Last active
September 15, 2020 14:55
-
-
Save com30n/85db7cd2e2a9a253445c60eccd1ed90b to your computer and use it in GitHub Desktop.
Cisco AnyConnect Automatic connection script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ -n $DEBUG ]]; then | |
| set -xe | |
| fi | |
| ldap_password_keychain_name=LDAP | |
| second_factor_secret_keychain_name=2Factor | |
| vpn_server=$2 | |
| vpn_group_index=$3 | |
| if [[ -z $vpn_group_index ]]; then | |
| vpn_group_index=0 | |
| fi | |
| function print_usage { | |
| printf "Use: %s [option] VPN_SERVER_URL [VPN_GROUP_INDEX]\n\n" "$0" | |
| printf ' option:\n' | |
| printf ' -c | --connect\t\t Connect or reconnect to VPN\n' | |
| printf ' -d | --disconnect\t\t Disconnect from VPN\n' | |
| printf ' -nc | --non-ui-connect\t Connect to VPN, but not run UI\n' | |
| printf ' -h | --help\t\t This message\n' | |
| printf '\n' | |
| printf ' VPN_SERVER_URL | \t\t VPN server url, for example: vpn.example.com\n' | |
| printf ' VPN_GROUP_INDEX | \t\t Index (integer) of VPN group, for example: 3; by default equals - 0\n' | |
| printf '\n' | |
| printf ' debug:\n' | |
| printf ' To set debug mode you should put something into \$DEBUG env\n' | |
| printf '\n' | |
| printf 'Some helpful info:\n' | |
| printf '\n' | |
| printf ' Before start working with this script, you have to put your LDAP password\n' | |
| printf ' and base32 secret from 2f to your keychain. For doing that, open "Keychain Access.app"\n' | |
| printf ' and add two password there:\n' | |
| printf '\n' | |
| printf ' first:\n' | |
| printf ' Keychain item Name: LDAP\n' | |
| printf ' Account Name: YOUR_ACCOUNT_NAME\n' | |
| printf ' PASSWORD: YOUR_LDAP_PASSWORD\n' | |
| printf '\n' | |
| printf ' second:\n' | |
| printf ' Keychain item Name: 2Factor\n' | |
| printf ' Account Name: YOUR_ACCOUNT_NAME\n' | |
| printf ' PASSWORD: YOUR_2F_BASE32_SECRET\n' | |
| printf ' \n' | |
| printf "Example Use: %s -c vpn.example.com 1\n\n" "$0" | |
| } | |
| function auth { | |
| echo "Getting password and token..." | |
| ldap_password=$(/usr/bin/security find-generic-password -wl "$ldap_password_keychain_name") | |
| secret_2f=$(/usr/bin/security find-generic-password -wl "$second_factor_secret_keychain_name") | |
| if [[ -z $ldap_password || -z $2f_secret ]]; then | |
| printf "Couldn't get LDAP password or 2f secret." | |
| exit 1 | |
| else | |
| echo "Trying to connect to VPN" | |
| if [[ -n $DEBUG ]]; then | |
| echo -e "connect $vpn_server\n$vpn_group_index\n\n$ldap_password\n $(oathtool --totp -b -d 6 "$secret_2f")" | /opt/cisco/anyconnect/bin/vpn -s; | |
| else | |
| echo -e "connect $vpn_server\n$vpn_group_index\n\n$ldap_password\n $(oathtool --totp -b -d 6 "$secret_2f")" | /opt/cisco/anyconnect/bin/vpn -s > /dev/null 2>&1; | |
| fi | |
| fi | |
| } | |
| function check_vpn_connection { | |
| # If VPN connected function will return 0, in other case it return 1 | |
| vpn_state=$(echo 'state' | /opt/cisco/anyconnect/bin/vpn -s | grep -ou "state: .*" | uniq | awk '{print $2}') | |
| if [[ $vpn_state == "Connected" ]]; then | |
| echo 'true'; | |
| else | |
| echo 'false'; | |
| fi | |
| } | |
| function check_vpn_ui_running { | |
| # Checks if the VPN UI is runnitng. If its running - returns true. | |
| ui_run=$(pgrep "Cisco AnyConnect .*") | |
| if [[ -n $ui_run ]]; then | |
| echo 'true'; | |
| else | |
| echo 'false'; | |
| fi | |
| } | |
| function disconnect_from_vpn { | |
| echo "Try to disconnect..." | |
| echo "Check if VPN UI is running" | |
| if [[ "$(check_vpn_ui_running)" == 'true' ]]; then | |
| echo "Kill VPN UI" | |
| pkill -x "Cisco AnyConnect.*"; | |
| fi | |
| echo "Check if VPN connection exists" | |
| if [[ "$(check_vpn_connection)" == 'true' ]]; then | |
| echo "Disconnect from VPN" | |
| if [[ -n $DEBUG ]]; then | |
| /opt/cisco/anyconnect/bin/vpn disconnect; | |
| else | |
| /opt/cisco/anyconnect/bin/vpn disconnect > /dev/null 2>&1 ; | |
| fi | |
| fi | |
| echo "Disconnection has been succesful" | |
| } | |
| function connect_to_vpn { | |
| disconnect_from_vpn | |
| printf "Connecting to vpn...\n\n" | |
| auth | |
| if [[ $? == 0 ]]; then | |
| echo "Vpn connected." | |
| else | |
| echo -e "Something went wrong. \nVPN connection status code: $?" | |
| exit 1 | |
| fi | |
| if [[ $1 == 1 ]]; then | |
| echo "VPN UI won't start" | |
| else | |
| printf "Starting VPN UI...\n\n" | |
| open -a "Cisco AnyConnect Secure Mobility Client.app" | |
| fi | |
| } | |
| if [ $# -lt 2 ] ; then | |
| print_usage; | |
| exit 1; | |
| fi | |
| if [[ $1 == '-c' || $1 == '--connect' || $1 == '-nc' || $1 == '--non-ui-connect' ]]; then | |
| if [[ $1 == '-nc' || $1 == '--non-ui-connect' ]]; then | |
| connect_to_vpn 0; | |
| else | |
| connect_to_vpn; | |
| fi | |
| elif [[ $1 == '-d' || $1 == '--disconnect' ]]; then | |
| disconnect_from_vpn; | |
| else | |
| print_usage; | |
| exit 1; | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment