Skip to content

Instantly share code, notes, and snippets.

@ashgillman
Created February 16, 2017 12:04
Show Gist options
  • Save ashgillman/6c833e4962a4c86860b46017fca76702 to your computer and use it in GitHub Desktop.
Save ashgillman/6c833e4962a4c86860b46017fca76702 to your computer and use it in GitHub Desktop.
openconnect launchd
#!/bin/bash
# /etc/openconnect_wrapper
# swap out SIGTERM for openconnect-friendly SIGINT
_term() {
kill -INT "$child" 2>/dev/null
}
trap _term SIGTERM
cat | /usr/local/bin/openconnect "$@" &
child=$!
wait "$child"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key> <true/>
<key>Label</key> <string>vpn.openconnect</string>
<key>StandardInPath</key> <string>/etc/vpn_secret</string>
<key>RunAtLoad</key> <true/>
<key>ProgramArguments</key>
<array>
<string>/etc/openconnect_wrapper</string>
<string>--authgroup=__AUTHGROUP__</string>
<string>--user=__USER__</string>
<string>__VPN_URL__</string>
</array>
</dict>
</plist>
@ashgillman
Copy link
Author

How to manage openconnect with launchd on OSX. Once set up, you can start and stop the service with sudo launchctl start vpn.openconnect and sudo launchctl stop vpn.openconnect.

openconnect_wrapper and vpn_secret live in /etc/. openconnect_wrapper should be executable, and vpn_secret should be owned by root and have no group or other access (especially read). vpn.openconnect.plist lives in /Library/LaunchDaemons/.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment