Jamf Nation Community

PiyushVerma · ‎04-17-2023

Hi All,

How to configure VPN (Not per-app VPN) for macOS from Jamf Pro. Also, the requirement is that User should not able to change or remove VPN

Technical Architect

AJPinto · ‎04-17-2023

MacOS's built in VPN client is more or less a consumer focused product and as far as I am aware does not have an always on full tunnel offering. What VPN Client are you planning on using?

PiyushVerma · ‎04-18-2023

Thanks @AJPinto , Here client want to go for in built VPN, they do have Zscaler but not want to go by that

Technical Architect

AJPinto · ‎04-18-2023

I sit corrected, L2TP over IPSec does offer a full tunnel option. Using macOS's VPN client wont be anywhere near as robust as a 3rd party client like Zscaler or AnyConnect but you can attempt to build this out using the VPN Configuration Profile payload. Setting this with a configuration profile would prevent users from modifying the settings.

Change VPN settings on Mac - Apple Support

Change options for L2TP over IPSec VPN connections on Mac - Apple Support

PiyushVerma · ‎04-20-2023

Thanks @AJPinto , client now want to go with CheckPoint... any config file or link for you have for its configuration pl,

Also, there are other set of users who should have Zscaler, while I deploy Zscaler using the below script it gives an error in Jamf log as:

"Script result: replace Zscaler-osx-3.7.1.42-installer.app/Contents/CodeResources? [y]es, [n]o, [A]ll, [N]one, [r]ename: NULL
(EOF or read error, treating as "[N]one" ...) Thu Apr 20 12:55:12 IST 2023 Cannot decompress dad archive. Exiting".

Script I used:

#!/bin/sh

## postinstall

sleep 30

sudo /Users/Shared/Zscaler-osx-3.9.0.81-installer.app/Contents/MacOS/installbuilder.sh --cloudName $4 --userDomain $5

exit 0 ## Success

exit 1 ## Failure

Technical Architect

Jamf Nation Community

VPN configuration from Jamf Pro