Skip to content
Branch: master
Go to file
Code

Latest commit

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

OpenConnect - OS X/Mac OS GUI Menu Bar for connecting/disconnecting

What is this?

An easy way to get OpenConnect VPN to have an OS X/Mac OS Menu Bar GUI for:

  • quick connecting
  • quick disconnect
  • status changes (icon)

Full support for multi-factor authentication (especially Duo)!

OpenConnect Connected

OpenConnect Disconnected

How to run it:

1. Get the latest BitBar release:

https://github.com/matryer/bitbar/releases

BitBar provides an easy way to put "things" (for output and input) in your OS X/Mac OS Menu Bar.

Just unzip the release in your /Application folder and launch BitBar. It will ask you to create (or select) a folder to use for your scripts.

Obviously make sure you have installed openconnect too :) brew install openconnect

2. Edit the "openconnect.sh" and follow the steps inside to customize:

Start by just getting the file itself: https://raw.githubusercontent.com/ventz/openconnect-gui-menu-bar/master/openconnect.sh

Make sure you make it executable: chmod 755 openconnect.sh once you download it.

This file is the "script" that interacts with BitBar. Place it in your bitbar scripts folder (I have chosen: ~/Documents/bitbar-plugins/), and edit it/follow these steps:

First - Update your sudoers file with:

You can create a /etc/sudoers.d/openconnect file which contains:

mac-username ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect
mac-username ALL=(ALL) NOPASSWD: /usr/bin/killall -2 openconnect

Please note that mac-username is not a literal, but the actually the 'whoami' username for OS X/Mac OS.

Second - Make sure your openconnect binary is here:

VPN_EXECUTABLE=/usr/local/bin/openconnect

Third - add your VPN domain and VPN username and set Auth for "push" or "pin"

VPN_HOST="vpn.domain.tld"
VPN_USERNAME="vpn_username@domain.tld#VPN_TUNNEL_OPTIONALLY"

# Duo options include "push", "sms", or "phone"
PUSH_OR_PIN="push"
* or * 
# To be prompted for TOTP input, use product name:
PUSH_OR_PIN="Yubikey"
or
PUSH_OR_PIN="Google Authenticator"
or
PUSH_OR_PIN="Duo"

Finally, create your KeyChain password (to store your VPN password securely):

a.) Open "Keychain Access" and
b.) Click on "login" keychain (top left corner)
c.) Click on "Passwords" category (bottom left corner)
d.) From the "File" menu, select -> "New Password Item..."
e.) For "Keychain Item Name" and "Account Name" use the "VPN_HOST" and "VPN_USERNAME" values respectively from the "Third" step above.
f.) For "Password" enter your VPN AnyConnect password.

That's it! Now you can use the GUI to connect and disconnect! (and if you are using Duo - get the 2nd factor push to your phone)

Problems Connecting?

If you have another VPN (ex: OpenVPN), you might already have an 'utun0' interface. Please check with '/sbin/ifconfig'. If that's the case, in step #2 above you need to add:

VPN_INTERFACE="utun1"

If you already have an utun0 and an utun1, then you need to change it to the next available, ex: utun2.

In order to make sure this doesn't happen - I've chosen 'utun99'

Help/Questions/Comments:

For help or more info, feel free to contact me or open an issue here!

About

OpenConnect Menu Bar - Connect/Disconnect/Status - for Mac OS X (supports Duo push/sms/phone, or Yubikey, Google Authenticator, Duo, or any TOTP)

Topics

Resources

License

Releases

No releases published

Languages

You can’t perform that action at this time.