Last active
July 21, 2020 08:05
-
-
Save jshiell/0a1673b94c9cac48929ce50666d6c714 to your computer and use it in GitHub Desktop.
AnyConnect script for user/pass VPN on headless Linux (i.e. where secret-tool won't work)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| readonly _CISCO_VPN="/opt/cisco/anyconnect/bin/vpn" | |
| readonly _GREEN='\033[0;32m' | |
| readonly _RED='\033[0;31m' | |
| readonly _NC='\033[0m' | |
| export PASSWORD_STORE_DIR="$HOME/.pass-anyconnect" | |
| vpn_up() { | |
| local VPN_PROFILE="$1" | |
| local VPN_USERNAME="$2" | |
| local VPN_PASSWORD="$3" | |
| "$_CISCO_VPN" -s connect "$VPN_PROFILE" <<EOF | |
| 2 | |
| $VPN_USERNAME | |
| $VPN_PASSWORD | |
| y | |
| exit | |
| EOF | |
| } | |
| vpn_down() { | |
| "$_CISCO_VPN" disconnect | |
| } | |
| vpn_verify() { | |
| local VPN_PROFILE="$1" | |
| local VPN_USERNAME="$2" | |
| echo -n "Checking profile $VPN_PROFILE exists..." | |
| if [[ ! -f "/opt/cisco/anyconnect/profile/$VPN_PROFILE.xml" ]]; then | |
| echo -e "${_RED}FAILED${_NC}" | |
| echo "Profile $VPN_PROFILE was not found - please connect once via '$_CISCO_VPN -s connect vpn.springernature.com' to download this" | |
| RESULT=1 | |
| else | |
| echo -e "${_GREEN}OK${_NC}" | |
| fi | |
| return $RESULT | |
| } | |
| verify_prerequisites() { | |
| if [[ ! -f "$_CISCO_VPN" ]]; then | |
| echo "Cannot find AnyConnect at $_CISCO_VPN - please ensure you've installed it." | |
| echo "You can download binaries from https://anyconnect.springernature.com" | |
| return 1 | |
| fi | |
| if ! gpg --version >/dev/null 2>&1; then | |
| echo "Cannot find gpg; please install, e.g. sudo apt install gnupg" | |
| return 2 | |
| fi | |
| if ! pass --version >/dev/null 2>&1; then | |
| echo "Cannot find pass; please install, e.g. sudo apt install pass" | |
| return 2 | |
| fi | |
| local [email protected] | |
| if ! gpg --list-keys | grep [email protected] >/dev/null 2>&1; then | |
| gpg --full-gen-key --batch <<EOF | |
| %no-protection | |
| Key-Type: DSA | |
| Key-Length: 1024 | |
| Subkey-Type: ELG-E | |
| Subkey-Length: 1024 | |
| Name-Real: AnyConnect VPN details storage | |
| Name-Comment: Used by anyconnect script to store username/password | |
| Name-Email: $PASS_EMAIL | |
| Expire-Date: 0 | |
| %commit | |
| EOF | |
| fi | |
| if [[ ! -d "$PASSWORD_STORE_DIR" ]]; then | |
| mkdir -p "$PASSWORD_STORE_DIR" | |
| pass init "$PASS_EMAIL" | |
| fi | |
| } | |
| main() { | |
| local ACTION="${1:-}" | |
| verify_prerequisites | |
| local VPN_USERNAME=$(pass show vpn-username 2>/dev/null) | |
| local VPN_PASSWORD=$(pass show vpn-password 2>/dev/null) | |
| if [[ -z "$VPN_USERNAME" || -z "$VPN_PASSWORD" ]]; then | |
| echo "Error: you must add your VPN username & password to the pass repo, e.g." | |
| echo " PASSWORD_STORE_DIR=$PASSWORD_STORE_DIR pass insert vpn-username" | |
| echo " PASSWORD_STORE_DIR=$PASSWORD_STORE_DIR pass insert vpn-username" | |
| exit 5 | |
| fi | |
| local VPN_PROFILE="SpringerNature-Int" | |
| case "$ACTION" in | |
| up) | |
| vpn_up "$VPN_PROFILE" "$VPN_USERNAME" "$VPN_PASSWORD" | |
| ;; | |
| down) | |
| vpn_down | |
| ;; | |
| verify) | |
| vpn_verify "$VPN_PROFILE" "$VPN_USERNAME" | |
| ;; | |
| *) | |
| echo "Usage: $0 <up|down|verify>" | |
| exit 1 | |
| ;; | |
| esac | |
| } | |
| main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment