Skip to content

Instantly share code, notes, and snippets.

@rtgibbons

rtgibbons/oc

Last active February 3, 2022 23:03
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save rtgibbons/ae083457d0962bd3fe3f to your computer and use it in GitHub Desktop.
Save rtgibbons/ae083457d0962bd3fe3f to your computer and use it in GitHub Desktop.
Download ZIP
Openconnect init script
Raw
oc
#! /bin/bash
### BEGIN INIT INFO
# Provides: openconnect
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Basic script to connect to a SSL VPN using Openconnect
### END INIT INFO
# Define PATH
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# VPN Variables
HOST="https://##VPNURL##"
USER="##USERNAME##"
#PASS="PASSWORD"
#CERT="/my/cert.pem"
#KEY="/my/key.pem"
# Set pidfile
PIDFILE="/var/run/openconnect.pid"
function start() {
# Check if process is running. Exit in this case.
[ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null && \
echo "Openconnect is already running." && exit 0
# Must be root
[ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1
# Connect
# For now if not on OSX ask for password on command prompt
if [[ $(uname) == "Darwin" ]]; then
VPN_PASS=$(osascript -e 'display dialog "RSA Password" default answer "" with title "OpenConnect VPN" with hidden answer' | awk -F'[:,]' '{print $4}')
else
stty -echo
printf "key and RSA password:"
read VPN_PASS
stty echo
printf "\n"
fi
openconnect -b --user=${USER} ${HOST} --pid-file=${PIDFILE} --syslog --passwd-on-stdin <<< ${VPN_PASS}
[ $? -ne 0 ] && echo "Openconnect failed to start!" && \
rm -f ${PIDFILE} && exit 1
}
function stop() {
if [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null; then
# Pid exists, kill process and remove pidfile
[ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1
kill $(< ${PIDFILE}) && rm -f ${PIDFILE}
else
echo "Openconnect is not running!"
fi
}
function status() {
if [ -f ${PIDFILE} ] && ps -p $(< ${PIDFILE}) &> /dev/null; then
echo "Openconnect is running."
runningtime=$(ps -p $(< ${PIDFILE}) -o etime=)
echo " IP: $(ifconfig | awk '/-->/{print $2}')"
echo " $(ifconfig | awk -F': ' '/^utun/{print $1}'): ${runningtime}"
else
[ -f ${PIDFILE} ] && rm -f ${PIDFILE}
echo "Openconnect is stopped."
exit 3
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
stop && start
;;
*)
echo "Usage: ${0##*/} (start|stop|status|restart)" && exit 0
;;
esac
@naderghanbari
Copy link

Thanks for this life saver!

I made some slight macOS-only changes (to store and retrieve the password from the Keychain).

#!/usr/bin/env zsh

# VPN Variables
VPN_HOST="somehere.com"
VPN_USER="someone@somewhere.com"

# Set PID_FILE
PID_FILE="/var/run/openconnect.pid"

function start() {
  # Check if process is running. Exit in this case.
  [ -f ${PID_FILE} ] && ps -p "$(<${PID_FILE})" &>/dev/null &&
    echo "Openconnect is already running." && exit 0

  # Must be root
  [ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1

  # Get the password from Keychain
  VPN_PASS=$(security find-generic-password -s "${VPN_HOST}" -a "${VPN_USER}" -w)
  [ $? -ne 0 ] &&
    echo "Please enter your VPN password. It will be saved in the Keychain." &&
    security add-generic-password -s "${VPN_HOST}" -a "${VPN_USER}" -w &&
    VPN_PASS=$(security find-generic-password -s "${VPN_HOST}" -a "${VPN_USER}" -w)

  # Connect
  openconnect --background \
    --user=${VPN_USER} \
    --pid-file=${PID_FILE} \
    --syslog \
    --passwd-on-stdin \
    ${VPN_HOST} <<<"${VPN_PASS}"

  # shellcheck disable=SC2181
  [ $? -ne 0 ] && echo "Openconnect failed to start!" && rm -f ${PID_FILE} && exit 1
}

function stop() {
  if [ -f ${PID_FILE} ] && ps -p "$(<${PID_FILE})" &>/dev/null; then
    # Pid exists, kill process and remove PID_FILE
    [ ${UID} -ne 0 ] && echo "You must be root to run this script." && exit 1
    kill "$(<${PID_FILE})" && rm -f ${PID_FILE}
  else
    echo "Openconnect is not running!"
  fi
}

function status() {
  if [ -f ${PID_FILE} ] && ps -p "$(<${PID_FILE})" &>/dev/null; then
    echo "Openconnect is running."
    UPTIME=$(ps -p "$(<${PID_FILE})" -o etime=)
    echo "  IP: $(ifconfig | awk '/-->/{print $2}')"
    echo "  $(ifconfig | awk -F': ' '/^utun/{print $1}'): ${UPTIME}"

  else
    [ -f ${PID_FILE} ] && rm -f ${PID_FILE}
    echo "Openconnect is stopped."
    exit 3
  fi
}

case "$1" in
start)
  start
  ;;
stop)
  stop
  ;;
status)
  status
  ;;
restart)
  stop && start
  ;;
*)
  echo "Usage: ${0##*/} (start|stop|status|restart)" && exit 0
  ;;
esac

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment