Universal Rule

Book Reviews

Monday, May 3, 2004

-- Comment()
If It's Urgent, Ignore It: "Smart organizations ignore the urgent. Smart organizations understand that important issues are the ones to deal with. If you focus on the important stuff, the urgent will take care of itself. [...] Urgent is not an excuse. In fact, urgent is often an indictment--a sure sign that you've been putting off the important stuff until it mushrooms out of control." [via Frank Patrick's Focused Performance Blog]

Recipe for scripting Cisco VPN connections -- Comment()
Here follows my script for automating Cisco VPN using the command-line version of the program (vpnclient). The script is written in Expect. Thanks to Ssp for telling about SSHPassKey and otherwise helping with the script.

The script should be able to

connect automatically on sleep/awake cycles, starting/stopping AirPort etc.
run in the background in Terminal
exit properly (or handle disconnect properly)
integrate into Mac OS X keychain (for storing usernames and passwords)

I mapped the script below to a function key with HotApp using an AppleScript like the following:

tell application "Terminal"
    	do script with command "/path/command-name"
end tell

This opens a new Terminal window (in the background) and starts up Cisco VPN. To stop using Cisco VPN, just close the Terminal window.

Without further ado, here follows the Expect script for automating vpnconnect (the Cisco VPN command-line program):

#!/usr/bin/expect
# Cisco VPN Script
proc killvpnprocesses {} {
  spawn killall vpnclient
  expect "No matching processes belonging to you were found" {} \
         eof {}
  spawn killall cvpnd
  expect "No matching processes belonging to you were found" {} \
         eof {}
  return 0
}
set profile PROFILE
set username USERNAME
set keyname "VPN $profile ($username)"
set sshpasskey /Applications/Utilities/SSHPassKey.app/Contents/MacOS/SSHPassKey
set passwd [exec $sshpasskey $keyname]
while {1} {
  eval spawn vpnclient connect "$profile"
  expect -ex "Username \["   {send "$username\n"} \
         "A connection already exists."  {exit 2} \
         "Could not attach to driver." \
               {sleep 5; killvpnprocesses; continue} \
         "The application was unable to communicate with the VPN sub-system." \
               {sleep 5; killvpnprocesses; continue}
  expect -ex "Password \["   {send "$passwd\n"}
  expect "Your VPN connection is secure." {interact} \
         "Your link is secure." {interact} \
         "Your VPN connection has been terminated." \
               {sleep 5; killvpnprocesses; continue} \
         "Could not attach to driver." {sleep 5; killvpnprocesses; continue}
  sleep 2
  killvpnprocesses
  sleep 2

Update: I added the HTML codes for backslash characters, so you should be able to cut and paste the script from the web page.