Home > Mac administration, Mac OS X, Packaging, Scripting > Deploying a pre-configured Junos Pulse VPN client on OS X

Deploying a pre-configured Junos Pulse VPN client on OS X

My shop recently made the change from using Juniper Network‘s Network Connect VPN client to using Juniper’s Junos Pulse VPN client. As part of the changeover, I wanted to provide an installer for our folks to use which would install both the Junos Pulse software and the configuration needed to connect to our VPN.

Fortunately, Juniper made the process of creating and importing the necessary configuration fairly straightforward. My VPN admin provided me with a copy of the needed .jnprpreconfig config file from our VPN server and I could use Pulse’s jamCommand application to import it. Once I had both the .jnprpreconfig config file and a copy of the Junos Pulse installer, I was able to create an installer using this method that handled both the installation and the automated configuration of the Junos Pulse VPN client. For more details, see below the jump.

Prerequisites:

  • Packages
  • A disk image with the Junos Pulse installer on it (provided by our VPN administrator)
  • The appropriate .jnprpreconfig config file from our VPN server (provided by our VPN administrator)

1. Set up a new Packages project and select Raw Package.

Screen Shot 2015-03-13 at 10.19.09 AM

2. In this case, I’m naming the project Junos Pulse VPN Client Installer.

Screen Shot 2015-03-13 at 10.19.30 AM

3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4Configuring a project.)

In this example, I’m not changing any of the options from what is set by default.

Screen Shot 2015-03-13 at 10.19.42 AM

4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.

To accomplish this, I’m choosing the following options in the Settings section:

  • In the Post-Installation Behavior section, set On Success: to Do Nothing
  • In the Options section, check the box for Require admin password for installation.

Screen Shot 2015-03-13 at 10.20.09 AM

5. Click on the Scripts tab in your Packages project.

Screen Shot 2015-03-13 at 10.20.24 AM

6. Select the disk image with the Junos Pulse installer and drag it into the Additional Resources section of your Packages project.

Screen Shot 2015-03-13 at 10.34.04 AM

7. Select the .jnprpreconfig config file and drag it into the Additional Resources section of your Packages project.

Screen Shot 2015-03-13 at 10.34.17 AM

8. The last piece is telling the Pulse installer to run and follow the installation by importing the needed VPN configuration. For this, you’ll need a postinstall script. Here’s the one I’m using:

The logic of this script is as follows:

  • Mount the disk image
  • Run the installer from the mounted disk image.
  • Once installation completes, check for the installed Junos Pulse application and use Pulse’s jamCommand to import the configuration from the .jnprpreconfig file.

9. Once you’ve got the postinstall script built, run the following command to make the script executable:

sudo chmod a+x /path/to/postinstall

10. Once completed, add the postinstall script to your Packages project.

Screen Shot 2015-03-13 at 10.37.19 AM

11. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3Creating a raw package project and Chapter 10Building a project.)

Testing the installer

Once the package has been built, test it by taking it to a test machine that does not have the Junos Pulse VPN client and install it. The end result should be that the Junos Pulse VPN client installs along with the corrected permissions.

  1. Lewis Riley
    March 18, 2015 at 7:58 pm

    Have you found any options for scripting Pulse? I’m looking for a method of making a VPN connection without user intervention.

  2. Will
    May 28, 2015 at 4:48 pm

    I’m struggling with adding the script and where do you run the final sudo chmod a+x /path/to/postinstall to in Packages? I’ve been going round in circles for ages.

    Your assistance will be greatly appreciated.

    • November 25, 2015 at 3:49 pm

      you dont do it in packages, you do that in terminal

  3. alexander.wolpert@me.com
    July 22, 2015 at 1:21 pm

    Check out: hdiutil -mountrandom option. It’s not needed to generate a separate TMP-Directory. Just let hdiutil do it directly for you.

  4. Russ
    May 12, 2016 at 9:07 pm

    Our Junos Pulse Admin game me four .jnprpreconfig files: One for each of our gateways’s in US, Europe, Asia and Hong Kong. Can you import all four? Or, do they need to be consolidated? We want all four connections in the VPN client.

  5. Dom
    December 9, 2016 at 10:20 pm

    Have you run into the pulse always starting at login in and prompting for creds each and every time you log out and back in and also after reboot? I have tried to configure the launchAgent but it really just ends up causing issues. IS this something that can be eliminated by a setting within the jnprpreconfig file? I appreciate your feed back.

  6. June 27, 2017 at 9:31 am

    FYI its now called Pulse Secure, so for anyone coming here in the future you’ll need to change anywhere it says Junos Pulse to Pulse Secure.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: