diff --git a/run-vpn.sh b/run-vpn.sh
index eca7a9b..c2a48ae 100755
--- a/run-vpn.sh
+++ b/run-vpn.sh
@@ -8,6 +8,19 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
   PASSWORD=$(security find-generic-password -l "Openconnect Account Password" -w)
 fi
 
+if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+
+  mkdir -p /run/oc-secret
+  mount -t tmpfs -o size=1M,mode=700 tmpfs /run/oc-secret
+
+  SERVER=$(secret-tool lookup server openconnect | tr -d '\n')
+  USERNAME=$(secret-tool lookup username openconnect | tr -d '\n')
+  SEED=1
+  secret-tool lookup seed openconnect > /run/oc-secret/seed
+  PASSWORD=1
+  secret-tool lookup password openconnect | tr -d '\n' > /run/oc-secret/password
+fi
+
 # Allow reading from environment
 if [[ -z "$OC_SERVER" ]]; then :; else
   SERVER="$OC_SERVER"
@@ -30,14 +43,15 @@ ROUTE_FILE=routes.txt
 trap ctrl_c INT
 
 function ctrl_c() {
-  killall openconnect
+  killall -2 openconnect
   echo "Bye!"
   exit
 }
 
 SCRIPT_INCLUDE=""
+LOGIN=""
 
-while true; do
+#while true; do
   echo "Connecting to VPN"
 
   if test -f "$ROUTE_FILE"; then
@@ -47,33 +61,44 @@ while true; do
   # If yubikey is not used, use the TOTP seed
   if [[ -z "$OC_YUBIKEY" ]]; then
 
-    if [[ -z "$SEED" ]]; then :; else
-      TOTP=$(oathtool --totp=sha1 -b "$SEED")
-      PASSWORD="$PASSWORD\n$TOTP"
+    if [[ -z "$SEED" ]]; then :; else    
+      if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+        TOTP=$(oathtool --totp=sha1 -b - < /run/oc-secret/seed)
+        cat /run/oc-secret/password > /run/oc-secret/login && echo -e "\n$TOTP" >> /run/oc-secret/login
+        rm /run/oc-secret/password
+        rm /run/oc-secret/seed
+        LOGIN='find /run/oc-secret/login -exec cat {} \; -exec rm {} \;'
+      else
+        TOTP=$(oathtool --totp=sha1 -b "$SEED")
+        LOGIN='echo -e "$PASSWORD\n$TOTP'
+      fi
     fi
   else
     YUBIKEY_TOTP="--token-mode=yubioath --token-secret=$OC_YUBIKEY"
   fi
 
   if [ -z "$SEED" ] && [ -z "$OC_YUBIKEY" ]; then
-      sudo openconnect \
+      openconnect \
+      --pid-file=PIDFILE \
       --csd-wrapper hostscan-bypass.sh \
       --os=mac-intel \
+      --no-external-auth \
       $SCRIPT_INCLUDE \
       -u $USERNAME \
       $SERVER
-
   else
-    echo -e "$PASSWORD" | sudo openconnect \
+    eval $LOGIN | openconnect \
+      --pid-file=PIDFILE \
       --csd-wrapper hostscan-bypass.sh \
       --os=mac-intel \
+      --no-external-auth \
       $YUBIKEY_TOTP \
       $SCRIPT_INCLUDE \
       -u $USERNAME \
       $SERVER
   fi
 
-  echo "Openconnect closed. Waiting 3 seconds."
-  sleep 3
+#  echo "Openconnect closed. Waiting 3 seconds."
+#  sleep 3
 
-done
+#done