IPSec VPN Apple Script with keychain access and Google Auth integration

myvpn_connect.scpt

-- Author: Shannon Warren
-- [email protected]
-- github: scoutman57

-- Two Keychain entries will need to be create with your sensitive information

-- These two variables come from the settings inside keychain access, they need to match
set keychain_mgmt_vpn_name to "'My Company VPN'"
set keychain_mgmt_vpn_user to "user.name"

-- These two variables come from the settings inside keychain access, they need to match
-- this for the google auth secret
set keychain_where_google_auth_secret to "'Google Auth Secret'"
set keychain_account_google_auth_secret to "user.name"

tell application "System Events"
	set rc to do shell script "scutil --nc status " & keychain_mgmt_vpn_name
	if rc starts with "Connected" then
		do shell script "scutil --nc stop " & keychain_mgmt_vpn_name
	else
		set PWScript to "security find-generic-password -s " & keychain_mgmt_vpn_name & " -w -a " & keychain_mgmt_vpn_user
		set passwd to do shell script PWScript
		set the clipboard to passwd
		-- Get Google Auth Key from keychain
		set GoogleAuthKeyScript to "security find-generic-password -s " & keychain_where_google_auth_secret & " -w -a " & keychain_account_google_auth_secret
		set googlekey to do shell script GoogleAuthKeyScript
		-- installed through "brew install oath-toolkit"
		set OTPScript to "/usr/local/bin/oathtool --totp --base32 " & googlekey
		set otp to do shell script OTPScript
		do shell script "scutil --nc start " & keychain_mgmt_vpn_name & " --user " & keychain_mgmt_vpn_user
		repeat until exists (text field 1 of window 1 of application process "UserNotificationCenter")
		end repeat
		-- Since macOS 10.12 we can not longer use the "keystroke passwd" and have to paste the password into clipboard first and then past from clipboard into the password field
		keystroke "v" using {command down}
		keystroke otp
		keystroke return
	end if
	
end tell