bazbax (foobarbazbax) wrote,

The Cisco VPN UI sucks. I instead prefer to connect using a command line program. To connect on my Mac I do this:

sudo vpnup 123456

Where 123456 is your RSA SecureID.

First put this in /usr/local/bin/vpnup:


use strict;
use warnings;

use Expect;

my $secure_id = shift or die "Usage: $0 \n";
if ( $> != 0 ) {
die "You must run $0 as the root user\n";

# get the PIN from /etc/cisco_vpn_pin
open my $fh, '/etc/cisco_vpn_pin' or die $!;
<$fh> =~ /^(.*?):(.*)/;

my $username = $1;
my $password = $2 . $secure_id;

print "got username $username and PIN XXXX from /etc/cisco_vpn_pin\n";

# if you do not reload the kernel module after inserting the EVDO card you'll get this error:
# Could not attach to driver. Is kernel module loaded?
# because of this you need to run this command (as root)
print `/System/Library/StartupItems/CiscoVPN/CiscoVPN restart`;

# give it a sec...
sleep 1;

my $exp = Expect->spawn('vpnclient', 'connect', 'sunnyvale') or die "Cannot spawn vpnclient: $!\n";
$exp->expect( 5,
qr/Username \[\]:/ => sub { $exp->send("$username\n"); },

$exp->expect( 2,
qr/Passcode \[\]:/ => sub { $exp->send("$password\n"); },


Then add your username and PIN number to /etc/cisco_vpn_pin like this:


be sure to make that file owned by root and only root can read it:

$ chown root:root /etc/cisco_vpn_pin
$ chmod 400 /etc/cisco_vpn_pin

And that's it! Let me know if you find this useful.
Tags: tech vpn
  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.