VPN service

dderusha
Contributor

Hi-

We have been using Apple’s VPN service over Cisco’s software for a while and have been pretty happy with how it works.

Has anyone been able to gather Apple’s network service settings and make a script or MCX that would apply those VPN settings?

Using composer it touches the system.keychain in /Library/Keychains

Searching for casper and keychains turned up some information on importing certs and a great site to get casper keychains.....

Any suggestions?

Thank you

Dan De Rusha

9 REPLIES 9

RobertHammen
Valued Contributor II

Are you using a group/shared secret, or certificate-based authentication?
On Jun 7, 2011, at 12:06 PM, Dan DeRusha wrote:

If the former, there's a script for you in the Resource Kit. (you can export the profile, then edit out your login details/hashed password). If the latter, you may have to play with scripting (using the security command) to get things working.

--Robert

dderusha
Contributor

Hi-
On Jun 7, 2011, at 12:06 PM, Dan DeRusha wrote:

We have been using Apple’s VPN service over Cisco’s software for a while and have been pretty happy with how it works.

Has anyone been able to gather Apple’s network service settings and make a script or MCX that would apply those VPN settings?

Using composer it touches the system.keychain in /Library/Keychains

Searching for casper and keychains turned up some information on importing certs and a great site to get casper keychains.....

Are you using a group/shared secret, or certificate-based authentication?

If the former, there's a script for you in the Resource Kit. (you can export the profile, then edit out your login details/hashed password). If the latter, you may have to play with scripting (using the security command) to get things working.

--Robert

Robert-

we have a shared secret, thanks for the tip

Dan De Rusha

RobertHammen
Valued Contributor II

You have to play with the export options - many of them fail. I think I had to export the user config and include the items from the users' keychain. You can then edit your credentials and hashed password out - I used vi, TextEdit may also work.

Once you have a blank/empty profile, and can test the "double-click" distribution (make sure it reimports as an empty profile) - you can use the script in the Resource Kit. Once caveat to that script - I think it statically defines the VPN connection type as VPN (PPTP) - if you're using an IPSEC profile like me, you need to fix that. I actually just mentioned that to Nick Amundsen today...

If you need to define anything else, like MTU/proxy, there's a modified version of the Resource Kit script floating around out there...

--Robert

nessts
Valued Contributor II

we have just done this you can take a reference machine configure automatic to be the normal network mode set proxies, dns, turn off ipv6 etc.
then create a new location, likely to not have proxies etc. then create your vpn profiles, put in the shared secret info, set network order if you so desire etc.
then grab /Library/Preferences/SystemConfiguration/preferences.plist
edit it your favorite way and remove the last couple of settings and it should work on any other machine of the same hardware configuration
System = { Network = { HostNames = { LocalHostName = "C02FC3JUDF8Y"; }; }; System = { ComputerName = "C02FC3JUDF8Y"; ComputerNameEncoding = 0; }; };

or you could do like I did and strip it down to just an ethernet adapter in the config, no airport, no second ethernet, and then use networksetup commands to add in any missing network services on all locations.

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

bentoms
Release Candidate Programs Tester

I stumbled over this old, old hint & was going to have a nose at it tomorrow:

http://hints.macworld.com/article.php?story030311232930261

Regards,

Ben.

tracyleon
New Contributor

I think here i can help you.. for all ios vpn setting related to cisco you can find the solution here i am sure it will help you to resolve Cisco vpn issues

alinafoster
New Contributor

Thanks for the usefull information

alinafoster
New Contributor

For vpn lovers the range of good vpn providers is limited and not all tools are good in performance. If someone is looking for best and reliable vpn tool to change their IP address with US servers so they can find best tools online. I am using [http://www.corporatevpn.org](Corporate VPN) for getting us IP and i have a list of best us vpn service

alinafoster
New Contributor

For vpn lovers the range of good vpn providers is limited and not all tools are good in performance. If someone is looking for best and reliable vpn tool to change their IP address with US servers so they can find best tools online. I am using Corporate VPN for getting us IP and i have a list of best us vpn service