Jamf Nation Community

AlistairCarr · ‎04-28-2016

Hi all,

I can't see a way how to do this hence asking here

I have two VPN appliances on addresses 1.2.3.4 & 5.6.7.8 (for example)

Is it possible to create a smart group to find machines which have 1.2.3.4 configured as the destination server in the VPN settings?

Thanks, as always in advance.

htse · ‎04-28-2016

You can query VPN Connection Settings through scutil, and collect it through an extended attribute

scutil --nc show "VPN (PPTP)" | grep CommRemoteAddress

View solution in original post

htse · ‎04-28-2016

You can query VPN Connection Settings through scutil, and collect it through an extended attribute

scutil --nc show "VPN (PPTP)" | grep CommRemoteAddress

AlistairCarr · ‎04-29-2016

Thanks, I'll take a look at this

sean · ‎04-29-2016

This will rely on you knowing the name of the VPN setup in advance, which you may, but perhaps, like us, you have more than one possible named VPN depending on end users.

If you only have one per VPN setup per machine, then you could alternatively run:

#!/bin/bash

vpn_id=`scutil --nc list | awk '/IPSec/ {print $3}'`
/usr/libexec/PlistBuddy -c "Print :NetworkServices:${vpn_id}:IPSec:RemoteAddress" /Library/Preferences/SystemConfiguration/preferences.plist

exit 0

If you have more than one, you could run scutil command to get each name as well and then work through each to report name and remote address together.

As a side note, we have no CommRemoteAddress, so the above post would return nothing on our systems.

Jamf Nation Community

Smart group, VPN server address critera