3

Currently I am using the following command for executing authentication request to obtain the server certificate (FINGERPRINT) and OpenConnect-Cookie:

openconnect --authenticate --user=<username> "VPN host"

Hereby I always have to enter my password in a later appearing user prompt.

Is there an option available to pass-over the password to OpenConnect already in the upper command?

For example, by extending the command like...

openconnect --authenticate --user=<username> password=<password> "VPN host"

... ?

The challenge is:

The user RuiFRibeiro had the idea just to echo the password within the command. Unfortunately this does not work in our case, because the server provides one more user prompt before reaching the second prompt (= password prompt).

It will happen like that:

  1. First user prompt: Server saying

    • "Please choose if you want to tunnel all traffic or only specific one.
    • "Type in Tunnel all or Tunnel company".

  2. Second user prompt: Server is saying

    • "Please enter your password."

As you can see, a simple echo would give the wrong answer to the wrong question. :-)

For a possible expect-script the real (exact) server request before inserting text is like followed:

  1. First prompt: GROUP: [tunnel MyCompany|tunnel all]:, answer-insertion should be tunnel MyCompany

  2. Second prompt: Password:, answer-insertion should be 123456789

Improve this question
2
  • @RuiFRibeiro: You mean executing the request with this command: echo password | openconnect --authenticate --user=<username> "VPN host"? Should I type in my real password or leave it as "password"? Commented Aug 26, 2018 at 13:23
  • added to the answer. Commented Aug 26, 2018 at 13:25

2 Answers 2

Reset to default
4

Usually, VPN software does not allow as input the password for a user, because it is considered a security risk.

A possible solution is feeding the password via a pipe as in:

echo -e "Tunnel all\nYourPassword" | openconnect --authenticate --user=<username> "VPN host"

If we are talking about you being interested in this method to write a script:

  • be sure to understand the security implications of having your password in a file, and restrict the read rights of that file only to the user running the openconnect command.

PS Replace YourPassword with your real password

Improve this answer
11
  • Thanks for your idea! Unfortunately there is one more user prompt before the mentioned prompt (the one where I have to insert the password). Because of this your command does not fit into this first user prompt, because during the first one the server only wants to know if I want to tunnel everything or just specific traffic. Unfortunately only in the next (= second) prompt the server will ask for the password. Commented Aug 26, 2018 at 13:28
  • If you are placing the user in the command line, what is the nature of the other prompt? double factor auth? Commented Aug 26, 2018 at 13:29
  • In the first prompt the server is asking if I want to tunnel all traffic over the VPN or just specific one. The user prompt where I have to insert my password is the second prompt... Commented Aug 26, 2018 at 13:32
  • I would that output/text/interaction to the question in the first place. Commented Aug 26, 2018 at 13:32
  • 1
    It is working now! I had to write the password with 'password' instead of "password"... Commented Aug 27, 2018 at 10:01
1

This works for me:

echo 'your password' > passwd.auth
sudo openconnect <SERVER IP> --user=USERNAME --servercert sha256:<SHA256> --passwd-on-stdin < passwd.auth
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.