On our workplace we have to use Fortinet to connect to our VPN Network.
But if I'm connected to wifi and cable, some how I have issues to resolve addresses within the company network. So every time, I deactivate my wifi and establish then the VPN connection.
But - most of the time I forget this step. So I disconnect the VPN, deactivate wifi, and reactivate the connection. We have also two way Auth activated, so in a bad case I have to type three times Auth passwords (root pw, because its needed from client, network Auth from the company, and the two way Auth pin, which will be send to me)
So, I wrote a script...
#!/bin/bash
cableInterface="enp0s31f6"
wifiInterface="wlp3s0"
wireConnecton=$(ethtool "$cableInterface" | grep Link | cut -d' ' -f3)
wifiConnecton=$(ethtool "$wifiInterface" | grep Link | cut -d' ' -f3)
while :; do
case "$1" in
-c)
tmux kill-session -t VPN
if [ "$wifiConnecton" == "yes" ] && [ "$wireConnecton" == "yes" ]; then
echo "disable wifi"
nmcli device disconnect "$wifiInterface"
fi
# activate wifi if i am not on cable
if [ "$wifiConnecton" == "no" ] && [ "$wireConnecton" == "no" ]; then
nmcli device connect "$wifiInterface"
fi
# get passwords and usernames
sysPass=$(pass show path/to/rootPw | head -n1)
pass=$(pass show path/for/vpnaccess | head -n1)
user=$(pass show path/for/vpnaccess | tail -n1)
# create new tmux session named VPN and establish vpn connection
sleep 2
tmux new-session -d -s "VPN" sudo /usr/bin/openfortivpn -c /etc/openfortivpn/config -u "$user" -p "$pass"
sleep 1
# send root password to system auth
tmux send-keys -t "VPN:0" $sysPass Enter
;;
-k)
# kill vpn conneciton
if [ "$wifiConnecton" == "no" ]; then
nmcli device connect "$wifiInterface"
fi
echo $(pass show path/to/rootPw | head -n1) | sudo -S killall openfortivpn
# kill session
tmux kill-session -t VPN
;;
*)
break
esac
shift
done
But I want to add some additional breeze. I am using rofi not only as window switcher and application launcher. I trigger as well some custom script e.g. change my wallpaper and color theme, or trigger Jenkins builds. So I add this script to my custom launcher, and now I just have to type in the pin which will be send to my mobile phone.
Top comments (0)