system, but our users will still need access to some of the sites hosted on the Health System network, and the University DNS servers do not have pointers to those sites. Not only that, but in order to access the Health System sites, their DNS server has to be listed first.

bentoms
Release Candidate Programs Tester

@cgreid Ah, that's a shame!

rastogisagar123
Contributor II

@adroitboy Could you please share your network setup script in order i can implement the same

Sagar Rastogi

sdagley
Esteemed Contributor II

@rastogisagar As far as I can tell Pulse Secure DNS configuration is independent from the DNS settings in System Preferences' Network configuration. You'll need to have your DNS settings in your Pulse Secure configuration (and no, I don't know how that configuration is set up as my organization's VPN team controls that)

donjakubczak
New Contributor III

@cgreid

Yes could you share your post install script. I am trying to do the same via

open /path to mobileconfig

which brings up user interaction to complete the install which works fine, but my second piece of the script to call networksetup -setdnsservers .... fails.

I tried using wait as well an intermediate step that uses an util loop with networksetup -listallnetworkservices to give the script time to recognize the new network interface.

Would love to see your code.

donjakubczak
New Contributor III

Okay for all you that may want to do the same thing I figured this out. Here is a perl script you guys can edit. Of course you will want to replace "X.X.X.X X.X.X.Y" with your DNS servers.

#!/usr/bin/perl -w

use strict;

# Start the VPN config install by having the Finder launch the mobileconfig file
system('open /SMCVPN.mobileconfig');

# Give the user time to do the install
sleep 30;

# Check for the presence of SMC-VPN in the list of network services
# try for a maximum of 10 times
for (1..10)
    {
    my $result = `networksetup -listallnetworkservices | grep -i SMC-VPN`;
    chomp $result;
    if($result)
        {
        # We've found SMC-VPN
        # Wait a few seconds
        sleep 3;
        #Update DNS
        system('networksetup -setdnsservers SMC-VPN X.X.X.X X.X.X.Y');
        sleep 3;
        # Restart mDNSResponder
        system('killall -HUP mDNSResponder');
        # Report success to the user
        system ("osascript -e 'display alert "VPN Configured" message "SMC-VPN has been configured." buttons "OK" default button "OK" giving up after 10'");
        system('rm /SMCVPN.mobileconfig');
        exit;       
        }
    }

# Report failure to the user. Most likely caused by user abort.
system ("osascript -e 'display alert "VPN Not Found" as critical message "SMC-VPN was not found in your network preferences. Unable to complete setup." buttons "OK" default button "OK"'");

demaioj
New Contributor III

I know this thread is old but do those commands still work? We are pushing out a VPN profile from Jamf to 10.15 computers but running the command using terminal networksetup -setdnsservers $OURVPN_INERFACE $IPADDRESS command and networksetup -setsearchdomains $OURVPN_INERFACE $OURDOMAINS. If we manually set them up through Network Settings it works. There is a problem with our VPN vendor where they are passing values incorrectly so our VPN is not working.