dotfiles

custom linux config files managed with gnu stow

dotfiles

bin/bin/vpn


#!/bin/bash
#   _______._____.__________._________
#   \_    (|     /   ._     \         \
#     \    l    /    |/     /  /      /
#      \_______/    /l_____X___\______\
#            \_____/
#  ▓▓▓▓▓▓▓▓▓▓
# ░▓ author ▓ xero <x@xero.style>
# ░▓ code   ▓ https://code.x-e.ro/dotfiles
# ░▓ mirror ▓ https://git.io/.files
# ░▓▓▓▓▓▓▓▓▓▓
# ░░░░░░░░░░

#█▓▒░  dont run as root
[ "$(id -u)" -eq 0 ] && echo "just be yourself" && exit 0

usage() {
	cat <<x0
 _______._____.__________._________
 \_    (|     /   ._     \         \
   \    l    /    |/     /  /      /
    \_______/    /l_____X___\______\
           \____/
x0
	echo "usage: ${me} [-h|-s|-d|-p|-c|-P|-q] host"
	echo "  -s|--secret   : 1password secret item for login"
	echo "  -d|--dns      : private ipv4 dns server"
	echo "  -p|--protocol : openconnect protocol (default anyconnect)"
	echo "  -c|--cert     : pinned tls cert hash"
	echo "  -P|--port     : socks5 proxy port (default 60806)"
	echo "  -q|--quit     : disconnect vpn and proxy"
	exit 0
}

function get_login() {
	pass=$(op item get "" --fields password)
	mfa=$(op item get "" --otp)
	echo "${pass},${mfa}"
}
function get_user() {
	user=$(op item get "" --fields email)
	[ -z "$user" ] && echo "failed to get user, op signin?" && exit 1
	[[ $user =~ @ ]] && user=$(echo "$user" | sed 's/@.*//')
	echo "$user"
}
function connect() {
	user=
	login=
	host=
	dns=
	protocol=
	cert=
	port=
	export INTERNAL_IP4_DNS=$dns
	[ -z "$cert" ] || cert="--servercert $cert"
	[ -z "$dns" ] || dns="-d $dns"
	echo "starting vpn processes"
	echo "${login}" | /usr/sbin/openconnect \
		-b -u "${user}" \
		--passwd-on-stdin \
		--protocol=${protocol} \
		${cert} \
		-S --script "/usr/bin/ocproxy -D ${port} ${dns}" \
		"${host}"
}
function disconnect() {
	echo "killing vpn processes"
	pkill openconnect
	pkill ocproxy
	exit
}

function parse_arguments() {
	secret=''
	host=''
	dns=''
	protocol='anyconnect'
	cert=''
	port='60806'
	options=$(getopt -o hs:d:p:c:P:q -l help,secret:,dns:,protocol:,cert:,port:,quit -- "$@") || exit 1
	set -- $options
	while [ $# -gt 0 ];do
		case  in
		-h|--help) usage ;;
		-s|--secret) secret="${2//\'/}" ; shift;;
		-d|--dns) dns="${2//\'/}" ; shift;;
		-p|--protocol) protocol="${2//\'/}" ; shift;;
		-c|--cert) cert="${2//\'/}" ; shift;;
		-P|--port) port="${2//\'/}" ; shift;;
		-q|--quit) disconnect;;
		(--) host="${2//\'/}" ; shift; break;;
		(-*) echo "{{&blob}}: error - unrecognized option " 1>&2; usage;;
		(*) break;;
		esac
		shift
	done
	[ -z "$host" ] && usage
	[[ "$host" =~ ^(quit|exit|disconnect)$ ]] && disconnect
	echo "getting credentials"
	user="$(get_user $secret)"
	login="$(get_login $secret)"
	connect "$user" "$login" "$host" "$dns" "$protocol" "$cert" "$port"
}

# fail fast w/ proper exit codes
set -eo pipefail
# main application logic
parse_arguments "$@"

Download

raw zip tar