Connect to Cisco AnyConnect VPN

run-curl.sh

#!/bin/bash

loginscript=vpn-login

[ -f $loginscript ] && . $loginscript

VPNCOOKIE=$(curl -s -k "https://${VPNGATEWAY}/+webvpn+/index.html" \
    -H 'Cookie: webvpnlogin=1' \
    --data 'group_list=DefaultWEBVPNGroup' \
    --data "username=${VPNLOGIN}" \
    --data "password=${VPNSECRET}" \
    -o/dev/null -D- | \
awk -F: '$1 ~ /Set-Cookie/ && $2 ~ /webvpn=/ {print $2}' | \
awk -F\; '{print $1}' | \
sed 's/^[[:space:]]*//g; s/webvpn=//')

CERTHASH=$(echo | openssl s_client -connect $VPNGATEWAY:443 2>/dev/null | \
    openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | \
    openssl sha256 | awk '{print $2}')

mkdir -p /etc/vpnc/connect.d

# do not set /etc/resolv.conf
echo "export INTERNAL_IP4_DNS=" > /etc/vpnc/connect.d/01-resolv.conf

# do not replace default gateway
cat <<'EOF' > /etc/vpnc/connect.d/02-defroute
set_default_route() {
    rm -f $DEFAULT_ROUTE_FILE
}
EOF

if [ -z "$VPNCOOKIE" -o -z "$CERTHASH" ]; then 
    exit 1
else
    openconnect --background \
        --pid-file="/run/webvpn-${VPNGATEWAY}.pid" --servercert "sha256:${CERTHASH}" \
        --no-dtls \
        -C "$VPNCOOKIE" $VPNGATEWAY
fi