Jamf Nation Community

@jameson

This discussion on JN has the method we use to deploy AnyConnect with only the VPN module by using a choices.xml file:

AnyConnect 4.4

In the particular post I linked to you can see where @jhbush1973 is actually deploying the profile at the same time. I do not do that because I have different profiles for each business units I support. The profile lives in /opt/cisco/anyconnect/profile on your systems. You can have multiple profiles (all with different file names) or you can have one profile with all of your VPN concentrators listed. The relevant part of the profile XML file is towards the bottom:

<ServerList>
    <HostEntry>
        <HostName>Display Name of VPN</HostName>
        <HostAddress>vpn.yourserver.com</HostAddress>
        <UserGroup></UserGroup>
    </HostEntry>
</ServerList>

If you have different user groups in use, you can put the user group name in between <UserGroup></UserGroup> and it will load to that group when you fire up the VPN.

I build using the pkgbuild binary since this is a relatively simple package and I don't want to fire up Packages or Composer for something this simple. I have a template folder that I clone and then I put stuff in the proper locations. Place any files you want to deliver to the machine in ROOT using the full folder path to what you want. In this case I want to drop the Choices.XML file and the AnyConnect installer into /tmp. Put your postinstall script into Scripts and then run the Build.sh script. I have my script configured to need the name you want and the version and then it tacks on the date in ISO 8601 format.

#!/bin/bash
args=("$@")
pkgName="${args[0]}"

echo "Supply the package name and version: build.sh <pkgname> <version>"
# get date for package name
myDate=`date +%Y%m%d`

# Name of the package.
NAME="${pkgName}"

# Once installed the identifier is used as the filename for a receipt files in /var/db/receipts/.
IDENTIFIER="com.omnicom.$NAME"

# Package version number.
VERSION="${args[1]}"

# Remove any unwanted .DS_Store files.
find ROOT/ -name '*.DS_Store' -type f -delete

# Build package.
/usr/bin/pkgbuild 
    --root ROOT/ 
    --scripts scripts/ 
    --identifier "$IDENTIFIER" 
    --version "$VERSION" 
    "Output/$NAME-$VERSION-$myDate.pkg"

Hope that makes sense and helps.

@stevewood I don't yet have my Jamf Server running - I'm waiting on my Linux team for MySQL - Postflight is new to me - Is the postflight script referenced above created by Jamf? Or, is this something created manually for each situation?

@k3vmo

A postlfight script is not a Jamf thing, it is a Mac packaging thing. A postflight (or preflight or postinstall or preinstall) script is part of a package that runs after the package has run to finish up things. The script is created for each package/situation, unless you're re-using the same package but slightly changing it in some way.

Sorry - fount the solution. Host name was different to host adress, that confused me

@stevewood I have been trying to get Cisco Anyconnect with just the VPN profile and our server address pre-populated into the application for a while I read through your post and this seems like a workable solution. Would you be able to point me in the direction of any online resources that could guide one on how to use pkgbuild binary? I am working with Jamf support and they keep nudging me in the direction of using Composer.... this is not working for me at all. Any assistance would be appreciated, thanks.

@ashleyrubin

http://thegreyblog.blogspot.com/2014/06/os-x-creating-packages-from-command_2.html

https://juusosalonen.com/post/139067064745/demystifying-pkgbuild-in-os-x

Even better, for a deep dive into packaging, @arminBriegel book: Packaging

You do not have to use pkgbuild do this. This is just the way I do it. You can do this in Composer or using another packaging tool like:

Packages

The basics are that you're dropping the installer, choices file, and the VPN profile XML file into a temp location and then the postinstall script runs the install and then copies the XML into the proper directory.