On our workplace we have to use Fortinet to connect to our VPN Network.
But if I'm connected to wifi and cable, some how I have issues to resolve addresses within the company network. So every time, I deactivate my wifi and establish then the VPN connection.
But - most of the time I forget this step. So I disconnect the VPN, deactivate wifi, and reactivate the connection. We have also two way Auth activated, so in a bad case I have to type three times Auth passwords (root pw, because its needed from client, network Auth from the company, and the two way Auth pin, which will be send to me)
So, I wrote a script...
#!/bin/bash cableInterface="enp0s31f6" wifiInterface="wlp3s0" wireConnecton=$(ethtool "$cableInterface" | grep Link | cut -d' ' -f3) wifiConnecton=$(ethtool "$wifiInterface" | grep Link | cut -d' ' -f3) while :; do case "$1" in -c) tmux kill-session -t VPN if [ "$wifiConnecton" == "yes" ] && [ "$wireConnecton" == "yes" ]; then echo "disable wifi" nmcli device disconnect "$wifiInterface" fi # activate wifi if i am not on cable if [ "$wifiConnecton" == "no" ] && [ "$wireConnecton" == "no" ]; then nmcli device connect "$wifiInterface" fi # get passwords and usernames sysPass=$(pass show path/to/rootPw | head -n1) pass=$(pass show path/for/vpnaccess | head -n1) user=$(pass show path/for/vpnaccess | tail -n1) # create new tmux session named VPN and establish vpn connection sleep 2 tmux new-session -d -s "VPN" sudo /usr/bin/openfortivpn -c /etc/openfortivpn/config -u "$user" -p "$pass" sleep 1 # send root password to system auth tmux send-keys -t "VPN:0" $sysPass Enter ;; -k) # kill vpn conneciton if [ "$wifiConnecton" == "no" ]; then nmcli device connect "$wifiInterface" fi echo $(pass show path/to/rootPw | head -n1) | sudo -S killall openfortivpn # kill session tmux kill-session -t VPN ;; *) break esac shift done
But I want to add some additional breeze. I am using rofi not only as window switcher and application launcher. I trigger as well some custom script e.g. change my wallpaper and color theme, or trigger Jenkins builds. So I add this script to my custom launcher, and now I just have to type in the pin which will be send to my mobile phone.