├── images
    ├── vpn-connected.png
    └── vpn-disconnected.png
├── README.md
├── openconnect.sh
└── LICENSE


/images/vpn-connected.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ventz/openconnect-gui-menu-bar/HEAD/images/vpn-connected.png


--------------------------------------------------------------------------------
/images/vpn-disconnected.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ventz/openconnect-gui-menu-bar/HEAD/images/vpn-disconnected.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ### OpenConnect - OS X/Mac OS GUI Menu Bar for connecting/disconnecting
  2 | 
  3 | # What is this?
  4 | 
  5 | An easy way to get OpenConnect VPN to have an OS X/Mac OS Menu Bar GUI for:
  6 | * quick connecting
  7 | * quick disconnect
  8 | * status changes (icon)
  9 | 
 10 | Full support for multi-factor authentication (especially Duo)!
 11 | 
 12 | ![OpenConnect Connected](https://github.com/ventz/openconnect-gui-menu-bar/blob/master/images/vpn-connected.png)
 13 | 
 14 | ![OpenConnect Disconnected](https://github.com/ventz/openconnect-gui-menu-bar/blob/master/images/vpn-disconnected.png)
 15 | 
 16 | # How to run it:
 17 | 
 18 | ## 1. Get the latest BitBar release:
 19 | https://github.com/matryer/bitbar/releases
 20 | 
 21 | BitBar provides an easy way to put "things" (for output and input) in your OS X/Mac OS Menu Bar.
 22 | 
 23 | Just unzip the release in your /Application folder and launch BitBar.
 24 | It will ask you to create (or select) a folder to use for your scripts.
 25 | 
 26 | Obviously make sure you have installed openconnect too :)
 27 | `brew install openconnect`
 28 | 
 29 | ## 2. Edit the "openconnect.sh" and follow the steps inside to customize:
 30 | 
 31 | Start by just getting the file itself:
 32 | https://raw.githubusercontent.com/ventz/openconnect-gui-menu-bar/master/openconnect.sh
 33 | 
 34 | Make sure you make it executable: `chmod 755 openconnect.sh` once you download it.
 35 | 
 36 | This file is the "script" that interacts with BitBar. Place
 37 | it in your bitbar scripts folder (I have chosen:
 38 | ~/Documents/bitbar-plugins/), and edit it/follow these steps:
 39 | 
 40 | ### First - Update your sudoers file with:
 41 | 
 42 | You can create a `/etc/sudoers.d/openconnect` file which contains:
 43 | ```
 44 | mac-username ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect
 45 | mac-username ALL=(ALL) NOPASSWD: /usr/bin/killall -2 openconnect
 46 | ```
 47 | 
 48 | Please note that `mac-username` is not a literal, but the actually the 'whoami' username for OS X/Mac OS.
 49 | 
 50 | ### Second - Make sure your openconnect binary is here:
 51 | ```
 52 | VPN_EXECUTABLE=/usr/local/bin/openconnect
 53 | ```
 54 | 
 55 | ### Third - add your VPN domain and VPN username and set Auth for "push" or "pin"
 56 | ```
 57 | VPN_HOST="vpn.domain.tld"
 58 | # NOTE: If you are using a VPN_GROUP (ex: domain.tld/group) -- use this, instead of "#VPN_TUNNEL" within VPN_USERNAME
 59 | VPN_GROUP="VPN_GROUP_TUNNEL"
 60 | VPN_USERNAME="vpn_username@domain.tld#VPN_TUNNEL_OPTIONALLY"
 61 | 
 62 | # Duo options include "push", "sms", or "phone"
 63 | PUSH_OR_PIN="push"
 64 | * or * 
 65 | # To be prompted for TOTP input, use product name:
 66 | PUSH_OR_PIN="Yubikey"
 67 | or
 68 | PUSH_OR_PIN="Google Authenticator"
 69 | or
 70 | PUSH_OR_PIN="Duo"
 71 | 
 72 | ```
 73 | 
 74 | ### Finally, create your KeyChain password (to store your VPN password securely):
 75 | ```
 76 | a.) Open "Keychain Access" and
 77 | b.) Click on "login" keychain (top left corner)
 78 | c.) Click on "Passwords" category (bottom left corner)
 79 | d.) From the "File" menu, select -> "New Password Item..."
 80 | e.) For "Keychain Item Name" and "Account Name" use the "VPN_HOST" and "VPN_USERNAME" values respectively from the "Third" step above.
 81 | f.) For "Password" enter your VPN AnyConnect password.
 82 | ```
 83 | 
 84 | That's it! Now you can use the GUI to connect and disconnect!
 85 | (and if you are using Duo - get the 2nd factor push to your phone)
 86 | 
 87 | 
 88 | # Problems Connecting?
