Deploying a pre-configured Junos Pulse VPN client on OS X
My shop recently made the change from using Juniper Network‘s Network Connect VPN client to using Juniper’s Junos Pulse VPN client. As part of the changeover, I wanted to provide an installer for our folks to use which would install both the Junos Pulse software and the configuration needed to connect to our VPN.
Fortunately, Juniper made the process of creating and importing the necessary configuration fairly straightforward. My VPN admin provided me with a copy of the needed .jnprpreconfig config file from our VPN server and I could use Pulse’s jamCommand application to import it. Once I had both the .jnprpreconfig config file and a copy of the Junos Pulse installer, I was able to create an installer using this method that handled both the installation and the automated configuration of the Junos Pulse VPN client. For more details, see below the jump.
Prerequisites:
- Packages
- A disk image with the Junos Pulse installer on it (provided by our VPN administrator)
- The appropriate .jnprpreconfig config file from our VPN server (provided by our VPN administrator)
1. Set up a new Packages project and select Raw Package.
2. In this case, I’m naming the project Junos Pulse VPN Client Installer.
3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.)
In this example, I’m not changing any of the options from what is set by default.
4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.
To accomplish this, I’m choosing the following options in the Settings section:
- In the Post-Installation Behavior section, set On Success: to Do Nothing
- In the Options section, check the box for Require admin password for installation.
5. Click on the Scripts tab in your Packages project.
6. Select the disk image with the Junos Pulse installer and drag it into the Additional Resources section of your Packages project.
7. Select the .jnprpreconfig config file and drag it into the Additional Resources section of your Packages project.
8. The last piece is telling the Pulse installer to run and follow the installation by importing the needed VPN configuration. For this, you’ll need a postinstall script. Here’s the one I’m using:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Determine working directory | |
| install_dir=`dirname $0` | |
| # | |
| # Installing Junos Pulse | |
| # | |
| # Specify location of the Junos Pulse disk image | |
| TOOLS=$install_dir/"JunosPulse.dmg" | |
| # Specify location of the Junos Pulse configuration file | |
| VPN_CONFIG_FILE=$install_dir/"Default.jnprpreconfig" | |
| # Specify a /tmp/junospulse.XXXX mountpoint for the disk image | |
| TMPMOUNT=`/usr/bin/mktemp -d /tmp/junospulse.XXXX` | |
| # Mount the latest Junos Pulse disk image to the /tmp/junospulse.XXXX mountpoint | |
| hdiutil attach "$TOOLS" -mountpoint "$TMPMOUNT" -nobrowse -noverify -noautoopen | |
| # Install Junos Pulse | |
| /usr/sbin/installer -dumplog -verbose -pkg "$(/usr/bin/find $TMPMOUNT -maxdepth 1 \( -iname \*\.pkg -o -iname \*\.mpkg \))" -target "$3" | |
| # | |
| # Applying VPN configuration file | |
| # | |
| if [[ -d "$3/Applications/Junos Pulse.app" ]]; then | |
| echo "Junos Pulse VPN Client Installed" | |
| "$3/Applications/Junos Pulse.app/Contents/Plugins/JamUI/jamCommand" -importFile "$VPN_CONFIG_FILE" | |
| echo "VPN Configuration Installed" | |
| else | |
| echo "Pulse Client Not Installed" | |
| fi | |
| # | |
| # Clean-up | |
| # | |
| # Unmount the Junos Pulse disk image | |
| /usr/bin/hdiutil detach "$TMPMOUNT" | |
| # Remove the /tmp/junospulse.XXXX mountpoint | |
| /bin/rm -rf "$TMPMOUNT" | |
| exit 0 |
The logic of this script is as follows:
- Mount the disk image
- Run the installer from the mounted disk image.
- Once installation completes, check for the installed Junos Pulse application and use Pulse’s jamCommand to import the configuration from the .jnprpreconfig file.
9. Once you’ve got the postinstall script built, run the following command to make the script executable:
sudo chmod a+x /path/to/postinstall
10. Once completed, add the postinstall script to your Packages project.
11. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.)
Testing the installer
Once the package has been built, test it by taking it to a test machine that does not have the Junos Pulse VPN client and install it. The end result should be that the Junos Pulse VPN client installs along with the corrected permissions.
Leave a Reply
Recent Comments
 | rtrouton on Creating a NexThink installer… |
 | this is not the Pete… on Creating a NexThink installer… |
 | Shri Sivakumaran on Adding password protection to… |
 | isotopp on Creating a sysdiagnose file us… |
 | Daniel O'Donnell on Apple Device Management Second… |
Der Flounder 
Have you found any options for scripting Pulse? I’m looking for a method of making a VPN connection without user intervention.
I’m struggling with adding the script and where do you run the final sudo chmod a+x /path/to/postinstall to in Packages? I’ve been going round in circles for ages.
Your assistance will be greatly appreciated.
you dont do it in packages, you do that in terminal
Check out: hdiutil -mountrandom option. It’s not needed to generate a separate TMP-Directory. Just let hdiutil do it directly for you.
Our Junos Pulse Admin game me four .jnprpreconfig files: One for each of our gateways’s in US, Europe, Asia and Hong Kong. Can you import all four? Or, do they need to be consolidated? We want all four connections in the VPN client.
Have you run into the pulse always starting at login in and prompting for creds each and every time you log out and back in and also after reboot? I have tried to configure the launchAgent but it really just ends up causing issues. IS this something that can be eliminated by a setting within the jnprpreconfig file? I appreciate your feed back.
FYI its now called Pulse Secure, so for anyone coming here in the future you’ll need to change anywhere it says Junos Pulse to Pulse Secure.