Deploying a pre-configured Junos Pulse VPN client on OS X
My shop recently made the change from using Juniper Network‘s Network Connect VPN client to using Juniper’s Junos Pulse VPN client. As part of the changeover, I wanted to provide an installer for our folks to use which would install both the Junos Pulse software and the configuration needed to connect to our VPN.
Fortunately, Juniper made the process of creating and importing the necessary configuration fairly straightforward. My VPN admin provided me with a copy of the needed .jnprpreconfig config file from our VPN server and I could use Pulse’s jamCommand application to import it. Once I had both the .jnprpreconfig config file and a copy of the Junos Pulse installer, I was able to create an installer using this method that handled both the installation and the automated configuration of the Junos Pulse VPN client. For more details, see below the jump.
- A disk image with the Junos Pulse installer on it (provided by our VPN administrator)
- The appropriate .jnprpreconfig config file from our VPN server (provided by our VPN administrator)
1. Set up a new Packages project and select Raw Package.
2. In this case, I’m naming the project Junos Pulse VPN Client Installer.
3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.)
In this example, I’m not changing any of the options from what is set by default.
4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.
To accomplish this, I’m choosing the following options in the Settings section:
- In the Post-Installation Behavior section, set On Success: to Do Nothing
- In the Options section, check the box for Require admin password for installation.
5. Click on the Scripts tab in your Packages project.
6. Select the disk image with the Junos Pulse installer and drag it into the Additional Resources section of your Packages project.
7. Select the .jnprpreconfig config file and drag it into the Additional Resources section of your Packages project.
8. The last piece is telling the Pulse installer to run and follow the installation by importing the needed VPN configuration. For this, you’ll need a postinstall script. Here’s the one I’m using:
The logic of this script is as follows:
- Mount the disk image
- Run the installer from the mounted disk image.
- Once installation completes, check for the installed Junos Pulse application and use Pulse’s jamCommand to import the configuration from the .jnprpreconfig file.
9. Once you’ve got the postinstall script built, run the following command to make the script executable:
sudo chmod a+x /path/to/postinstall
10. Once completed, add the postinstall script to your Packages project.
11. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.)
Testing the installer
Once the package has been built, test it by taking it to a test machine that does not have the Junos Pulse VPN client and install it. The end result should be that the Junos Pulse VPN client installs along with the corrected permissions.