 89 | 
 90 | If you have another VPN (ex: OpenVPN), you might already have an
 91 | 'utun0' interface. Please check with '/sbin/ifconfig'. If that's the
 92 | case, in step #2 above you need to add:
 93 | 
 94 | ```
 95 | VPN_INTERFACE="utun1"
 96 | ```
 97 | 
 98 | If you already have an utun0 and an utun1, then you need to
 99 | change it to the next available, ex: utun2.
100 | 
101 | In order to make sure this doesn't happen - I've chosen 'utun99'
102 | 
103 | # Help/Questions/Comments:
104 | For help or more info, feel free to contact me or open an issue here!
105 | 


--------------------------------------------------------------------------------
/openconnect.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Credit for original concept and initial work to: Jesse Jarzynka
  3 | #
  4 | # Updated by: Ventz Petkov (11-08-23)
  5 | #   * Modified VPN_EXECUTABLE default path due to dir change within `brew` on M-series Macs (m1, m2, m3) to /opt/homebrew/
  6 | #   * Modified sudoers to reflect new openconnect VPN_EXECUTABLE path
  7 | #   * Cleaned up KeyChain instructions around KeyChain Item name vs Account Name
  8 | #
  9 | # Updated by: Ventz Petkov (7-25-23)
 10 | #   * added useragent for AnyConnect (needed for recent deployments)
 11 | #   * added "VPN_GROUP" option, which is replacing the phased out "#VPN_TUNNEL_OPTIONALLY" within the "VPN_USERNAME"
 12 | 
 13 | # Updated by: Ventz Petkov (8-31-18)
 14 | #   * merged feature for token/pin input (ex: Duo/Yubikey/Google Authenticator) contributed by Harry Hoffman <hhoffman@ip-solutions.net>
 15 | #   * added option to pick "push/sms/phone" (ex: Duo) vs token/pin (Yubikey/Google Authenticator/Duo)
 16 | 
 17 | # Updated by: Ventz Petkov (11-15-17)
 18 | #   * cleared up documentation
 19 | #   * incremented 'VPN_INTERFACE' to 'utun99' to avoid collisions with other VPNs
 20 | 
 21 | # Updated by: Ventz Petkov (9-28-17)
 22 | #   * fixed for Mac OS X High Sierra (10.13)
 23 | 
 24 | # Updated by: Ventz Petkov (7-24-17)
 25 | #   * fixed openconnect (did not work with new 2nd password prompt)
 26 | #   * added ability to work with "Duo" 2-factor auth
 27 | #   * changed icons
 28 | 
 29 | # <bitbar.title>VPN Status</bitbar.title>
 30 | # <bitbar.version>v1.1</bitbar.version>
 31 | # <bitbar.author>Ventz Petkov</bitbar.author>
 32 | # <bitbar.author.github>ventz</bitbar.author.github>
 33 | # <bitbar.desc>Connect/Disconnect OpenConnect + show status</bitbar.desc>
 34 | # <bitbar.image></bitbar.image>
 35 | 
 36 | #########################################################
 37 | # USER CHANGES #
 38 | #########################################################
 39 | 
 40 | # 1.) Updated your sudo config with (edit "mac-username" with your username):
 41 | # (NOTE: You can obtain the "mac-username" with "whoami" in a terminal)
 42 | #mac-username ALL=(ALL) NOPASSWD: /opt/homebrew/bin/openconnect
 43 | #mac-username ALL=(ALL) NOPASSWD: /usr/bin/killall -2 openconnect
 44 | 
 45 | 
 46 | # 2.) Make sure openconnect binary is located here:
 47 | #     (If you don't have it installed: "brew install openconnect")
 48 | VPN_EXECUTABLE=/opt/homebrew/bin/openconnect
 49 | 
 50 | 
 51 | # 3.) Update your AnyConnect VPN host
 52 | VPN_HOST="vpn.domain.tld"
 53 | # NOTE: If you are using a VPN_GROUP (ex: domain.tld/group) -- use this, instead of "#VPN_TUNNEL" within VPN_USERNAME
 54 | VPN_GROUP="VPN_GROUP_TUNNEL_OPTIONALLY"
 55 | 
 56 | # 4.) Update your AnyConnect username + tunnel
 57 | # NOTE: If you are NOT using the VPN_GROUP, set it to empty, and use "#VPN_TUNNEL" within the VPN_USERNAME
 58 | VPN_USERNAME="vpn_username@domain.tld#VPN_TUNNEL_OPTIONALLY"
 59 | 
 60 | # 5.) Push 2FA (ex: Duo), or Pin/Token (ex: Yubikey, Google Authenticator, TOTP)
 61 | PUSH_OR_PIN="push"
 62 | #PUSH_OR_PIN="Yubikey"
 63 | # ---
 64 | # * For Push (and other Duo specifics), options include:
 65 | # "push", "sms", or "phone"
 66 | # ---
 67 | # * For Yubikey/Google Authenticator/other TOTP, specify any name for prompt:
 68 | # "any-name-of-product-to-be-prompted-about"
 69 | # PUSH_OR_PIN="Yubikey" | PUSH_OR_PIN="Google Authenticator" | PUSH_OR_PIN="Duo"
 70 | # (essentially, anything _other_ than the "push", "sms", or "phone" options)
 71 | # ---
 72 | 
 73 | # 6.) Create an encrypted password entry in your OS X Keychain:
 74 | #      a.) Open "Keychain Access" and 
 75 | #      b.) Click on "login" keychain (top left corner)
 76 | #      c.) Click on "Passwords" category (bottom left corner)
 77 | #      d.) From the "File" menu, select -> "New Password Item..."
 78 | #      e.) For "Keychain Item Name" "VPN_HOST" (ex: vpn.domain.tld)
 79 | #      f.) For "Account Name" use the value for "VPN_USERNAME" (ex: email@domain.tld)
 80 | #      g.) For "Password" enter your VPN AnyConnect password.
 81 | 
 82 | # This will retrieve that password securely at run time when you connect, and feed it to openconnect
 83 | # No storing passwords unenin plain text files! :)
 84 | GET_VPN_PASSWORD="security find-generic-password -wl $VPN_HOST"
 85 | 
 86 | # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 87 | # END-OF-USER-SETTINGS #
 88 | #########################################################
 89 | 
 90 | VPN_INTERFACE="utun99"
 91 | 
 92 | # Command to determine if VPN is connected or disconnected
 93 | VPN_CONNECTED="/sbin/ifconfig | grep -A3 $VPN_INTERFACE | grep inet"
 94 | # Command to run to disconnect VPN
 95 | VPN_DISCONNECT_CMD="sudo killall -2 openconnect"
 96 | 
 97 | # GUI Prompt for your token/key (ex: Duo/Yubikey/Google Authenticator)
 98 | function prompt_2fa_method() {		
 99 | 	if [ "$1" == "push" ]; then
100 | 		echo "push"
101 | 	elif [ "$1" == "sms" ]; then
102 | 		echo "sms"
103 | 	elif [ "$1" == "phone" ]; then
104 | 		echo "phone"
105 | 	else
106 | 		osascript <<EOF
107 | 		tell app "System Events"
108 | 			text returned of (display dialog "Enter $1 token:" with hidden answer default answer "" buttons {"OK"} default button 1 with title "$(basename $0)")
109 | 		end tell
110 | EOF
111 | 	fi
112 | }
113 | 
114 | 
115 | case "$1" in
116 |     connect)
117 |         VPN_PASSWORD=$(eval "$GET_VPN_PASSWORD")
118 |         # VPN connection command, should eventually result in $VPN_CONNECTED,
119 |         # may need to be modified for VPN clients other than openconnect
120 | 
121 |         # Connect based on your 2FA selection (see: $PUSH_OR_PIN for options)
122 |         # For anything else (non-duo) - you would provide your token (see: stoken)
123 |         echo -e "${VPN_PASSWORD}\n$(prompt_2fa_method ${PUSH_OR_PIN})\n" | sudo "$VPN_EXECUTABLE" --useragent=AnyConnect -u "$VPN_USERNAME" -i "$VPN_INTERFACE" "$VPN_HOST/$VPN_GROUP" &> /dev/null &
124 | 
125 |         # Wait for connection so menu item refreshes instantly
126 |         until eval "$VPN_CONNECTED"; do sleep 1; done
127 |         ;;
128 |     disconnect)
129 |         eval "$VPN_DISCONNECT_CMD"
130 |         # Wait for disconnection so menu item refreshes instantly
131 |         until [ -z "$(eval "$VPN_CONNECTED")" ]; do sleep 1; done
132 |         ;;
133 | esac
134 | 
135 | 
136 | if [ -n "$(eval "$VPN_CONNECTED")" ]; then
137 |     echo "VPN 🔒"
138 |     echo '---'
139 |     echo "Disconnect VPN | bash='$0' param1=disconnect terminal=false refresh=true"
140 |     exit
141 | else
142 |     echo "VPN ❌"
143 |     # Alternative icon -> but too similar to "connected"
144 |     #echo "VPN 🔓"
145 |     echo '---'
146 |     echo "Connect VPN | bash='$0' param1=connect terminal=false refresh=true"
147 |     # For debugging!
148 |     #echo "Connect VPN | bash='$0' param1=connect terminal=true refresh=true"
149 |     exit
150 | fi
151 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "{}"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright {yyyy} {name of copyright owner}
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------