Jānis Jansons
34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
# Always on Openconnect VPN
|
|
|
|
This script uses Openconnect to automatically connect to Cisco Anyconnect VPN server.
|
|
|
|
Server address, username, password and 2fa seed is stored in macOS keychain. Feel free to remove them and ask for user input instead.
|
|
|
|
Additionaly routing for only specific subnets can be added in `routes.txt`
|
|
|
|
## Setup
|
|
|
|
```
|
|
git clone this repo
|
|
brew install openconnect
|
|
brew install vpn-slice
|
|
brew install oath-toolkit
|
|
```
|
|
|
|
Add server address, username, password and 2fa seed in keychain with these names:
|
|
* `Openconnect VPN Server`
|
|
* `Openconnect Username`
|
|
* `Openconnect Account Password`
|
|
* `Openconnect TOTP Seed`
|
|
|
|
_For ease of use you can allow automatic keychain access to some of the attributs, but_ **do not allow automatic access to password and especially the 2fa seed**. _It will keep it in memory as long as the script is running._
|
|
|
|
Rename routes.txt.sample to routes.txt or create an empty routes.txt and add subnets to be routed through VPN there.
|
|
|
|
## Usage
|
|
|
|
```
|
|
sudo -E ./run-vpn.sh
|
|
```
|
|
|
|
In case of disconnect, it will try reconnecting after 3 seconds. You can stop it by pressing `CTRL+C` or killing the script. |