Skip to content

Instantly share code, notes, and snippets.

@p120ph37

p120ph37/vpn.expect

Last active Jan 28, 2020
Embed
What would you like to do?
Expect script to connect to an AnyConnect VPN server on OSX using only oathtool and openconnect (not the Cisco AnyConnect client)
!/usr/bin/expect -f
set timeout 30
log_user 0
puts stderr "Generating OTP"
spawn oathtool --totp YOUR_SECRET_KEY_HERE
expect -re \\d+
set otp $expect_out(0,string)
puts stderr "Connecting to VPN server $server"
spawn env SPLIT_DNS=YOUR_SPLIT_DNS_DOMAINS_HERE openconnect --script ./vpnc-script https://YOUR_SERVER_HERE --cafile=cacert.pem
expect "GROUP:"
send "YOUR_GROUP_HERE\n"
expect "Username:"
send "YOUR_USERNAME_HERE\n"
expect "Password:"
send "YOUR_PASSWORD_HERE\n"
expect "Password:"
send "$otp\n"
interact
@p120ph37

This comment has been minimized.

Copy link
Owner Author

@p120ph37 p120ph37 commented Apr 17, 2014

Depending on what exactly your VPN server prompts for, this will probably need to be modified. You should try out the openconnect command directly to see what prompts you need to script. Some servers may not have the "GROUP:" prompt. Some servers may not have the double (two-factor) password prompt. Some servers may actually prompt for an additional dummy username before the second password (in which case, sending "\n" will suffice).

@p120ph37

This comment has been minimized.

Copy link
Owner Author

@p120ph37 p120ph37 commented Apr 17, 2014

And of course, be sure to replace the YOUR_*_HERE markers with appropriate values for your server!

@p120ph37

This comment has been minimized.

Copy link
Owner Author

@p120ph37 p120ph37 commented Apr 17, 2014

Remember to use "sudo"!!! (root permission needed for openconnect to work.)

@dkordik

This comment has been minimized.

Copy link

@dkordik dkordik commented Jun 7, 2018

thanks! this script was super handy!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.