Last active
December 19, 2021 23:08
-
-
Save p120ph37/10999441 to your computer and use it in GitHub Desktop.
Expect script to connect to an AnyConnect VPN server on OSX using only oathtool and openconnect (not the Cisco AnyConnect client)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !/usr/bin/expect -f | |
| set timeout 30 | |
| log_user 0 | |
| puts stderr "Generating OTP" | |
| spawn oathtool --totp YOUR_SECRET_KEY_HERE | |
| expect -re \\d+ | |
| set otp $expect_out(0,string) | |
| puts stderr "Connecting to VPN server $server" | |
| spawn env SPLIT_DNS=YOUR_SPLIT_DNS_DOMAINS_HERE openconnect --script ./vpnc-script https://YOUR_SERVER_HERE --cafile=cacert.pem | |
| expect "GROUP:" | |
| send "YOUR_GROUP_HERE\n" | |
| expect "Username:" | |
| send "YOUR_USERNAME_HERE\n" | |
| expect "Password:" | |
| send "YOUR_PASSWORD_HERE\n" | |
| expect "Password:" | |
| send "$otp\n" | |
| interact |
And of course, be sure to replace the YOUR_*_HERE markers with appropriate values for your server!
Remember to use "sudo"!!! (root permission needed for openconnect to work.)
thanks! this script was super handy!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Depending on what exactly your VPN server prompts for, this will probably need to be modified. You should try out the openconnect command directly to see what prompts you need to script. Some servers may not have the "GROUP:" prompt. Some servers may not have the double (two-factor) password prompt. Some servers may actually prompt for an additional dummy username before the second password (in which case, sending "\n" will suffice).