Configure openconnect

openconnect_mac

# Use openconnect in favor of cisco anyconnect

# add vpn passdowd to macOS Keychain, change 'password' with your password

security add-generic-password -s openconnect_vpn -a $USER -w 'password'

# add these lines to .zshrc or .zprofile

function vpn-up() {
  local VPN_HOST="host"
  local VPN_USER="username"
  local SERVER_CERT="pin-sha256:87+Hf09J6X30/vKmSGLPA35scH/jey/aP7zL4sQ+5+i="
  local VPN_AUTH_GROUP="authgroup"
  local KEYCHAIN_ITEM="openconnect_vpn"
  local NOT_FOUND_STRING="could not be found"

	if [[ `security find-generic-password -w -s $KEYCHAIN_ITEM -a $USER 2>&1` == *"$NOT_FOUND_STRING"* ]]; then
    echo "Error: VPN password is not specified in macOS Keychain"
    return
	fi
  echo "Starting the vpn ..."
  security find-generic-password -w -s $KEYCHAIN_ITEM -a $USER | sudo openconnect --background --passwd-on-stdin --user=$VPN_USER --servercert=$SERVER_CERT --authgroup=$VPN_AUTH_GROUP $VPN_HOST 
}

function vpn-down() {
  sudo kill -2 `pgrep openconnect`
  echo "\n"
}