bin/bin/vpn
#!/bin/bash
# _______._____.__________._________
# \_ (| / ._ \ \
# \ l / |/ / / /
# \_______/ /l_____X___\______\
# \_____/
# ▓▓▓▓▓▓▓▓▓▓
# ░▓ author ▓ xero <x@xero.style>
# ░▓ code ▓ https://code.x-e.ro/dotfiles
# ░▓ mirror ▓ https://git.io/.files
# ░▓▓▓▓▓▓▓▓▓▓
# ░░░░░░░░░░
#█▓▒░ dont run as root
[ "$(id -u)" -eq 0 ] && echo "just be yourself" && exit 0
usage() {
cat <<x0
_______._____.__________._________
\_ (| / ._ \ \
\ l / |/ / / /
\_______/ /l_____X___\______\
\____/
x0
me="$(basename "$(test -L "{{&blob}}" && readlink "{{&blob}}" || echo "{{&blob}}")")"
echo "usage: ${me} [-h|-s|-d|-p|-c|-P|-q] host"
echo " -s|--secret : 1password secret item for login"
echo " -d|--dns : private ipv4 dns server"
echo " -p|--protocol : openconnect protocol (default anyconnect)"
echo " -c|--cert : pinned tls cert hash"
echo " -P|--port : socks5 proxy port (default 60806)"
echo " -q|--quit : disconnect vpn and proxy"
exit 0
}
function get_login() {
pass=$(op item get "" --fields password)
mfa=$(op item get "" --otp)
echo "${pass},${mfa}"
}
function get_user() {
user=$(op item get "" --fields email)
[ -z "$user" ] && echo "failed to get user, op signin?" && exit 1
[[ $user =~ @ ]] && user=$(echo "$user" | sed 's/@.*//')
echo "$user"
}
function connect() {
user=
login=
host=
dns=
protocol=
cert=
port=
export INTERNAL_IP4_DNS=$dns
[ -z "$cert" ] || cert="--servercert $cert"
[ -z "$dns" ] || dns="-d $dns"
echo "starting vpn processes"
echo "${login}" | /usr/sbin/openconnect \
-b -u "${user}" \
--passwd-on-stdin \
--protocol=${protocol} \
${cert} \
-S --script "vpnns --attach" \
"${host}"
}
function disconnect() {
echo "killing vpn processes"
pkill openconnect
pkill vpnns
exit
}
function parse_arguments() {
secret=''
host=''
dns=''
protocol='anyconnect'
cert=''
port='60806'
options=$(getopt -o hs:d:p:c:P:q -l help,secret:,dns:,protocol:,cert:,port:,quit -- "$@") || exit 1
set -- $options
while [ $# -gt 0 ];do
case in
-h|--help) usage ;;
-s|--secret) secret="${2//\'/}" ; shift;;
-d|--dns) dns="${2//\'/}" ; shift;;
-p|--protocol) protocol="${2//\'/}" ; shift;;
-c|--cert) cert="${2//\'/}" ; shift;;
-P|--port) port="${2//\'/}" ; shift;;
-q|--quit) disconnect;;
(--) host="${2//\'/}" ; shift; break;;
(-*) echo "{{&blob}}: error - unrecognized option " 1>&2; usage;;
(*) break;;
esac
shift
done
[ -z "$host" ] && usage
[[ "$host" =~ ^(quit|exit|disconnect)$ ]] && disconnect
eval $(op signin)
echo "getting credentials"
user="$(get_user $secret)"
login="$(get_login $secret)"
connect "$user" "$login" "$host" "$dns" "$protocol" "$cert" "$port"
}
# fail fast w/ proper exit codes
set -eo pipefail
# main application logic
parse_arguments "$@"