Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 20, 2005, 11:47 AM   #1
Wombert
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
Automatically log into VPN (Cisco) when connecting to certain wireless networks

Hi,

so my University uses the lovely Cisco VPN Client. Easy to get it working, not a big deal, but it annoys me that I need to start it manually every time I switch wifi networks and such. Is there a way to automate this? I want to connect to the VPN whenever the Airport logs into one of the University's wifi networks. The Cisco client also supports command-line mode, so I could write a script for that. But the big question is: is there a "connected to wifi network" event I can hook into using AppleScript or something. Sorry if this is a dumb question, I just switched from PC to Mac on Thursday
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   0 Reply With Quote
Old Nov 20, 2005, 01:01 PM   #2
belvdr
macrumors 68040
 
Join Date: Aug 2005
I'm sure there is a way to write this in Applescript.

However, if you are roaming across networks when connected, it makes perfect sense why the client is dropping you. If the university is using IKE, part of the initiation/configuration of the tunnel is to record the remote address. When your address changes, the tunnel is destroyed to remove any possibility of a hacking attempt.
belvdr is offline   0 Reply With Quote
Old Nov 20, 2005, 04:29 PM   #3
Wombert
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
True, and that's okay. What I don't want is to start the VPN Client manually and make it connect. It should happen automatically whenever I connect to one of the university's access points. That's why I was asking whether it would be possible to write an AppleScript or download a tool / daemon / whatever that can execute another script which establishes the VPN connection as soon as Airport logs into the wireless network.
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   0 Reply With Quote
Old Nov 20, 2005, 06:47 PM   #4
superbovine
macrumors 68030
 
superbovine's Avatar
 
Join Date: Nov 2003
Quote:
Originally Posted by Wombert
True, and that's okay. What I don't want is to start the VPN Client manually and make it connect. It should happen automatically whenever I connect to one of the university's access points. That's why I was asking whether it would be possible to write an AppleScript or download a tool / daemon / whatever that can execute another script which establishes the VPN connection as soon as Airport logs into the wireless network.

it probably possible, but the reason why it just doesn't do it is because of security the reason. They want to force you to go through the motion because that is a more method of access is more secure.
superbovine is offline   0 Reply With Quote
Old Nov 20, 2005, 06:51 PM   #5
Wombert
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
I found out I can add entries to /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/Kicker.xml which is called on every network change, so I'll just add a script in there that checks if I'm in university (dunno yet if I'll do this via access point detection or simply by querying the current location), and if so, start the vpn client. I'll let you guys know if this works
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   0 Reply With Quote
Old Nov 24, 2005, 12:25 PM   #6
Wombert
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
Okay guys, I solved this one. This is how it works:
  1. A script, ~/vpnconnect.sh will connect to the VPN:
    Code:
    screen -d -m /opt/cisco-vpnclient/bin/vpnclient connect <YourProfileName> &
    As you can see, it requires a profile. The easiest way to create one is to use the GUI client and copy the profile file from /etc/CiscoSystemsVPNClient/Profiles/ to /etc/opt/cisco-vpnclient (there seems to be no way to use a config file in another directory). The second time you use the profile to connect via the GUI client you will have the option to remember the password. Do that.
  2. Another script, ~/autovpn.sh will read the Airport's SSID and use the script from 1) to connect to VPN:
    Code:
    #!/bin/sh
    
    ssid=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | fgrep -i " ssid" | grep -Eo "[a-zA-Z0-9]+$"`
    
    if [ $ssid = "somenetwork" -o $ssid = "anotherSSID" ]
    then
    	/Users/<Yourusername>/vpnconnect.sh &
    fi
  3. Add the following segment to /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/Kicker.xml:
    Code:
            <dict>
                    <key>execCommand</key>
                    <string>/Users/<YourUserName>/autovpn.sh</string>
                    <key>execUID</key>
                    <integer><yourUID></integer>
                    <key>keys</key>
                    <array>
                            <string>Setup:/</string>
                            <string>State:/Network/Global/IPv4</string>
                    </array>
                    <key>name</key>
                    <string>AutoVPN</string>
            </dict>
    Use the id command to determine your UID and short username
  4. Restart the computer
Now, whenever your Airport connection changes and connects to one of the networks of which you specified the SSID, the VPN connection will be created automatically. You can adapt this to setup SSH tunnels etc, too. I haven't gotten this to work 100% reliably right after system startup yet, but it works when changing networks, enabling and disabling Airport and waking up from sleep, so it shouldn't be a big deal since most people will have their PB in sleep usually.
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   1 Reply With Quote
Old Dec 2, 2005, 01:23 PM   #7
BerndII
macrumors newbie
 
Join Date: Dec 2005
One question though, when you connect to the server, does your university post a message? Something like Welcome to xyz, use this profile for this and that. This is at least something my universities do and I always have to either type "y" in the cli or hit return using the GUI. If I could get arount responding to this message, automation would be great. Because if I don't respond I get a time out and the connection gets cancelled.
BerndII is offline   0 Reply With Quote
Old Dec 2, 2005, 02:38 PM   #8
Wombert
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
Quote:
Originally Posted by BerndII
One question though, when you connect to the server, does your university post a message? Something like Welcome to xyz, use this profile for this and that. This is at least something my universities do and I always have to either type "y" in the cli or hit return using the GUI. If I could get arount responding to this message, automation would be great. Because if I don't respond I get a time out and the connection gets cancelled.
No, they don't do that. I'm not sure if you could work around this either. Displaying the message is definitely impossible because I'm using "screen" to make it work as a background process...
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   0 Reply With Quote
Old Dec 2, 2005, 04:40 PM   #9
GeeYouEye
macrumors 68000
 
GeeYouEye's Avatar
 
Join Date: Dec 2001
Location: State of Denial
Send a message via AIM to GeeYouEye Send a message via Yahoo to GeeYouEye
Thanks a TON for figuring this out! I've been looking for a way to do this through AppleScript or Automator, but this looks like it should work just as well.

EDIT: hmm... how do you connect to a VPN that has both group and individual authentication? In other words, when I use the GUI client, it connects using the stored profile, but then I have to enter my network username (usually filled in) and password. There doesn't seem to be any way to store this, AFAICT.
__________________
I bring order to chaos. You are in chaos Windows, you are the contradiction, a bug wishing to be an OS.
Visit Softyards Software
NEW DEFINITION OF GEEK
Like politics, free speech, computers, entertainment, and more? Join us at Wordforge.net

Last edited by GeeYouEye; Dec 2, 2005 at 04:46 PM.
GeeYouEye is offline   0 Reply With Quote
Old Dec 2, 2005, 04:48 PM   #10
Wombert
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
Quote:
Originally Posted by GeeYouEye
Thanks a TON for figuring this out! I've been looking for a way to do this through AppleScript or Automator, but this looks like it should work just as well.
You can't do it through Automator or AppleScript, since you need to hook into Kicker to have the command executed whenever the network environment changes.

Note that I'm using
Code:
if [ $ssid = "somenetwork" -o $ssid = "anotherSSID" ]
to check if the SSID is either "somenetwork" or "anotherSSID". If you want to check for only one SSID, remove the second part, including the "-o". If you want to check more networks, add more -o $ssid = "..." chunks to the end.

There's a caveat, though: you can't really disconnect from VPN because disconnecting will result in a network configuration change, which again starts the script and establishes a connection. So if you want to get out of the network, you have to disable Airport or log out from the wireless network altogether. Should not be a big deal, though, since you usually have to be on VPN to use the network at all. I don't have figured out yet how to be notified only on Airport connection changes.

And, as I said, it doesn't always work right after system startup. It should not be a problem since usually, you don't boot your computer but just wake it up from sleep, where it always works like a charm.

I'm soooooo glad I found out how this works. I'm really sorry for all those Linux guys sitting around me in front of their ugly, uncool laptops, entering 20+ lines on the console to log in to wireless and VPN
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   0 Reply With Quote
Old Dec 2, 2005, 04:52 PM   #11
Wombert
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Location: Munich, Germany
Quote:
Originally Posted by GeeYouEye
EDIT: hmm... how do you connect to a VPN that has both group and individual authentication? In other words, when I use the GUI client, it connects using the stored profile, but then I have to enter my network username (usually filled in) and password. There doesn't seem to be any way to store this, AFAICT.
Mine also needs a group auth, plus a username and password. I can save this in the GUI client after I connect for the second time. The Group authentication for the connection is always saved, and at the bottom, there's a "Erase User Password" button which I could use to remove the saved user and password data. Maybe you have to switch to advanced mode to make this work? Or upgrade to the latest version... I'm using Cisco Systems VPN Client Version 4.7.00 (0510)
__________________
Hello. I'm a signature virus. Please copy me to other signatures to help me spread :]
Wombert is offline   0 Reply With Quote
Old Dec 2, 2005, 05:26 PM   #12
newtonick
macrumors newbie
 
Join Date: Dec 2005
Location: Illinois
My Ongoing Solution to Cisco VPN

About a year ago I asked that very question (along with others regarding Cisco VPN). I started creating apple scripts and tried bash scripts, all sucked. So I moved on to creating a full App. A new interface to Cisco's VPN Client. I was still in the learning process of Cocoa, so I shared my idea with a hard core programmer (Gorman) and he did the coding in cocoa.

The "VPNMenu" is a app that computicates with the VPN Driver (through Cisco API's) that installs when you install the Cisco VPN Client, version 4.7 of the client is required to use this app. This app is a Status Item (in Menu bar) that allows you to store your username and password in prefferences (keychain). VPNMenu also has a feature to Auto-connect, to a particular domain, or to all connections. It detects the Domain IP or name from the DHCP server and decides if it should connect to the VPN. There is even a few more features. Now this client is still in very early stages. It has flaws, but don't complain about them, download the source and fix them. Then post the fix.

You can download the VPNMenu here at:
http://niumug.org/projects/vpnmenu

This is the first time I think the client has been made "public" so comment on it, tell me what you think. The download is currently being hosted through NIU Mac User Group, which is in the process of becoming an offical Mac User Group.
newtonick is offline   0 Reply With Quote
Old Dec 2, 2005, 09:26 PM   #13
cheesy
macrumors member
 
Join Date: Sep 2003
Location: Los Angeles, CA / Seattle, WA
Send a message via AIM to cheesy
1) For those of you who require a user login/password there are command line options for that:

vpnclient connect profilename user username password password

Of course the password will be easily visible to anyone who has access to the script, so keep that in mind...

2) I can't get the VPNMenu to work for some reason. It gives me errors -10 and -17. I'll try again later, our VPN server is really flakey.
cheesy is offline   0 Reply With Quote
Old Dec 2, 2005, 11:55 PM   #14
newtonick
macrumors newbie
 
Join Date: Dec 2005
Location: Illinois
VPNMenu requires 4.7

OK, a few things to check. For some reason (haven't figured out yet), in the testing I have done, You MUST have Cisco VPN Client 4.7 (which I think is a good thing). If you have that version installed (or higher) and provide the right username and passwd with the right profile, this client should work. Test the Cisco supplied interface, or the command line client, if it works, the VPNMenu client should work. After doing all that, and it still does not work, post the errors you get and the clients reaction (animation effects and such).

Last edited by newtonick; Dec 3, 2005 at 12:09 AM.
newtonick is offline   0 Reply With Quote
Old Dec 3, 2005, 09:43 AM   #15
nschum
macrumors newbie
 
Join Date: Dec 2005
Thank you for the kicker code. I had something like this running in an brute force infinite loop.

As for typing "y", you can do that with "yes | vpnclient connect ..."
nschum is offline   0 Reply With Quote
Old Dec 11, 2005, 09:41 AM   #16
davehapa
macrumors newbie
 
Join Date: Dec 2005
VPNMenu is extremely slick

It's really very nice. Stores your domain credentials and lets you connect instantly. The Cisco GUI is quite easy, but this is really, really easy. Thanks for this.
davehapa is offline   0 Reply With Quote
Old Jan 24, 2007, 10:48 AM   #17
JudLeonard
macrumors newbie
 
Join Date: Jan 2007
Location: Boston, Ma
Using Kicker

I'm trying to adapt this technique to adjust my default printer as I move between office and home. I have a shell script, called set_default_printer, which does the right thing when called, but I haven't been able to get it invoked when my powerbook wakes up. I added the following to Kicker.xml:

<dict>
<key>execCommand</key>
<string>/Users/leonard/Source/bin/set_default_printer</string>
<key>execUID</key>
<integer>501</integer>
<key>keys</key>
<array>
<string>Setup:</string>
<string>State:/Network/Global/IPv4</string>
</array>
<key>name</key>
<string>SelectPrinter</string>
</dict>

But it doesn't seem to be invoked when I wake the machine. And unfortunately, I don't understand what these various strings are supposed to do.

Any suggestions what to try, or where to look? Thanks.
JudLeonard is offline   0 Reply With Quote
Old Jan 25, 2007, 04:02 AM   #18
nschum
macrumors newbie
 
Join Date: Dec 2005
I think you're missing the / behind Setup:
nschum is offline   0 Reply With Quote
Old Feb 29, 2008, 05:45 AM   #19
nschum
macrumors newbie
 
Join Date: Dec 2005
Has anyone figured this out for Leopard, yet? The Kicker bundle appears to be gone.
nschum is offline   0 Reply With Quote
Old Jun 26, 2010, 08:13 PM   #20
bahnsen
macrumors newbie
 
Join Date: Jun 2010
hi,

kind of a long-term thread.. is there a better way known after that long time?
maybe a tool which can auto-connect to a VPN?

greetings..
bahnsen is offline   0 Reply With Quote
Old Sep 22, 2010, 09:55 AM   #21
markgo2k
macrumors member
 
Join Date: Oct 2008
This doesn't handle the automation part on network change, but the magic incantation with Cisco VPN Client 4.9 to eliminate pwd prompt is:

open /Applications/VPNClient.app --args -c -user YourUsername -pwd YourPassword ProfileNameToConnect

I haven't figured out yet how I can make it disconnect or quit cleanly (I can ask it to quit via Applescript, but it pops a "Connection active/do you wish to terminate alert".
markgo2k is offline   0 Reply With Quote
Old Nov 8, 2010, 10:39 AM   #22
texasdude11
macrumors newbie
 
Join Date: Nov 2010
How can I do this on my new iPhone4 OS 4.1 which is jailbroken already?

Quote:
Originally Posted by Wombert View Post
Okay guys, I solved this one. This is how it works:
  1. A script, ~/vpnconnect.sh will connect to the VPN:
    Code:
    screen -d -m /opt/cisco-vpnclient/bin/vpnclient connect <YourProfileName> &
    As you can see, it requires a profile. The easiest way to create one is to use the GUI client and copy the profile file from /etc/CiscoSystemsVPNClient/Profiles/ to /etc/opt/cisco-vpnclient (there seems to be no way to use a config file in another directory). The second time you use the profile to connect via the GUI client you will have the option to remember the password. Do that.
  2. Another script, ~/autovpn.sh will read the Airport's SSID and use the script from 1) to connect to VPN:
    Code:
    #!/bin/sh
    
    ssid=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | fgrep -i " ssid" | grep -Eo "[a-zA-Z0-9]+$"`
    
    if [ $ssid = "somenetwork" -o $ssid = "anotherSSID" ]
    then
    	/Users/<Yourusername>/vpnconnect.sh &
    fi
  3. Add the following segment to /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/Kicker.xml:
    Code:
            <dict>
                    <key>execCommand</key>
                    <string>/Users/<YourUserName>/autovpn.sh</string>
                    <key>execUID</key>
                    <integer><yourUID></integer>
                    <key>keys</key>
                    <array>
                            <string>Setup:/</string>
                            <string>State:/Network/Global/IPv4</string>
                    </array>
                    <key>name</key>
                    <string>AutoVPN</string>
            </dict>
    Use the id command to determine your UID and short username
  4. Restart the computer
Now, whenever your Airport connection changes and connects to one of the networks of which you specified the SSID, the VPN connection will be created automatically. You can adapt this to setup SSH tunnels etc, too. I haven't gotten this to work 100% reliably right after system startup yet, but it works when changing networks, enabling and disabling Airport and waking up from sleep, so it shouldn't be a big deal since most people will have their PB in sleep usually.
How can I do this on my new iPhone4 OS 4.1 which is jail-broken already? I have to log in to a VPN at my work to check my email. but as soon as my phone locks, the wifi goes to sleep and VPN disconnects. this really bugs me as i have to reconnect the VPN every time i have to unlock my iPhone. Any idea if I can do this exact thing on my iPhone? Right now I have a toggle for VPN in my SBSettings and I have to do it manually.

Any suggestions?

Thanks!
texasdude11 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iBook G3 Not Connecting To Wireless Networks. Goftrey PowerPC Macs 13 May 28, 2013 02:50 PM
Wireless Internet connection is not connecting automatically Nerdy Keith iMac 3 May 25, 2013 07:43 PM
Cisco modem/router plus AirPort Extreme separated networks edunon Mac Peripherals 5 Mar 25, 2013 12:44 PM
Cisco VPN on 10.8 Mountain Lion Ripmax2000 OS X 10.8 Mountain Lion 14 Mar 16, 2013 02:53 PM
Cisco IPsec VPN & iOS 6 Mastidon iOS 6 2 Sep 24, 2012 02:18 PM

Forum Jump

All times are GMT -5. The time now is 01:03 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC