This repository contains a C# console application that uses the OpenConnect library to establish a vpn connection to a specified url. Credentials are provided using standard operating system apis, with the option to persist the credentials.
- 2FA with Duo MFA/Mobile (
--secondary-password push
) - 2FA with SMS
Windows 10 | macOS 10.15 | |
---|---|---|
Persist credentials | Yes | (WIP) |
Login with webview | Yes | (WIP) |
- Windows 10 64bit
- macOS 10.15 Catalina 64bit Intel
TAP-Windows as originally packaged with OpenConnect, but has since been split into a separate package that needs to be installed separately.
- Download the latest version of TAP-Windows from https://build.openvpn.net/downloads/releases/ The tap-windows binaries are at the bottom of the page.
- Right-click the downloaded file, and click Properties. If the notice "This file came from another computer and might be blocked to help protect your computer" is visible, check the checkbox "Unlock". Click OK to save any changes and close the properties window.
- Run the downloaded file
- When asked, install TAP Utilities
- Download openconnect-installer-MinGW64-GnuTLS-9.12.git.36.07a4dd2-0.fc40.exe from this repository.
- Right-click the downloaded installer, and click Properties. If the notice "This file came from another computer and might be blocked to help protect your computer" is visible, check the checkbox "Unlock". Click OK to save any changes and close the properties window.
- Run the installer.
- Download the installer from the internet
- Go to https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/package/mingw-openconnect/ which hosts the builds for openconnect
- Pick the newest successful build
- Under Results, pick the chroot name
fedora-rawhide-x86_64
- Download the
mingw64-openconnect-installer-...
rpm package. - Extract the rpm using something that supports zstd. (7-Zip 23.01, dated 2023-06-20, does not.)
- Right-click the downloaded installer, and click Properties. If the notice "This file came from another computer and might be blocked to help protect your computer" is visible, check the checkbox "Unlock". Click OK to save any changes and close the properties window.
- Run the installer.
- Go to the latest release at https://github.com/sisve/openconnect-wrapper/releases/latest
- If you need webview support, or if you are unsure, download
connect-to-url.win-x64.webview.exe
- If you do not need webview support, download
connect-to-url.win-x64.exe
- Right-click the downloaded file, and click Properties. If the notice "This file came from another computer and might be blocked to help protect your computer" is visible, check the checkbox "Unlock". Click OK to save any changes and close the properties window.
- If you need webview support, or if you are unsure, download
- Create a shortcut on your desktop to
\path\to\connect-to-url.win-x64.webview.exe https://vpn.domain.com/group
- Configure the shortcut to run as administrator.
To connect to several vpns, read more about multiple connections below, and repeat step 6 and 7 above to create a shortcut for every vpn.
This application can persist your vpn credentials between logins. Just check the checkbox to save the credentials, and Windows will handle it internally. The credentials are stored in Windows Credential Manager. To remove any persisted credentials, remove them from Windows Credential Manager.
This assumes that you have homebrew installed. Installation instructions for Homebrew can be found at https://brew.sh/
- Install OpenConnect (if you're using homebrew;
homebrew install openconnect
) - Go to the latest release at https://github.com/sisve/openconnect-wrapper/releases/latest
- Download
connect-to-url.osx-x64
- Download
- Using Script Editor, create a new script
do shell script "\"/path/to/connect-to-url.osx-x64\" https://vpn-domain.com/group" quit
- Save the script on the desktop
--secondary-password push
will enter "push" as a secondary password. This is meant to automate the connection process when using Duo MFA.--log-level (error|warning|info|debug|trace)
configures the logging level. This is intended for debugging purposes.
This applications supports multiple concurrent vpn connections, with some requirements.
- Only one vpn can have a default gateway (sends all traffic over the vpn).
- All vpn networks should have unique addresses. We cannot handle cases where an ip address is available in two different places.
- You need to add more virtual ethernet adapters, one for every vpn.
If the option exists, prefer connect to vpns that are running as "split tunneling". This means that they declare some routes that should go over the vpn connection, and let the rest of the traffic stay on your local network.
Every vpn connection uses a "TAP virtual ethernet adapter". TAP-Windows created one during installation, but you need to create more if you want to connect to several vpns concurrently. To add another ethernet adapter, find the "Add a new TAP virtual ethernet adapter" on your start menu, and execute it with administrator privileges.
The start menu entry, and the bat file mention below, is part of the TAP Utilities that was installed during the TAP-Windows installation.
- You can right-click the start menu entry, wait for the folder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities
to open, then rightclick the shortcut and click Run as administrator. You're done. - If the start menu entry is missing, open a command prompt as Administrator and execute
"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901
To later remove all virtual ethernet adapters, use the above steps for the start menu entry "Delete ALL TAP virtual ethernet adapters", or execute "C:\Program Files\TAP-Windows\bin\tapinstall.exe" remove tap0901
in a command prompt running with administrator privileges.
- Install OpenConnect according to the Getting Started guide
- Install .NET 8 SDK from https://dotnet.microsoft.com/en-us/download/dotnet/8.0
- Checkout
- Compile
- Install OpenConnect according to the Getting Started guide
- Install .NET 8 SDK from https://dotnet.microsoft.com/en-us/download/dotnet/8.0
- Checkout
- Compile
This project dynamically loads and invokes OpenConnect (LGPLv2.1) using standard [DllImport(...)]
declarations.
This project also contains modified vpnc-scripts, taken from openconnect/vpnc-scripts (GPL v2.0 or later). These are embedded into the compiled executable, extracted at runtime and invoked. This classifies as redistribution, and as such the project is also licensed as GPL v2.0 or later.