Anybody have any luck stripping down the AnyConnect client and repackaging? I want to rebuild the package so it only has the VPN client…nothing else so I can then repackage and deploy via JAMF, not having any luck with Composer.
Unfortunately JAMF’s forums don’t let you link direct to a post in a thread. But d.williams in a post from Feb 2019 in https://www.jamf.com/jamf-nation/discussions/10847/deploying-anyconnect-without-the-web-security-module has the instructions that we’ve found very useful (and still work with 4.8):
- Download AnyConnect DMG from Cisco.
- Extract AnyConnect.pkg from DMG to your Desktop.
- Run the following commands in Terminal:
mkdir AnyConnectVPN
pkgutil --expand AnyConnect.pkg AnyConnect
cp -r AnyConnect/vpn_module.pkg ./
cp -r vpn_module.pkg/* AnyConnectVPN/
pkgutil --flatten AnyConnectVPN AnyConnectVPN.pkg
rm -r ./AnyConnect.pkg ./AnyConnect ./AnyConnectVPN ./vpn_module.pkg
The way we did it was actually installing all components via policy in jamf, then running a script after the fact that removes all unneeded components.
#!/bin/sh
#start AnyConnect un-install script
## Uninstall Web Security
/opt/cisco/anyconnect/bin/websecurity_uninstall.sh
## Uninstall AMP
/opt/cisco/anyconnect/bin/amp_uninstall.sh
## Uninstall ISEPosture
/opt/cisco/anyconnect/bin/iseposture_uninstall.sh
exit 0
We use the umbrella client, so it’s not listed here.
In addition to the question, do you all know if it’s possible and how to add the VPN addresses automatically via script to the client?
Thank you, not sure how my original post got deleted. This solved it.
But question was Anybody have any luck stripping down the AnyConnect client and repackaging? I want to rebuild the package so it only has the VPN client…nothing else so I can then repackage and deploy via JAMF, not having any luck with Composer.
when i pull down the stripped down ,pkg from composer i get Verifying package integrity…
Installing Cisco VPN 4.8.pkg…
Installation failed. The installer reported: installer: Package name is Cisco VPN 4.8
installer: Installing at base path /
installer: The install failed. (The Installer encountered an error that caused the installation to fail
You deploy the %client_profile%.xml along with AnyConnect. This file has your initial configuration in it. You can use the stand alone profile creator for windows, or create it in your ASA, download it, and package it up to drop into /opt/cisco/anyconnect/profile
same. doing loads of windows packaging lately I’ve moved away from composer when possible and towards vendor documented methods like the .xml