com30n/VPNConnect.scpt

## VPNConnect.scpt
-- First of all: you have to connect to the vpn with Tunnelblick without,
-- paste your username, set a checkbox "Save in Keychain" for username,
-- paste your password and DO NOT set "Save in Keychain" for the password.
-- Then click "OK" button, connect to the vpn and since this moment you can use the script.

-- 1. To authorize via Touch ID you must apply this script: https://gist.github.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70
-- 2. Create a new password entry in Keychain Access called "tunnelblick-vpn-2f" with your MFA base32 token
-- 3. Add your a new connection name entry in Keychain Access called "tunnelblick-connection-name" with your name of the tunnelblick connection
-- 4. Install oath-toolkit. (brew install oath-toolkit)
-- 5. Open this script in Script Editor (both this and the above are in the Applications->Utilities folder) and "Save as.." an Application (.app) with desired name.
-- 6. Open Security & Privacy System Preferences, go to Privacy, Accessibility.
-- 7. Enable the above .app so it can access Accessibility
-- 8. Add the new .app to /Users/[yourshortname]/Applications with a shortcut to your Dock
-- 9. Enjoy the fast connection with no need to enter password and increased security of not having a sensitive password stored as plain text.

set targetApp to "Tunnelblick"

set SecondFactorKeyChainKey to "tunnelblick-vpn-2f"
set ConnectionName to "tunnelblick-connection-name"
set Connection to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of ConnectionName

tell application "System Events"
	set processExists to exists process targetApp
end tell

if processExists is true then
	tell application "Tunnelblick"
		get state of first configuration where name = Connection
		if result = "CONNECTED" then
			disconnect Connection
			return
		end if
	end tell
end if

tell application "Tunnelblick"
	connect Connection

	tell application "System Events"
		repeat until (window 1 of process "Tunnelblick" exists)
			delay 1
		end repeat

		tell process "Tunnelblick"
			set Token to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of SecondFactorKeyChainKey
			set PSWD to do shell script "sudo /opt/homebrew/bin/oathtool --totp -b -d 6 " & quoted form of Token
			keystroke PSWD as text
			keystroke return
		end tell

	end tell

	get state of first configuration where name = Connection
	repeat until result = "CONNECTED"
		delay 1
		get state of first configuration where name = Connection
	end repeat
	if result = "connected" then return
end tell
	-- First of all: you have to connect to the vpn with Tunnelblick without,
	-- paste your username, set a checkbox "Save in Keychain" for username,
	-- paste your password and DO NOT set "Save in Keychain" for the password.
	-- Then click "OK" button, connect to the vpn and since this moment you can use the script.

	-- 1. To authorize via Touch ID you must apply this script: https://gist.github.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70
	-- 2. Create a new password entry in Keychain Access called "tunnelblick-vpn-2f" with your MFA base32 token
	-- 3. Add your a new connection name entry in Keychain Access called "tunnelblick-connection-name" with your name of the tunnelblick connection
	-- 4. Install oath-toolkit. (brew install oath-toolkit)
	-- 5. Open this script in Script Editor (both this and the above are in the Applications->Utilities folder) and "Save as.." an Application (.app) with desired name.
	-- 6. Open Security & Privacy System Preferences, go to Privacy, Accessibility.
	-- 7. Enable the above .app so it can access Accessibility
	-- 8. Add the new .app to /Users/[yourshortname]/Applications with a shortcut to your Dock
	-- 9. Enjoy the fast connection with no need to enter password and increased security of not having a sensitive password stored as plain text.

	set targetApp to "Tunnelblick"

	set SecondFactorKeyChainKey to "tunnelblick-vpn-2f"
	set ConnectionName to "tunnelblick-connection-name"
	set Connection to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of ConnectionName

	tell application "System Events"
	set processExists to exists process targetApp
	end tell

	if processExists is true then
	tell application "Tunnelblick"
	get state of first configuration where name = Connection
	if result = "CONNECTED" then
	disconnect Connection
	return
	end if
	end tell
	end if

	tell application "Tunnelblick"
	connect Connection

	tell application "System Events"
	repeat until (window 1 of process "Tunnelblick" exists)
	delay 1
	end repeat

	tell process "Tunnelblick"
	set Token to do shell script "sudo /usr/bin/security find-generic-password -wl " & quoted form of SecondFactorKeyChainKey
	set PSWD to do shell script "sudo /opt/homebrew/bin/oathtool --totp -b -d 6 " & quoted form of Token
	keystroke PSWD as text
	keystroke return
	end tell

	end tell

	get state of first configuration where name = Connection
	repeat until result = "CONNECTED"
	delay 1
	get state of first configuration where name = Connection
	end repeat
	if result = "connected" then return
	end tell