-
-
Save kaleksandrov/3cfee92845a403da995e7e44ba771183 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| case $# in | |
| 0) | |
| echo "Usage: $0 {start|stop}" | |
| exit 1 | |
| ;; | |
| 1) | |
| case $1 in | |
| start) | |
| echo "Starting GlobalProtect..." | |
| launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist | |
| launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist | |
| echo "Done!" | |
| ;; | |
| stop) | |
| echo "Stopping GlobalProtect..." | |
| launchctl remove com.paloaltonetworks.gp.pangps | |
| launchctl remove com.paloaltonetworks.gp.pangpa | |
| echo "Done!" | |
| ;; | |
| *) | |
| echo "'$1' is not a valid verb." | |
| echo "Usage: $0 {start|stop}" | |
| exit 2 | |
| ;; | |
| esac | |
| ;; | |
| *) | |
| echo "Too many args provided ($#)." | |
| echo "Usage: $0 {start|stop}" | |
| exit 3 | |
| ;; | |
| esac |
@githubrobbi Thanks for the clearly written code, I adapted your script's connect_vpn function!
As my org requires manual user name and password entry plus a 2FA, I added rudimentary scripts to advance the GP login screens and entering those values via blind keystrokes. The 2FA key is generated by a separate python script that returns the TOTP value using the python lib pyotp by printing it within the python function, and again entering those value via blind keystrokes.
There are definitely better ways to not hardcode the user name, password, and TOTP secret key as well as advancing the screen based on the available buttons rather than blind keystrokes... but it got too late at night and this works for now. Would love it if someone can improve upon it!
MacOS Sonoma 14.7.1 (23H222) & GlobalProtect 6.2.1-132
.zshenv
function vpn() {
osascript <<EOF &>/dev/null
tell application "System Events"
tell process "GlobalProtect"
if not (exists window 1) then
click menu bar item 1 of menu bar 2 -- Activates the GlobalProtect "window" in the menubar
delay 2 -- Wait for 2 seconds
end if
set frontmost to true -- keep window 1 active
tell window 1
if exists (first button whose title is "Connect") then
tell (first button whose title is "Connect") to if exists then click
end if
delay 3
set textToType to "USERNAME"
keystroke textToType
keystroke " "
set textToType to "PASSWORD"
keystroke textToType
if exists (first button whose title is "Connect") then
tell (first button whose title is "Connect") to if exists then click
end if
end tell
delay 10
set totp to do shell script "python $HOME/TOTP.py"
keystroke totp
keystroke return
-- if exists (first button whose title is "Verify") then
-- tell (first button whose title is "Verify") to if exists then click
-- end if
end tell
end tell
EOF
}
TOTP.py
import pyotp
secret_key = "SECRET_KEY"
def getToken(secret_key):
totp = pyotp.TOTP(secret_key)
token = totp.now()
print(token) # This is what's returning the value in a shell script execution
# return token
getToken(secret_key)
Special thanks to @kaleksandrov for starting this gist!
@damosse31 Thanks, it works perfectly!
macOS Ventura 13.6.6 & GlobalProtect Version: 5.2.13-48