bin/.local/bin/vpn #!/bin/bash # # ▓▓▓▓▓▓▓▓▓▓ # ░▓ author ▓ xero <x@xero.style> # ░▓ code ▓ https://code.x-e.ro/dotfiles # ░▓ mirror ▓ https://git.io/.files # ░▓▓▓▓▓▓▓▓▓▓ # ░░░░░░░░░░ #█▓▒░ style rip="" # alert="" # spook="" # cat << x0 _______._____.__________._________ \_ (| / ._ \ \ \ l / |/ / / / \_______/ /l_____X___\______\ \____/ x0 #█▓▒░ fatal errors _e(){ printf "%s error! %s\n" "$alert" ""; exit 1; } #█▓▒░ help usage() { me="$(basename "$(test -L "{{&blob}}" && readlink "{{&blob}}" || echo "{{&blob}}")")" cat <<USE usage: ${me} [-q|-h] | [account] -q|--quit : disconnects the vpn and proxy -h|--help : display this message account : optional prefix name of 1password item if an account arg is provided, it will be used to fetch the authentication credentials. otherwise, the logged in account of the envoking command will be used. USE exit 0 } #█▓▒░ deps installed() { if ! command -v "" &> /dev/null; then [[ -n ]] \ && _e " not found.\nplease install it first." \ || return 0 fi } #█▓▒░ 1pw creds auth() { account="" [[ -z "$account" ]] && account=$(op whoami | awk '/Email:/ {split(, a, "@"); print a[1]}') host=$(op item get "$account vpn login" --format json | jq -r '.urls[0].href') username=$(op item get "$account vpn login" --fields username) group=$(op item get "$account vpn login" --fields group) password=$(op item get "$account vpn login" --fields password --reveal) otp=$(op item get "$account vpn login" --otp) for var in host username group password otp; do [[ -z "${!var}" || ("$var" == "otp" && ${#otp} -ne 6) ]] && \ _e "invalid credential: $var" done printf "credentials for: %s have been retrieved\n" "$account" } #█▓▒░ create script setup() { tmp=$(mktemp -d -t vpn-XXXXXXXXXX) run="$tmp/vpn" cat << EOF > "$run" #!/bin/bash openconnect --timestamp --protocol=anyconnect --authgroup=$group $host EOF chmod +x "$run" $vpnns_installed && \ sed -i 's/openconnect/openconnect -S -s "vpnns --attach"/' "$run" } #█▓▒░ cleanup selfdestruct() { local exit_code=$? trap '' EXIT HUP INT QUIT PIPE TERM [[ -d "$tmp" ]] && rm -rf "$tmp" exit $exit_code } trap selfdestruct EXIT HUP INT QUIT PIPE TERM #█▓▒░ connect using expect connect() { sudo expect << EOF log_user 0 spawn -ignore HUP "$run" && disown expect { "Please enter your username." { expect "Username:" send "${username}\n" exp_continue } "Please enter your password." { expect "Password:" send "${password}\n" exp_continue } "Please enter your OTP password." { expect "Password:" send "${otp}\n" exp_continue } "SSL connection failure: The TLS connection was non-properly terminated." { log_user 1 send_user "Error: SSL connection failure.\n" log_user 0 exit 1 } "Failed to complete authentication" { log_user 1 send_user "error ${rip}\nfailed to complete authentication.\n" log_user 0 exit 1 } "Got CONNECT response: HTTP/1.1 200 CONNECTED" { log_user 1 send_user "\n\nvpn connected ${spook}\n" log_user 0 # by not exiting here it allows the spawned process to continue running } } EOF } #█▓▒░ rip disconnect() { printf "killing vpn processes %s\n" "$rip" sudo pkill openconnect [[ -L "$HOME/.kube" ]] && rm -f "$HOME/.kube" if $vpnns_installed; then sudo pkill vpn [[ -d "$HOME/.vpnns-default" ]] && rm -rf "$HOME/.vpnns-default" fi exit 0 } #█▓▒░ logic main() { vpnns_installed=false installed "openconnect" true installed "expect" true installed "vpnns" && vpnns_installed=true case "" in q|quit|x|exi|rip|disconnect|-q|--quit|-x|--exit) disconnect ;; h|help|-h|--help) usage ;; esac pgrep openconnect &> /dev/null && _e "vpn is already running." auth "$*" setup connect } main "$@"
