CLI tool for maintaining a SOCKS5 tunnel through a Cisco AnyConnect VPN tunnel (for macOS)

socks5-cli-control

# This script will allow you to open/close a SOCKS5 tunnel as well as checking the status.
# The tunnel is created by using the bind address-option in the SSH client.
# The script will also terminate the tunnel if the connection is interrupted, and re-establish it when the connection is available again.
# Written and tested for macOS.

# Requirements:
# Install screen: https://formulae.brew.sh/formula/screen

# Usage
# socks5 open - Checks if your Cisco AnyConnect client is connected, if so it will attempt to set up a SOCKS5 tunnel to the remote server
# socks5 close - Terminates the tunnel
# socks5 status - Checks whether the tunnel is open
# socks5 list-bindings - Lists active SSH address bindings (mostly for debugging purposes)
# socks5 list-screens - Lists active screen sessions (mostly for debugging purposes)

# Installation
# Place file "socks5-tunnel.sh" somewhere in your file system, ensure that it is executable (run chmod +x socks5-tunnel.sh to be sure).
# Add the functions below to your bash profile. Update line 45 with the correct path to "socks5-tunnel.sh" + port, SSH username and IP to the remote server.

function socks_status() {
	if [[ "$(lsof [email protected]:socks -sTCP:LISTEN)" == "" ]]; then
		echo "Tunnel closed"
	else
		echo "Tunnel open"
	fi
}

function socks_close() {
	screen -S socks-tunnel -X quit >/dev/null
	if [[ "$(lsof [email protected]:socks -sTCP:LISTEN)" == "" ]]; then
		echo "Connection already closed"
	else
		lsof [email protected]:socks -sTCP:LISTEN -t | xargs kill -9
		echo "Connection closed"
	fi
}

function socks_open() {
	if [[ "$(/opt/cisco/anyconnect/bin/vpn status)" == *Disconnected* ]]; then
		echo "VPN not connected, cannot proceed"
		return
	fi
	if ! screen -list | grep -q "socks-tunnel"; then
		screen -dmS socks-tunnel
		screen -S socks-tunnel -p 0 -X stuff "/path/to/socks5-tunnel.sh 1080 user@remote-ip$(printf \\r)"
		echo "Connection opened"
	else
		echo "Connection seems already open"
	fi
}

function socks_list_bindings() {
        lsof [email protected]:socks -sTCP:LISTEN
}

function socks_list_screens() {
        screen -ls
}

function socks5() {
	case $1 in
		status)
    		socks_status
    		;;
		
  		close)
    		socks_close
    		;;
		
  		open)
    		socks_open
    		;;
		
		list-bindings)
                socks_list_bindings
                ;;

                list-screens)
                socks_list_screens
                ;;
	esac
}

socks5-tunnel.sh

#!/usr/bin/env bash

function maybe_disconnect() {
    if [[ "$(lsof [email protected]:socks -sTCP:LISTEN)" != "" ]]; then
        echo "Terminate tunnel"
        lsof [email protected]:socks -sTCP:LISTEN -t | xargs kill -9
    fi
}

while [ true ]; do

    # Terminate script if screen gets terminated
    if ! screen -list | grep -q "socks-tunnel"; then
    	maybe_disconnect
    	exit 0
    else
    	echo "Screen exist"
    fi

    if [[ "$(/opt/cisco/anyconnect/bin/vpn status)" == *Connected* ]]; then
    	if [[ "$(lsof [email protected]:socks -sTCP:LISTEN)" == "" ]]; then
    	    echo "Connect"
            ssh -o ServerAliveInterval=1 -D $1 $2
    	else 
            echo "Already connected"
    	fi
    else
    	echo "VPN not connected"
    	maybe_disconnect
    fi
    sleep 1
done