AnyConnect login script (Possible)

Unanswered Question
Jul 22nd, 2011

Hopefully this does not confuse anyone, if so don't be afraid to ask more questions as I over detail which gets me confused sometimes.

I am not sure if anyone else has figured this out, but a lot of the people I have been talking with keep bring up an article that says

Q. Can you run a logon script after AnyConnect establishes a VPN connection? Rather than running Start Before Logon (SBL), which must be run every time I start the computer (whether or not I want to VPN), I would like to be able to process a logon script only when connecting to the corporate network.

A. Aside from using SBL for this, AnyConnect does not have the ability to run a logon script after connection.

(This confuses the hell out of me because no one can explain it, then I show them my script and they also become confused).  (To me this  states I can not use a script after I have logged into the VPN, which is also false. [In my eyes it actually states I can not have anyone log into the VPN and then have my corporate server send a script out to their PC]).

 

I have not found anyone else with a workable script, but they must exist.  I have created a script that logs me into the Cisco VPN.  It's not the best script in the world, which is why I am posting it on here to maybe get some tweaks and also help out the others who Cisco has told them that a Login script is not possible.  This works with 2.5 anyconnect on a Windows XP machine,  but I am still not complete or fluent enough to finish this quickly.  My windows 7 machine has the FIPS stuck on so I can't log into any VPN that does not use FIPS for testing (I don't know how to get rid of this setting as uninstalling cisco anyconnect did not work, but I am upgrading from 7Pro to 7Enterprise in next few days).

vpncli.exe = Command line interface

vpnui.exe = user interface (seems most people attempt to use which I have found no way to enter data into the boxes which should have been easy as last user is filled in because of a xml file somewhere).  The guide mentions this xml is located in the same folder, but on mine it is missing a lot of the config files, but this is not my anyconnect client so they might have disabled a lot of features.

My main issue is that my script will not read anything back to verify my connection to complete to have it run the rest of the script.  It does finish the VPN connection, which then I have to open up the vpnui.exe to disconnect since I don't have an auto disconnect in my script yet as that happens after the missing functions.

I am removing my details from the script, so its very generic and you can fill in your own information into my Variables to see this works for any network.  (If your like me I would suggest making your variable list in another document for security and easy sharing scripts).

dim wshshell, oExec
dim strVPNPath, strVPNProfile, strVPNUser, strVPNPassword

//VPNProfile = Network ID (IP/webdomain)

//VPNUser = Username

//VPNPassword = Password

Set wshshell = CreateObject("WScript.shell")

// Pulls an encrypted file here that loads my VPN, username, and password info into the variables. (VPNPath is no longer used as it called upon the old cisco vpn location on my pc)

If ConnectVPN() = True

Then

// more functions here, but the rest is already working and only the ConnectVPN function needs tweaking.

Function ConnectVPN()
      boolReturn = False

     

    //  Calls up a command line to run the vnpcli command line which then passes "connect VPNProfile" (this is missing parameters

     //  that will pull this screen to the front and set the screen size [sendkeys will error out if its not the front main screen])

     wshshell.run("""C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpncli.exe""" & "connect "& strVPNProfile)

     //  Sleeps while the beginning connection establishes (@ 20-30 was fine, but skipped some sendkeys when a slow connection happens).

      wscript.sleep 200

     //  Basic sendkeys which enters the username and passwords

      wshshell.sendkeys (strVPNUser)
      wshshell.sendkeys "~"
      wshshell.sendkeys (strVPNPassword)
      wshshell.sendkeys "~"
      wshshell.sendkeys ("y")
      wshshell.sendkeys "~"

     // Its fully connected to the VPN after the basic security is checked and established.

     //  This is currently what I am working on (This has no place within the script yet, as there is no Oexec variable set)  if you look back up to where the vpncli.exe was called I will have this created as

     // set Oexec = wshshell.exec(C:\Program Files\cisco\Cisco Anyconnect VPN Client\vpncli.exe)[1]
      If Oexec.StdIN.AtEndOfStream = ("Session established to " strVPNProfile)

          Then

             boolReturn = True

      ConnectVPN = boolReturn
      Set Oexec = Nothing
 

End Function

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Discussion

Posted July 22, 2011 at 8:31 AM
Stats:
Replies:0 Avg. Rating:
Views:4558 Votes:0
Shares:0
Categories: AnyConnect
+

Related Content

Discussions Leaderboard