raevilman/oc_helper.sh

## oc_helper.sh
#! /bin/bash

# Copied from https://gist.github.com/rtgibbons/ae083457d0962bd3fe3f

### BEGIN INIT INFO
# Provides:          openconnect
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Basic script to connect to a SSL VPN using Openconnect
### END INIT INFO

# Define PATH
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# VPN Variables
HOST="https://##VPNURL##"
USER="##USERNAME##"
#PASS="PASSWORD"
#CERT="/my/cert.pem"
#KEY="/my/key.pem"

# Set pidfile
PIDFILE="/var/run/openconnect.pid"

function start() {
    # Check if process is running. Exit in this case.
    [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null && \
    echo "Openconnect is already running." && exit 0

    # Must be root
    [ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1

    # Connect
    # For now if not on OSX ask for password on command prompt
    if [[ $(uname) == "Darwin" ]]; then
        VPN_PASS=$(osascript -e 'display dialog "RSA Password" default answer "" with title "OpenConnect VPN" with hidden answer' | awk -F'[:,]' '{print $4}')
    else
        stty -echo
        printf "Enter password to connect to VPN"
        read VPN_PASS
        stty echo
        printf "\n"
    fi

    openconnect --protocol=gp -b --user=${USER} ${HOST} --pid-file=${PIDFILE} --syslog --passwd-on-stdin  <<< ${VPN_PASS}
    [ $? -ne 0 ] && echo "Openconnect failed to start!" && \
    rm -f ${PIDFILE} && exit 1
}

function stop() {
    if [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null; then
        # Pid exists, kill process and remove pidfile
        [ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1
        kill $(< ${PIDFILE}) && rm -f ${PIDFILE}
    else
        echo "Openconnect is not running!"
    fi
}

function status() {
    if [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null; then
        echo "Openconnect is running."
        runningtime=$(ps -p $(< ${PIDFILE}) -o etime=)
        echo "  IP: $(ifconfig | awk '/-->/{print $2}')"
        echo "  $(ifconfig | awk -F': ' '/^utun/{print $1}'): ${runningtime}"

    else
        [ -f ${PIDFILE} ] && rm -f ${PIDFILE}
        echo "Openconnect is stopped."
        exit 3
    fi
}

case "$1" in
    start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
stop && start
;;
*)
echo "Usage: ${0##*/} (start|stop|status|restart)" && exit 0
;;
esac

## setup.md

      
    Raw
  

              setup.md
            
          
    GlobalProtect on Ubuntu

Major links followed

Download

https://www.infradead.org/openconnect/download.html
Building OpenConnect

https://www.infradead.org/openconnect/building.html
Install vpnc-script

https://www.infradead.org/openconnect/vpnc-script.html

Steps to follow


Download the latest OpenConnect tar file from below ftp location and extract it

ftp://ftp.infradead.org/pub/openconnect/


Run ./configure command from within the extracted directory


Got below error
checking for functional NLS support... yes
checking for GNUTLS... no
checking for OPENSSL... no
checking for OpenSSL without pkg-config... no
configure: error: Could not build against OpenSSL

Reason: The OpenSSL library is usually already installed, but you have to install the header files.
So had to install same using below command
sudo apt-get install libssl-dev

Run ./configure again
Got below error
checking for LIBXML2... no
configure: error: in `/home/raman/Downloads/openconnect-8.02':
configure: error: The pkg-config script could not be found or is too old.  Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.

Alternatively, you may set the environment variables LIBXML2_CFLAGS
and LIBXML2_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

To get pkg-config, see <http://pkg-config.freedesktop.org/>.
See `config.log' for more details

Same as last error, I had to install libxml2-dev
sudo apt-get install libxml2-dev

Run ./configure again

This time command completes.

Next
sudo make
sudo make install //to install the library

On trying to connect to VPN using below command
sudo openconnect --protocol=gp vpn.company.com

Got below error
openconnect: /usr/lib/x86_64-linux-gnu/libopenconnect.so.5: version `OPENCONNECT_5_5' not found (required by openconnect)

Issue can be from one of the below links

dlenski/openconnect#130

dlenski/openconnect#56
Above issue solved using below
If the command ldd /usr/local/sbin/openconnect

shows libopenconnect.so.5 => not found in the output

then use command sudo ldconfig

else use sudo apt autoremove

to solve the issue
Try connecting again

This time, got push notification on mobile for approval
But below error
/usr/share/vpnc-scripts/vpnc-script: not found

Followed below link to solve the vpnc-script issue

https://www.infradead.org/openconnect/vpnc-script.html
Next error
Set up UDP failed; using SSL instead
Connected as 10.5.201.132, using SSL, with ESP disabled
/bin/sh: 1: /usr/share/vpnc-scripts/vpnc-script: Permission denied
Script '/usr/share/vpnc-scripts/vpnc-script' returned error 126

Seems the script has to be executable

So make it executable using below command
sudo chmod +x /usr/share/vpnc-scripts/vpnc-script 

Now try connecting again

and

Finally connected to VPN!

HIH!

raevilman
	#! /bin/bash

	# Copied from https://gist.github.com/rtgibbons/ae083457d0962bd3fe3f

	### BEGIN INIT INFO
	# Provides: openconnect
	# Required-Start: $local_fs $remote_fs $network
	# Required-Stop: $local_fs $remote_fs $network
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: Basic script to connect to a SSL VPN using Openconnect
	### END INIT INFO

	# Define PATH
	PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

	# VPN Variables
	HOST="https://##VPNURL##"
	USER="##USERNAME##"
	#PASS="PASSWORD"
	#CERT="/my/cert.pem"
	#KEY="/my/key.pem"

	# Set pidfile
	PIDFILE="/var/run/openconnect.pid"

	function start() {
	# Check if process is running. Exit in this case.
	[ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null && \
	echo "Openconnect is already running." && exit 0

	# Must be root
	[ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1

	# Connect
	# For now if not on OSX ask for password on command prompt
	if [[ $(uname) == "Darwin" ]]; then
	VPN_PASS=$(osascript -e 'display dialog "RSA Password" default answer "" with title "OpenConnect VPN" with hidden answer' \| awk -F'[:,]' '{print $4}')
	else
	stty -echo
	printf "Enter password to connect to VPN"
	read VPN_PASS
	stty echo
	printf "\n"
	fi

	openconnect --protocol=gp -b --user=${USER} ${HOST} --pid-file=${PIDFILE} --syslog --passwd-on-stdin <<< ${VPN_PASS}
	[ $? -ne 0 ] && echo "Openconnect failed to start!" && \
	rm -f ${PIDFILE} && exit 1
	}

	function stop() {
	if [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null; then
	# Pid exists, kill process and remove pidfile
	[ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1
	kill $(< ${PIDFILE}) && rm -f ${PIDFILE}
	else
	echo "Openconnect is not running!"
	fi
	}

	function status() {
	if [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null; then
	echo "Openconnect is running."
	runningtime=$(ps -p $(< ${PIDFILE}) -o etime=)
	echo " IP: $(ifconfig \| awk '/-->/{print $2}')"
	echo " $(ifconfig \| awk -F': ' '/^utun/{print $1}'): ${runningtime}"

	else
	[ -f ${PIDFILE} ] && rm -f ${PIDFILE}
	echo "Openconnect is stopped."
	exit 3
	fi
	}

	case "$1" in
	start)
	start
	;;
	stop)
	stop
	;;
	status)
	status
	;;
	restart)
	stop && start
	;;
	*)
	echo "Usage: ${0##*/} (start\|stop\|status\|restart)" && exit 0
	;;
	esac