-
Notifications
You must be signed in to change notification settings - Fork 0
/
nmcli_openconnect_up.sh
executable file
·45 lines (33 loc) · 1.33 KB
/
nmcli_openconnect_up.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/sh
USAGE="Usage:
$(basename "$0") 'VPN_HOST' 'VPN_USER' 'VPN_PASSWORD' [NM_VPN_NAME]
NM_VPN_NAME - Network Manager connection name. By default is VPN_HOST
When VPN_PASSWORD is 'kwallet', password will be received from the kde wallet
"
# Required arguments
VPN_HOST=$1
VPN_USER=$2
VPN_PASSWD=$3
if [ -z "$VPN_HOST" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWD" ]; then
echo "$USAGE"
exit 1
fi
NM_VPN_NAME=${4:-$VPN_HOST}
KWALLET_WALLET='kdewallet'
KWALLET_FOLDER='Network Management'
KWALLET_ENTRY=`nmcli connection | grep $NM_VPN_NAME | awk '{ print "{"$2"};vpn" }'`
if [ "$VPN_PASSWD" = "kwallet" ]; then
VPN_PASSWD=`kwallet-query $KWALLET_WALLET --folder "$KWALLET_FOLDER" --read-password "$KWALLET_ENTRY" \
| grep --only-matching --perl-regexp '(?<="VpnSecrets": "form:main:password%SEP%).+?(?="$)'`
fi
[ -z "$VPN_PASSWD" ] && echo "Error! Empty password" && exit 2
# On success should set two variables:
# $COOKIE
# $FINGERPRINT
eval `echo $VPN_PASSWD | openconnect --quiet --csd-wrapper ~/bin/csd_wrapper --user $VPN_USER --authgroup foo $VPN_HOST --authenticate --passwd-on-stdin`
[ -z "$FINGERPRINT" ] && echo "Error! Can not authenticate" && exit 3
nmcli con up $NM_VPN_NAME passwd-file /proc/self/fd/5 5<<EOF
vpn.secrets.gateway:$VPN_HOST
vpn.secrets.cookie:$COOKIE
vpn.secrets.gwcert:$FINGERPRINT
EOF