zrhoffman / svpn-login Goto Github PK

Connect to a F5 BIG-IP APM VPN server using the FastPPP protocol without any graphical frontend

License: GNU General Public License v3.0

Python 100.00%

svpn-login's Introduction

F5 SSLVPN Command-line client

This project allows you to connect to an F5 Networks VPN server (BIG-IP APM) using the proprietary FastPPP protocol but without any graphical frontend.

Setup

Acquire svpn

The script requires svpn, which is a component of the BIG-IP Edge Client. If you already have the BIG-IP Edge Client installed, then you already have svpn.

Otherwise, if you are on macOS, you can get it by going to https://[your-VPN-server]/ in a web browser, clicking on "Edge Client - macOS", unzipping the file you downloaded, and running the installer that you unzipped.

If you are on Linux, choose one of the following options depending on which distro you run.

Distro	Option
Ubuntu or Debian	https://[your-VPN-server]/public/download/linux_f5vpn.x86_64.deb
CentOS/Red Hat	https://[your-VPN-server]/public/download/linux_f5vpn.x86_64.rpm
Arch Linux	Install the f5vpn^AUR package

Acquire svpn-login

$ git clone https://github.com/zrhoffman/svpn-login.git
$ cd svpn-login

Basic Usage (supports two-factor authentication):

./svpn-login.py --sessionid=0123456789abcdef0123456789abcdef [hostname]

You can find the session ID by going to the VPN host in a web browser, logging in, and running this JavaScript in Developer Tools:

document.cookie.match(/MRHSession=(.*?); /)[1]

If your organization does not use 2FA and you are able to log in with just your username and password:

./svpn-login.py [user@host]

DNS and Routing

By default, the script will change your DNS servers to the ones provided by the VPN server. Skip this step by by passing the --skip-dns option.
By default, once connected, the script will route all traffic through the newly-created VPN network interface. Skip this step by passing the --skip-routes option (your VPN connection will be useless if this option is used, so only use it if you plan to set up the routing table yourself).

Other Info

[user@host] is saved for future invocations, so doesn't need to be specified on future invocations.

Use CTRL-C to exit.

The application will save [user@host] and last session ID in ~/.svpn-login.conf. If no user was given, [host] will still be saved. In case of problems or for reset the session data simply remove that file.

svpn-login's People

Contributors

Stargazers

Watchers

Forkers

marco-parillo evenbrenden nicksonyap sgaggerj d3-x-t3r ddragonyl rwahyudi fieldmar

svpn-login's Issues

Old session no longer valid, dynamic MRHSession?

Trying to provide sessionid as my organization uses 2FA. As suggested in the configuration instructions I found the cached MRHSession string after logging into the VPN server via browser and then used it for login via svpn. This is the output:

Getting params...
Old session no longer valid.
Unable to find the 'Network Access' entry in main menu. Do you have VPN access?

I went back to the VPN server url in my explorer and checked the sessionid again and it was different. It seems that I am assigned a different one every time I log in. Is this normal?

Support f5-vpn:// URIs

Hi, until now I'm using the Arch AUR f5vpn client, and my workflow was navigating to our companies F5 website (F5-DOMAIN), authenticating, and then the browser opens a URI like

f5-vpn://F5-DOMAIN?server=F5-DOMAIN&resourcename=/DEPARTMENT/DESCRIPTION&resourcetype=network_access&cmd=launch&protocol=https&port=443&sid=nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn&token=TOKEN

Using ~/.local/share/applications/defaults.list and ~/.local/share/applications/com.f5.f5vpn.desktop I have full control over what to do with this URL and could parse it and start any script/application that supports these parameters.

Is this workflow compatible with svpn-login ? If now, could it get implemented ?

setup_dns is never called

I was trying to patch svpn-login to include support for systemd-resolved, but realized that it actually no longer actually calls the platform-specific DNS setup code since 2203bc2. Is this by design? This script seems to be my best bet on getting the VPN connection working with proper DNS configuration since upgrading to Fedora 33.

SVPN logs

I'm trying to run your script in docker, but svpn doesn't write correctly in /etc/resolv.conf after connecting.

If I run it outside the container, it works perfectly.

Do you know a way for svpn to generate some kind of log?

Thanks for the script, it is helping a lot.

a beginner question, what does user@host mean?

do I fill it with [email protected] and why does radius password and lan password mean? why there's two password?

"Select VPN connection:" prompt infinity waiting

My https://enter.tui.nl/vdesk/vpn/index.php3 returns no favorites but your code expected at least one item. Could you solve this issue?
Here is respond of my vpn provider:

This XML file does not appear to have any style information associated with it. The document tree is shown below. <favorites type="VPN" limited="YES"> </favorites>