com30n · April 1, 2021 09:29
diff --git a/VPNConnect.scpt b/VPNConnect.scpt
 -- First of all: you have to connect to the vpn with Tunnelblick without, 
 -- paste your username, set a checkbox "Save in Keychain" for username, 
 -- paste your password and DO NOT set "Save in Keychain" for the password. 
 -- Then click "OK" button, connect to the vpn and since this moment you can use the script.

 -- 1. To authorize via Touch ID you must apply this script: https://gist.github.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70
 -- 2. Create a new password entry in Keychain Access called "tunnelblick-vpn-2f" with your MFA base32 token
 -- 3. Add your a new connection name entry in Keychain Access called "tunnelblick-connection-name" with your name of the tunnelblick connection
 -- 4. Install oath-toolkit. (brew install oath-toolkit)
 -- 5. Open this script in Script Editor (both this and the above are in the Applications->Utilities folder) and "Save as.." an Application (.app) with desired name.
 -- 6. Open Security & Privacy System Preferences, go to Privacy, Accessibility.
 -- 7. Enable the above .app so it can access Accessibility
 -- 8. Add the new .app to /Users/[yourshortname]/Applications with a shortcut to your Dock 
 -- 9. Enjoy the fast connection with no need to enter password and increased security of not having a sensitive password stored as plain text.

 set targetApp to "Tunnelblick"

 set SecondFactorKeyChainKey to "tunnelblick-vpn-2f"
 set ConnectionName to "tunnelblick-connection-name"
 set Connection to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of ConnectionName

 tell application "System Events"
 	set processExists to exists process targetApp
 end tell

 if processExists is true then
 	tell application "Tunnelblick"
 		get state of first configuration where name = Connection
 		if result = "CONNECTED" then
 			disconnect Connection
 			return
 		end if
 	end tell
 end if

 tell application "Tunnelblick"
 	connect Connection
 	
 	tell application "System Events"
 		repeat until (window 1 of process "Tunnelblick" exists)
 			delay 1
 		end repeat
 		
 		tell process "Tunnelblick"
 			set Token to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of SecondFactorKeyChainKey
 			set PSWD to do shell script "sudo /opt/homebrew/bin/oathtool --totp -b -d 6 " & quoted form of Token
 			keystroke PSWD as text
 			keystroke return
 		end tell
 		
 	end tell
 	
 	get state of first configuration where name = Connection
 	repeat until result = "CONNECTED"
 		delay 1
 		get state of first configuration where name = Connection
 	end repeat
 	if result = "connected" then return
 end tell
	-- First of all: you have to connect to the vpn with Tunnelblick without,
	-- paste your username, set a checkbox "Save in Keychain" for username,
	-- paste your password and DO NOT set "Save in Keychain" for the password.
	-- Then click "OK" button, connect to the vpn and since this moment you can use the script.

	-- 1. To authorize via Touch ID you must apply this script: https://gist.github.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70
	-- 2. Create a new password entry in Keychain Access called "tunnelblick-vpn-2f" with your MFA base32 token
	-- 3. Add your a new connection name entry in Keychain Access called "tunnelblick-connection-name" with your name of the tunnelblick connection
	-- 4. Install oath-toolkit. (brew install oath-toolkit)
	-- 5. Open this script in Script Editor (both this and the above are in the Applications->Utilities folder) and "Save as.." an Application (.app) with desired name.
	-- 6. Open Security & Privacy System Preferences, go to Privacy, Accessibility.
	-- 7. Enable the above .app so it can access Accessibility
	-- 8. Add the new .app to /Users/[yourshortname]/Applications with a shortcut to your Dock
	-- 9. Enjoy the fast connection with no need to enter password and increased security of not having a sensitive password stored as plain text.

	set targetApp to "Tunnelblick"

	set SecondFactorKeyChainKey to "tunnelblick-vpn-2f"
	set ConnectionName to "tunnelblick-connection-name"
	set Connection to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of ConnectionName

	tell application "System Events"
	set processExists to exists process targetApp
	end tell

	if processExists is true then
	tell application "Tunnelblick"
	get state of first configuration where name = Connection
	if result = "CONNECTED" then
	disconnect Connection
	return
	end if
	end tell
	end if

	tell application "Tunnelblick"
	connect Connection

	tell application "System Events"
	repeat until (window 1 of process "Tunnelblick" exists)
	delay 1
	end repeat

	tell process "Tunnelblick"
	set Token to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of SecondFactorKeyChainKey
	set PSWD to do shell script "sudo /opt/homebrew/bin/oathtool --totp -b -d 6 " & quoted form of Token
	keystroke PSWD as text
	keystroke return
	end tell

	end tell

	get state of first configuration where name = Connection
	repeat until result = "CONNECTED"
	delay 1
	get state of first configuration where name = Connection
	end repeat
	if result = "connected" then return
	end tell