If you use Cisco's VPN solution, AnyConnect, to connect to VPN into your corporate network, you know how the process goes:
- Pick the VPN server you want to connect to
- Wait for the username and password promot
- Enter your credentials
Then, if your company uses MFA (Multi Factor Authentication) to strengthen the authentication process - like Cisco Duo, this happens:
- Wait for the MFA prompt to open
- Confirm the notification you received on your phone from the MFA app
- Wait for the VPN connection to start
- Accept the Banner information that might be presented to you by Cisco AnyConnect VPN
These steps alone can waste up to 10 minutes of your time, in case of a non-optimal internet connection.
Now consider your credentials, in particular your password. If you are a security-concious person, or your company set a strong password policy, you might find yourself having to type something like 6k^lW7$ZDsdlQL&B every time you want to connect to the VPN, which might happen a few times during the day.
The whole process is prone to erros and waste of time. So what can you do?
Security should not come at the price of ease of use, and the same should be true the other way around. The simpler something is to use, the more secure it is.
This automation script is built on top of these concepts. The repository contains the source code of the script that will automate the connection and authentication process of Cisco AnyConnect VPN with Duo.
The script automatically fetches, securely from the KeyChain, the correct credentials and setup the VPN connection. If Duo is used as MFA, a notification will be sent to your device. Once you confirm the notification the connection will be completed and up and running.
These are the requirements necessary:
- macOS version 10.7 or higher
- Cisco AnyConnect must have Start VPN when AnyConnect is started enabled (see below)
- Users are presented with the following login prompt after selecting the VPN connection
# How to use it? You have two options:
- Turn it into an application
- Keep it as a script
Let's start with the first option: TURN IT INTO AN APPLICATION
- Open the script source code file
anyconnect.scptwith Script Editor (which is the default program used). - On the top menu, select
File, thenExport...
- In the pop-up window, make sure to select
ApplicationforFile Format:, andSign to Run LocallyforCode Sign:
- (BONUS) You want to use a different icon from the stock one? Follow the steps below to extract the icon from another app and use it:
Once you have your application compiled and ready:
- Open
Security & Privacy System Preferences, go toPrivacy, thenAccessibility. - Enable the application you just created to access Accessibility
- (BONUS) Add the application to
/Users/[yourhostname]/Applicationsand then to the Dock - Run the application again to close the connection
Now for the second option: KEEP IT AS A SCRIPT
- Open the script source code file
anyconnect.scptwith Script Editor (which is the default program used). - On the top menu, select
Script Editor, then clickPreferences - In the pop-up window, make sure to select
Show Script menu in menu barforScript Menu:
- Save the script in your user's Scripts folder (
/Users/[yourhostname]/Library/Scripts)
Once you have saved the script inside your user's script folder:
- Open
Security & Privacy System Preferences, go toPrivacy, thenAccessibility. - Enable
Script Menu - (OPTIONAL) Enable
Script Editor. This is required if you want to run the script from the Script Editor.
- Select the scroll looking icon in the top menu and click on the script you saved.
- macOS Big Sur: If you recently updated to macOS Big Sur, and you haven't done so yet, you might need to reset the SMC. Here is a link on how to do that.
If you are a Cisco employee, you can simply update the code as follows:
- update line
42to:set inString to "blizzard" - use your Cisco email as the username. If your corporate email is
mrossi@cisco.com, then simply update line43to:set username to "mrossi@cisco.com"