Skip to content
/ openconnect-macos Public

Letting Cisco AnyConnect give back our choice in how to configure our systems

License

View license
17 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vjt/openconnect-macos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
net.linux.sh
net.linux.sh
 
 
net.macos.sh
net.macos.sh
 
 
run.sh
run.sh
 
 
vpn.conf
vpn.conf
 
 

Repository files navigation

Cisco VPN for nerds on MacOS and Linux

This is a package containing an OpenConnect configuration script for MacOS that allows you to fully control how the VPN connection is made, which routes are added, and how the DNS are configured.

If you are tired of having all your private traffic go through the corporate VPN, but you need it always up, this script is for you. It is MacOS and brew centric, but if you know your way you can of course make it work with your installation from source.

Enjoy!

Setup

  • Create a working directory, say, ~/code/openconnect and enter into it

     mkdir ~/code/openconnect
 cd $_

  • Clone the sources

     git clone https://github.com/vjt/openconnect-macos

  • Install OpenConnect

     # For MacOS
 brew install openconnect

 # For Debian/Ubuntu/Kali/other apt-based distros
 apt-get install openconnect

  • Create a directory for your VPN

     mkdir myvpn
 cd myvpn

  • Copy the network configuration script for your OS, and set the INTERNAL_ROUTES variable. For MacOS, if you want to run multiple VPNs, also set the SERVICE_NAME variable to a unique value

     # For MacOS
 cp ../net.macos.sh net.sh

 # For Linux
 cp ../net.linux.sh net.sh

  • Copy the configuration file and set the user, authgroup and script settings. If you want to be prompted for the username, comment out the user setting.

     cp ../vpn.conf vpn.conf
 vi vpn.conf

  • Copy the vpn.sh script and set the VPN_CONF and VPN_CONCENTRATOR variables

     cp ../vpn.sh vpn.sh
 vi vpn.sh

  • Grant yourself rights to start the VPN without password: run sudo visudo and add:

     %admin ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect

    at the end of the file.

Connect the VPN

Use the runner script

./vpn.sh

or run it manually, as you please

openconnect -U `whoami` --config ~/code/openconnect/myvpn/vpn.conf concentrator.example.com

Disconnect the VPN

Ctrl+C

Advantages

  • Start the VPN straight from the Command Line
  • Only DNS requests for the corporate domain are routed through the VPN
  • Only corporate traffic is routed through the VPN, for more privacy, security, and reliability.

License

----------------------------------------------------------------------------
"THE BEER-WARE LICENSE" (Revision 42):
<vjt@openssl.it> wrote this file. As long as you retain this notice you
can do whatever you want with this stuff. If we meet some day, and you think
this stuff is worth it, you can buy me a beer in return.

- Marcello Barnaba
----------------------------------------------------------------------------

About

Letting Cisco AnyConnect give back our choice in how to configure our systems

Resources

Readme

License

View license
Activity

Stars

17 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages