domingo, 14 de abril de 2013

Automatic CheckPoint SSL VPN login (Linux)

Little recipe to automatically login to CheckPoint SSL Network Extender:

----------------- /home/user/login.vpn.expect -----------
#!/usr/bin/expect
spawn /usr/bin/snx -s <SERVER> -p 443 -u <USERNAME>
expect "password:"
send "<PASSWORD>\r"
expect eof
----------------------------------

To execute it, you just need to use expect tool:
-----------
$ expect login.vpn.expect

Good luck!


3 comentarios:

  1. The script seems to work, in that snx outputs that the connection is up, but after the script exits, there is no connection. Is is possible expect is killing the snx process afterwards, while in a normal terminal the process switches to the background (so snx -d will work later)?

    ResponderEliminar
  2. I finally used another simplified script:
    ----
    #!/bin/bash

    (date | sed ':a;N;$!ba;s/\n/ /g'; echo "Init VPN.sh" )>> /root/vpn.log
    if /usr/lib/nagios/plugins/check_ssh [HOST TO CHECK IF TUNNEL IS ALIVE]; then
    echo "OK"
    else
    echo "Restarting VPN"
    snx -d
    sleep 1
    snx < /root/pass
    fi

    ---
    Nevertheless, I found a problem with snx requering a tty. And nohup is not working for this.

    ResponderEliminar
    Respuestas
    1. I forgot to mention that I used the .snxrc file:
      ---- .snxrc ----
      server
      username
      reauth yes
      debug 1 # if you want to debug
      -----------------

      Eliminar