Connect to a VPN using an authentication info without configuration file (ex. trusted-cert)

vpn.sh

#!/bin/bash
# shellcheck disable=SC2006

set -e pipefail
shopt -s expand_aliases
alias openssl='/usr/bin/openssl' # Disable Anaconda's version of OpenSSL which is older one

VPN_HOST="your-vpn.fortiddns.com:8443"

# Clear unsername and password
unset username
unset password

# Read user inputs
echo "Connecting to $VPN_HOST.."
echo -n "vpn id: "
read -r username

prompt="vpn pw:"
while IFS= read -p "$prompt" -r -s -n 1 c; do
  if [[ $c == $'\0' ]]; then
    echo
    break;
  fi
  prompt='*'
  password+="$c"
done

# Execute openfortivpn from the given inputs
sudo openfortivpn "$VPN_HOST" \
	--username="$username" \
	--password="$password" \
	--trusted-cert="`echo | openssl s_client -connect "${VPN_HOST}" -servername "${VPN_HOST%:*}" 2>&1 | openssl x509 -noout -fingerprint | cut -f2 -d'=' | sed 's/://g' | awk '{print tolower($0)}'`"

$ ./vpn.sh
Connecting to your-vpn.fortiddns.com:8443..
vpn id: aaron
vpn pw:*****************
WARN:   You should not pass the password on the command line. Type it interactively or use a configuration file instead.
INFO:   Connected to gateway.
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Tue Jan 24 15:25:34 2023 : publish_entry SCDSet() failed: Success!
Tue Jan 24 15:25:34 2023 : publish_entry SCDSet() failed: Success!
Tue Jan 24 15:25:34 2023 : Using interface ppp0
Tue Jan 24 15:25:34 2023 : Connect: ppp0 <--> /dev/ttys030
INFO:   Got addresses: [x.x.x.x], ns [1.1.1.1, 8.8.8.8]
INFO:   Negotiation complete.
INFO:   Negotiation complete.
...