chadel tallia wonndah

0 views
Skip to first unread message

Candi Ruman

unread,
Aug 2, 2024, 8:23:51 PM8/2/24
to emexiges

New user here. T-Mobile Home Internet works fine at home. However, I do encounter the problem to use VPN. My gateway is ARC KVD21, not Nokia. What is the solution to this issue? Do I need to contact T-Mobile technical group?

To make a long story short if your company support dual stack IPv4 and IPv6 you should be fine. Unfortunately, my case is that they only support IPv4. The solution to my case is to disable my laptop IPv6. However, it does have some side effects. Hence, discuss it with your IT team before you do so. Good luck.

I am facing issue with cisco anyconnect vpn and tmobile 5g home internet. without VPN works great with 350+mbps speed. But with VPN, it connect-disconnect every 5 min. I debugged issue with company IT tech and they told me that its Internet provider issue.

I created a web clip to this URL and it did auto generate the VPN profile after enabling external control (Cisco AnyConnect App, Settings, External Control --> Enabled). If only there is a way to automate this setting :(

I have tried this in the VPN configuration and when I try to connect to the VPN in the settings I get "please install an application for cisco anyconnect to enable the vpn connection". I have the cisco anyconnect app installed so im not sure what else its asking for. Any ideas?

@jholmquist If you are using the newest version of Cisco AnyConnect (non legacy), you have to be on Jamf 10 (or at least that is what I was told by Jamf Support) as the API was broken. It won't work on 9.x.

If you are using the legacy Cisco AnyConnect app you should still be able to use the VPN Configuration profile even if you are using 9.x. We are still using the legacy Cisco AnyConnect app and VPN Config profile on 9.101.

It seems like for the VPN payload on a Configuration Profile, the Account field is now required (I'm on Jamf 10). I guess I could just put a generic entry ("Enter Username") but was wondering if anyone had an alternate way to configure this?

I also just tried doing the above, installed AnyConnect (the non-Legacy version) through Self-Service, it took maybe 3-4 minutes for JSS to complete the "Installed App List" command. If I look at the device's Inventory page and go to Management>Configuration Profiles it show the Config Profile I created, but if I open Cisco AnyConnect it says there are no connections.

@j.meister The solution above by @EdLuo works perfectly, and can be applied post-install of the Cisco AnyConnect app... so in my brain, seems better than the AppConfig (though obviously supporting both would be nice).

Maybe I'm missing something, but I've deployed the latest Cisco Anyconnect app via managed distro and the VPN payload is installed, but as @el2493 mentioned above, I'm not seeing the VPN connection profile in Anyconnect, pre or post install.

How do I get the app to pull in the VPN profile?

@Dave_F it's been 3.5 years since I posted, so I don't remember specifically what I did to get it working but it is now working for me. We have an AnyConnect Profile that installs on all mobile devices, and users install AnyConnect through Self Service (we use VPP for licenses).

*Connection Name (this could be any name)
*VPN Type: VPN
*Connection Type: Cisco AnyConnect
*Server: I entered the address of the Server, a slash, then the Group Name. So if our VPN server was school.vpn.edu and the group Name was VPN-PROD, the server would be "school.vpn.edu/VPN-PROD" (without quotation marks)
Account: [Left blank]
Group: Entered the group name [i.e. VPN-PROD]
User Authentication: Password
Password/Verify Password: [Left blank]
Provider type: Packet-tunnel
Everything else is unchecked or blank. Idle timer is "Do not connect" and Proxy setup is "None."

Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.

This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.

NB: be careful NOT to run sudo launchctl and NOT to run launchctl from a root terminal, because launchctl is user-dependent. For example, trying to run sudo launchctl unload -w /Library/LaunchAgents/com.cisco.anyconnect.gui.plist results in an error "Could not find specified service", whereas without the sudo it works.

launchctl is the equivalent of systemd on Linux or services.msc on Windows. Every mac user should have at least some vague idea of what launchctl does because it manages far more than AnyConnect: basically every process not manually started by the user.

launchctl is documented in (surprise) man launchctl but that's not for the faint of heart. For a friendlier documentation that does not assume you already know the difference between "loading" versus "starting" or between a "daemon" vs a "service" or an "agent" go to first.

As a bonus and slightly off-topic answer, here's a clean way to restart the AnyConnect daemon in case it gets stuck as it sometimes does. This is the other, lower-level AnyConnect process(es) without any user interface and running as root that does the actual work:

Avoid kill and killall, see why on careful where you use sudo since some of the agents and daemons run in user space and some run in system space and different versions of macOS have different syntax and shells.

Edit: Strange I got a downvote, because I just tested it myself, and it works without any problems at all. Perhaps not a beautiful solution that addresses the underlaying problem (by design ?), nevertheless... ?

This has been driving me crazy. I finally discovered the 3 plist files that appear to control this in /Library/LaunchDaemons. But I couldn't change the RunAtLoad parameter to false, because even after I changed the file permissions I couldn't save the plist files. I finally changed the folder permissions to read and write and applied those changes to the contained items, and at last I've been able to edit and save. I'll know for sure after the next reboot ... something I'll do in a few days because starting up again takes forever.

It is not the permission of the file itself that prevents you from editing, it is the permission of the containing folder. Then, you should not change the permissions of such system files for security reasons. But it is easy to edit these files: Simply copy them to some other place where you have permission to write to files, e.g. the Desktop, and edit the files there. Then move them back in with replacing option and authenticating as an administrator and the file is edited.

However, I do not see those three files you seem to mention. I find on my system only 'com.cisco.anyconnect.ciscod.plist' and 'com.cisco.anyconnect.vpnagentd.plist' in the directory '/Library/LaunchAgents'. Perhaps more importantly, while setting in these two files the parameter 'RunAtLoad' to 'false' indeed prevents the annoying reinstallation of the application 'Cisco AnyConnect Secure Mobility Client.app' as a login item after a restart, it also makes the vpn in general disfunctional.

c01484d022
Reply all
Reply to author
Forward
0 new messages