Automate connection to Cisco AnyConnect VPN on Mac OS using terminal and expect
Bash script to automate Cisco AnyConnect connection to VPN network
I was really tied every day reconnecting to my Corporate Network: open Cisco client, press button Connect then insert username and password, and after all of this accept policy. Sometimes connection was not established from the first try, and I need to do this again, next time I can accidentally insert wrong password. This again, again and again. Sometimes 5 times a day!
So my idea was to create some script that will do this work for me, to be honest I have always liked to automate my work. First of all I made a try to create Apple Script, that will interact with Cisco AnyConnect GUI client. I made it and it worked. But as I mentioned earlier anyconnect bot always connects from the first try. Though it was not need to enter credentials every time (this apple script I insert at the end of this post).
I continue investigations and some day found that I can connect from terminal. AnyConnect Service is located at /opt/cisco/anyconnect/bin/vpn and supports commands Connect, Disconnect, Status and some other. Now, I was only need to write short Bash command that will start service and interact with it (I use Expect program for this, man is here).
Bash script looks like this:
#!/usr/bin/expect -f
spawn /opt/cisco/anyconnect/bin/vpn connect vpn.server.com
expect {
"Username:*" {
sleep 1
send "vladimirm\r"
exp_continue
}
"Password:" {
sleep 1
send "somepassword\r"
exp_continue
}
"accept?" {
sleep 1
send "y\r"
exp_continue
}
}
Don't forget to give execution permision to it.
sudo chmod +x program.sh
Put it wherever you want, make terminal program that will be used by default to open .sh files and vou a la.
And one more – close Cisco AnyConnect GUI client or you will see error: Connect not available. Another AnyConnect application is running or this functionality was not requested by this application.
To test I use Cisco AnyConnect version 4.4.03
If you are interesting in Apple Script that interacts with Cisco AnyConnect GUI Client, here is it code.
tell application "Cisco AnyConnect Secure Mobility Client"
activate
tell me to log "My log entry."
end tell
tell application "System Events"
tell process "Cisco AnyConnect Secure Mobility Client"
keystroke return
tell me to log "Insert VPN adress and press return"
end tell
set secondsLeft to 5
repeat until window "Cisco AnyConnect | vpn.server.com" of process "Cisco AnyConnect Secure Mobility Client" exists
tell me to log "Does not open"
if secondsLeft is 0 then
error "Failed to bring up AnyConnect login"
end if
set secondsLeft to secondsLeft - 1
delay 1
end repeat
repeat while window "Cisco AnyConnect | vpn.server.com" of process "Cisco AnyConnect Secure Mobility Client" exists
tell me to log "Insert pass"
keystroke ("somepassword" as string)
delay 1
keystroke return
delay 1
end repeat
repeat while window "Cisco AnyConnect - Banner" of process "Cisco AnyConnect Secure Mobility Client" exists
delay 1
keystroke return
end repeat
end tell
Some information about security
I store the passwords in executable files and it is really bad practice, don't do that, as anyone who will get access to your computer can look into script code and discover all needed information to connect to your corporate server, where can be located significantly important information. Be carefull with this. Also you can make some changes to script and insert password manually. This all is yours choice.