Created
June 29, 2018 10:55
-
-
Save cvcore/12535c94e060ce7c40e87ef580c9892c to your computer and use it in GitHub Desktop.
Automatic openconnect VPN connection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # needs to run as root | |
| # THIS SAMPLE CODE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL PAGERDUTY OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) SUSTAINED BY YOU OR A THIRD PARTY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ARISING IN ANY WAY OUT OF THE USE OF THIS SAMPLE CODE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| # Configurations | |
| VPN_USER= | |
| VPN_PWD= | |
| VPN_SERVER= | |
| HOSTNAME= | |
| UPDATE_INTERVAL=3 | |
| PID_FILE= | |
| DNS_USER= | |
| DNS_PWD= | |
| function get_vpn_ip() | |
| { | |
| pgrep openconnect >/dev/null && ip -4 addr | grep tun0 -A 4 | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | |
| } | |
| function try_vpn_connection() | |
| { | |
| get_vpn_ip >/dev/null && echo 'already connected' && return 1 | |
| echo "$VPN_PWD" | openconnect -u "$VPN_USER" "$VPN_SERVER" --passwd-on-stdin >/dev/null 2>&1 & | |
| for run in {1..10} | |
| do | |
| get_vpn_ip >/dev/null && echo 'connection successful' && return 1 | |
| sleep 1 | |
| done | |
| echo 'could not connect to VPN server' | |
| return 0 | |
| } | |
| function stop_vpn_connection() | |
| { | |
| pkill -SIGINT openconnect | |
| sleep 1 | |
| ! pgrep openconnect && echo "VPN disconnected" && return 0 | |
| echo "Could not disconnect VPN" && return 1 | |
| } | |
| function update_ip_address() | |
| { | |
| ip_addr=$1 | |
| if [[ $ip_addr ]]; then | |
| echo "Updating DNS record $HOSTNAME to $ip_addr" | |
| result=$(curl -s -u $DNS_USER:$DNS_PWD "https://now-dns.com/update?hostname=$HOSTNAME&myip=$ip_addr") | |
| echo $result | |
| else | |
| echo "VPN not connected, cancelling update" | |
| fi | |
| } | |
| function vpn_daemon() | |
| { | |
| try_vpn_connection | |
| old_ip=$(get_vpn_ip) | |
| update_ip_address $old_ip | |
| while [ -e $PID_FILE ]; do | |
| curr_ip=$(get_vpn_ip) | |
| if [[ $curr_ip && $curr_ip != $old_ip ]]; then | |
| echo "VPN address changed to: $curr_ip, updating..." | |
| old_ip=$curr_ip | |
| update_ip_address $curr_ip | |
| elif [[ ! $curr_ip ]]; then | |
| echo "VPN disconnected. Reconnecting..." | |
| try_vpn_connection | |
| fi | |
| sleep $UPDATE_INTERVAL | |
| done | |
| echo "Received signal, daemon exiting.." | |
| } | |
| if [[ $USER != "root" ]]; then | |
| echo "Please run as root, $USER" | |
| fi | |
| # Parsing arguments: | |
| case $1 in | |
| update) | |
| try_vpn_connection | |
| update_ip_address $(get_vpn_ip) | |
| ;; | |
| stop) | |
| stop_vpn_connection | |
| ;; | |
| restart) | |
| stop_vpn_connection | |
| try_vpn_connection | |
| update_ip_address $(get_vpn_ip) | |
| ;; | |
| daemon) | |
| vpn_daemon & | |
| echo $! > $PID_FILE | |
| ;; | |
| daemon-kill) | |
| rm -rf $PID_FILE | |
| stop_vpn_connection | |
| ;; | |
| *) | |
| printf "Missing argument\n\nAvailable commands: $0 [update|stop|restart|daemon|daemon-kill]\n" | |
| printf "\nupdate: connect to VPN and update DNS record" | |
| printf "\nstop: stop background openconnect process" | |
| printf "\nrestart: dis- and reconnect to VPN server" | |
| printf "\ndaemon[-kill]: start / stop background VPN process (for systemctl)\n" | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment