Jorisvandijk.com

Future full-stack developer

Openconnect VPN script

For school I have to connect to a VPN to be able to use services they offer on a server of theirs. Mainly an SQL hosting service, which I need for my education. Sure I can host a MySQL myself, but they require the use of MSSQL, so no. At any rate, I want to automate this connecting to said VPN without having to enter anything like a password. I don't use a systray, so I cannot use nm-applet, which lets me right-click it and select the VPN connection I want. No, I have to do this the hard way. :)

At any rate, this is a script that allows you to connect to an openconnect VPN:

#!/usr/bin/env bash

# FontysVpn 1.0
# Connect to Fontys VPN
# Dependencies: openconnect, i3-msg
#
# By Joris van Dijk | Jorisvandijk.com
# Licensed under the GNU General Public License v3.0

on="sudo openconnect URL --user=USERNAME --passwd-on-stdin"
off="sudo pkill openconnect"
file=$HOME/.config/fontyspassword

if [ -f "$file" ]; then

if [[ $1 == "c" ]] || [[ $1 == "connect" ]]; then
i3-msg move workspace 0 && notify-send "VPN connected" && \
echo "$(<$file )" | $on
elif [[ $1 == "d" ]] || [[ $1 == "disconnect" ]]; then
$off && notify-send "VPN disconnected"
elif [[ $1 == "s" ]] || [[ $1 == "status" ]]; then
pid=$(pidof openconnect)
if [[ $pid ]]; then
notify-send "VPN connected"
else
notify-send "VPN disconnected"
fi
else
notify-send "Wrong flag"
fi
else
touch $FILE
notify-send "Please add your VPN password to $file"
fi

Before running this script as is, you'll need to make sure it is set up correctly for you. The first and third line are important for this. On this line you'll need to replace "URL" with the url to the VPN server and "USERNAME" with the username you've gotten for the VPN:

on="sudo openconnect URL --user=USERNAME --passwd-on-stdin"

Next I have created a plain text file which will hold the password needed for the VPN. (I am aware it is very bad practice, but my system is password protected and truth be told, the school VPN password is totally unimportant to me). The file I use is placed in the .config folder and named fontyspassword. You can obviously change this is you want to. The file only contains one line, which is the password itself:

file=$HOME/.config/fontyspassword

The script itself has three possible flags to run it with. The "(c)onnect" flag to connect to the VPN, the "(d)isconnect" flag, to disconnect and the "(s)tatus" flag, to check if the VPN is up or down.

The first time you run the script, it will check if the password file exists and if it does not, it will create it for you. Open that file and enter your password and then save it. Rerun the script and it will connect to the openconnect VPN.

I use this script on i3 window manager, therefor it has this line:

i3-msg move workspace 0 && notify-send "VPN connected" && \

The purpose of the part before the && in this line is to leave the terminal in which openconnect is running alive, but push it to a workspace I do not use or have to see. Workspace 0 in this case. You can delete this part of the script (including the &&) if you're not on i3.

Let me know if you've been able to use or improve this script.