janhouse/always-on-openconnect-vpn
1
0
Fork 0
Code Issues Pull Requests Activity

Pass TOTP code on STDIN to hide seed from process list.

Browse Source
This commit is contained in:
Jānis Jansons
2020-12-18 01:59:40 +02:00
parent 2d63b19af7
commit 846e697add
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1
View File
@@ -12,6 +12,7 @@ Additionaly routing for only specific subnets can be added in `routes.txt`
git clone this repo git clone this repo
brew install openconnect brew install openconnect
brew install vpn-slice brew install vpn-slice
brew install oath-toolkit
``` ```
Add server address, username, password and 2fa seed in keychain with these names: Add server address, username, password and 2fa seed in keychain with these names:
run-vpn.sh
+3 -3
View File
@@ -44,13 +44,13 @@ while true; do
SCRIPT_INCLUDE="--script=\"$SCRIPTPATH/routing.sh\"" SCRIPT_INCLUDE="--script=\"$SCRIPTPATH/routing.sh\""
fi fi
echo $PASSWORD | sudo openconnect \ TOTP=$(oathtool --totp=sha1 -b "$SEED")
echo -e "$PASSWORD\n$TOTP" | sudo openconnect \
--csd-wrapper hostscan-bypass.sh \ --csd-wrapper hostscan-bypass.sh \
--passwd-on-stdin \ --passwd-on-stdin \
--os=mac-intel \ --os=mac-intel \
$SCRIPT_INCLUDE \ $SCRIPT_INCLUDE \
--token-mode=totp \
--token-secret=sha1:base32:$SEED \
-u $USERNAME \ -u $USERNAME \
$SERVER $SERVER