Start a new topic

Cisco anyconnect command task

Can someone help me out, this works in terminal but I cannot set it up as a command task, I must be missing something??

   

/opt/cisco/anyconnect/bin/vpn -s connect vpn.company.org <<"EOF"
username
password
y
exit
EOF

   


I think the command task statement has to be a single line. Try escaping the line endings? 


Side note, I'd put the un/pw into Custom Properties so they can be easily changed and stored as Protected Fields. Then reference the $CustomProperties.name$ in the command task. 


thanks for the reply, it appears that I can get it launched with:

/opt/cisco/anyconnect/bin/vpn -s connect vpn.company.org

in the command task but no matter how I try to pass in the creds, it just won't work.  very odd

thanks for the reply, I can launch anyconnect with 

/opt/cisco/anyconnect/bin/vpn -s connect vpn.soundtransit.org

in the command task but I cannot seem to be able to pass credentials for some reason



Hi @petedykinga


I created a script for this and I run it inside the 'Terminal' connection of Royal TSX.


The address is taken from the 'Computer Name':

image


The password is taken from the 'Credentials' section.


And the script is placed in the 'Custom Commands' section:

image


The number of the Group Name (in case you have to select a group upon connecting) is taken from 'Custom Field 1' under 'Custom Fields'.


The script also asks you for a 2FA password in case you need to enter one.


The script also checks if there is already a Cisco AnyConnection VPN connection active. If true, it asks you whether you want to keep it or to disconnect.

#!/bin/zsh
# title				: ciscoVpnConnectAF 4 RoyalTSX.sh
# description		: This script will connect/disconnect VPN via Cisco AnyConnect with 2 Factor Authentication
# author			: Pascal Reutener   [email protected]   (a&f systems ag)
# date				: 2021-07-29
# version			: 1.3
# usage				: as custom command in Royal TSX
# notes				: The Number of the Group Name is taken from 'Custom Field 1' in Royal TSX
# change history
# 2020-03-19 | PRE  : initial release
#						usage: ./ciscoVpnConnectAF.sh
# 2020-03-20 | PRE  : remove storage of credentials in clear text file
#						and instead use a variable
#						cosmetic changes
# 2020-11-23 | PRE  : added groupName variable
# 2021-07-29 | PRE  : Make group name/number dynamic (taken from 'CustomField1')
#==============================================================================

# configure
var_uid=$EffectiveUsername$
var_pwd="$EffectivePassword$"
var_ciscopath="/opt/cisco/anyconnect/bin"
var_url=$URI$
# Group Name Number is taken from Royal TSX's Custom Field 1
var_groupNameNumber=$CustomField1$


connect_vpn()
	{
		# ask for second password
		echo "     Please enter your OTP (One-Time Password) [ENTER]: "
		read -s var_passcode
		echo "\n     Your One-Time Password is: $var_passcode \n\n"

		sleep 1

		read -r -d '' var_logininfo <<- EOM
			$var_groupNameNumber
			$var_uid
			$var_pwd
			$var_passcode
			y
		EOM

		# connect
		$var_ciscopath/vpn -s <<< "$var_logininfo" connect $var_url
	}

disconnect_vpn()
	{
		# disconnect
		$var_ciscopath/vpn disconnect
	}


if /opt/cisco/anyconnect/bin/vpn status | grep Connected > /dev/null
then
	echo "\n\n --> You have currently an active Cisco AnyConnect VPN connection.\n     Do you want to disconnect?\n" 
	select yn in "Yes" "No"; do
		case $yn in
			Yes ) disconnect_vpn; break;;
			No ) exit;;
		esac
	done
else
	echo "\n\n --> You are currently NOT connected to $var_url"
	connect_vpn
fi

 

Use at your own risk. 


I hope this helps :)


—Best regards, Pascal

That did it, thanks for the help!!

Login or Signup to post a comment