Last active
September 21, 2022 21:10
-
-
Save azizasm/e216bc47b54f5b68405f3c8f8b832e8a to your computer and use it in GitHub Desktop.
Continuous run Forticlient VPN using expect. Automatically restart VPN if get disconnected or session closed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Forticlient SSL VPN Client / expect | |
| # -------------------------------------------- | |
| # CONFIGURATION | |
| FORTICLIENT_PATH="" | |
| # VPN Credentials | |
| VPN_HOST="hostname:443" | |
| VPN_USER="username" | |
| VPN_PASS="pass" | |
| # -------------------------------------------- | |
| # /opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli --server hostname:443 --vpnuser username --keepalive | |
| # | |
| trap ctrl_c INT | |
| function ctrl_c() { | |
| echo "Removing left-over files..." | |
| rm -f /tmp/expect | |
| } | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" | |
| exit 1 | |
| fi | |
| if [ -z "$FORTICLIENT_PATH" ]; then | |
| FORTICLIENT_PATH=`uname -a | grep -q 64 && echo $(locate forticlientsslvpn_cli | grep 64bit) || echo $(locate forticlientsslvpn_cli | grep 32bit)` | |
| if [ ! -f $FORTICLIENT_PATH ]; then | |
| echo "Tried to locate Forticlient SSL VPN Cli binary, but failed." | |
| echo "Specify it at variable FORTCLIENT_PATH" | |
| exit 1 | |
| fi | |
| echo "Located Forticlient VPN Client at: $FORTICLIENT_PATH" | |
| fi | |
| echo "Killing previous instances of Forticlient SSL VPN client..." | |
| killall -9 $(basename $FORTICLIENT_PATH) 2> /dev/null | |
| cat << EOF > /tmp/expect | |
| #!/usr/bin/expect -f | |
| match_max 1000000 | |
| set timeout -1 | |
| spawn $FORTICLIENT_PATH --server $VPN_HOST --vpnuser $VPN_USER --keepalive | |
| expect "Password for VPN:" | |
| send -- "$VPN_PASS" | |
| send -- "\r" | |
| expect "Would you like to connect to this server? (Y/N)" | |
| send -- "Y" | |
| send -- "\r" | |
| expect "Tunnel closed" | |
| close | |
| expect "Clean up..." | |
| close | |
| EOF | |
| chmod 500 /tmp/expect | |
| /usr/bin/expect -f /tmp/expect | |
| rm -f /tmp/expect |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| while true; do | |
| case "$(pidof expect | wc -w)" in | |
| 0) echo "Restarting expect: $(date)" >> /var/log/expect.txt | |
| /home/osboxes/forticlientsslvpn-expect.sh & | |
| ;; | |
| 1) # all ok | |
| ;; | |
| *) echo "Removed double expect: $(date)" >> /var/log/expect.txt | |
| kill $(pidof expect | awk '{print $1}') | |
| ;; | |
| esac | |
| sleep 3 | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
not really related, but do you know how to add the 'pre shared key' config for this cli client?
On the gui I have no problem setting this up, since there is a connection setup with a key value, but when connecting with the cli I'm not really sure where to place this key and also, even tho it seems to connect I can't ping, request or dns query any server