DEV Community

mafflerbach
mafflerbach

Posted on

Openfortivpn - automatet network interface switcher

On our workplace we have to use Fortinet to connect to our VPN Network.
But if I'm connected to wifi and cable, some how I have issues to resolve addresses within the company network. So every time, I deactivate my wifi and establish then the VPN connection.
But - most of the time I forget this step. So I disconnect the VPN, deactivate wifi, and reactivate the connection. We have also two way Auth activated, so in a bad case I have to type three times Auth passwords (root pw, because its needed from client, network Auth from the company, and the two way Auth pin, which will be send to me)

So, I wrote a script...


#!/bin/bash
cableInterface="enp0s31f6"
wifiInterface="wlp3s0"

wireConnecton=$(ethtool "$cableInterface" | grep Link | cut -d' ' -f3)
wifiConnecton=$(ethtool "$wifiInterface" | grep Link | cut -d' ' -f3)

while :; do
    case "$1" in
        -c) 

            tmux kill-session -t VPN
            if [ "$wifiConnecton" == "yes" ] && [ "$wireConnecton" == "yes" ]; then
                echo "disable wifi"
                nmcli device disconnect "$wifiInterface"
            fi

            # activate wifi if i am not on cable
            if [ "$wifiConnecton" == "no" ] && [ "$wireConnecton" == "no" ]; then
                nmcli device connect "$wifiInterface"
            fi
            # get passwords and usernames
            sysPass=$(pass show path/to/rootPw | head -n1)
            pass=$(pass show path/for/vpnaccess | head -n1)
            user=$(pass show path/for/vpnaccess | tail -n1)

            # create new tmux session named VPN and establish vpn connection
            sleep 2
            tmux new-session -d -s "VPN"  sudo /usr/bin/openfortivpn -c /etc/openfortivpn/config -u "$user"  -p "$pass"
            sleep 1
            # send root password to system auth
            tmux send-keys -t "VPN:0" $sysPass Enter
            ;;
        -k) 
            # kill vpn conneciton 
            if [ "$wifiConnecton" == "no" ]; then
                 nmcli device connect "$wifiInterface"
            fi
            echo $(pass show path/to/rootPw | head -n1) | sudo -S killall openfortivpn 
            # kill session
            tmux kill-session -t VPN
            ;;
        *)
            break
    esac
    shift
done


Enter fullscreen mode Exit fullscreen mode

But I want to add some additional breeze. I am using rofi not only as window switcher and application launcher. I trigger as well some custom script e.g. change my wallpaper and color theme, or trigger Jenkins builds. So I add this script to my custom launcher, and now I just have to type in the pin which will be send to my mobile phone.

vpn-rofi.png

Top comments (0)