Cisco VPN connection automation


The Cisco VPN client software provides a GUI based tool to setup and connect to a vpn network using various connection methodologies. Connection configurations to a particular network can be stored as a profile.

My team needed to do vpn connect and disconnect quite a few times during the day. The operation involved multiple monotonous clicks to connect or disconnect. So it called for one click automated process.

Similarly we had Continuous Integration server that needed to connect over vpn to get code from source control management system. The server could not be put on a permanent vpn connection as doing so made the server inaccessible to local network. The server should be available on local network most of the time but can connect to vpn for a brief period of time during a job execution to checkout code. This needed a silent and automated way of connection and disconnection from vpn.

Thankfully the vpn client software does provide a command line interface though the accompanying documentation leaves lot to be desired. So a bit of playing around was needed to get it working.

Here are the windows scripts that can be used to automate the connect/disconnect task. I am using Cisco VPN client version 5.0.x.

vpn-connect.bat
@echo off
rem
rem Try connecting to vpn using command line silently, ie without any prompt whatsoever.
rem
set user_id=yourUserId
set pwd=yourPassword
set install_dir="C:\Program Files (x86)\Cisco Systems\VPN Client"
set profile_name=yourProfileNameWithoutFileExtension
rem
%install_dir%\vpnclient.exe connect %profile_name% user %user_id% pwd %pwd% nocertpwd stdin < vpn-input.txt
rem
rem Cisco vpn client returns 200 on successful connection.
if %errorlevel% neq 200 goto failed
echo Connected to vpn. :)
set EXITCODE=0
goto end
rem
:failed
echo Failed to connect to vpn with error code = %errorlevel%.
set EXITCODE=1
goto end
rem
:end
exit /B %EXITCODE%
@echo on

vpn-input.txt
y

vpn-disconnect.bat
@echo off
rem
rem Kill the VPNGUI program if it is running; so you dont get any pop up dialog.
taskkill /F /IM vpngui.exe
rem
rem Try disconnecting vpn using command line silently, ie without any prompt whatsoever.
rem
set install_dir="C:\Program Files (x86)\Cisco Systems\VPN Client"
rem
%install_dir%\vpnclient.exe disconnect
rem
rem Cisco vpn client returns 201 on successful disconnection.
if %errorlevel% neq 201 goto failed
echo Disconnected from vpn. :)
set EXITCODE=0
goto end
rem
:failed
echo Failed to disconnect to vpn with error code = %errorlevel%.
set EXITCODE=1
goto end
rem
:end
exit /B %EXITCODE%
@echo on

The functions of the files are self explanatory. But still to be foolproof,
vpn-connect.bat – connects to the vpn
vpn-disconnect.bat – disconnects from vpn
vpn-input.txt – used by vpn-connect.bat to silent the warning pop up (if any) thrown during connection operation

To make the scripts work, one would need to create a connection profile using the vpnclient user interface, copy the files into a folder and then change the following,

In vpn-connect.bat,

  • Put the vpn connection user id in ‘user_id’ variable.
  • Put the vpn connection password in ‘pwd’ variable.
  • Put the path to vpn client installation directory in ‘install_dir’ variable.
  • Put the connection profile you created using the vpn client in ‘profile_name’ variable.

In vpn-disconnect.bat,

  • Put the path to vpn client installation directory in ‘install_dir’ variable.

In vpn-input.txt,

  • No change needed.

You can change the error codes to values that suits your automation environment. I have explicitely set the values to either 0 or 1 as the scripts are used by Jenkins (on the Continuous Integration server) and it fails the build if the batch execution returns a non-zero error level. The vpn client returns 200 on successful connection.

Once these setup are done you can just double click on vpn-connect.bat to get connected to vpn and do the same on vpn-disconnect.bat for disconnection; as simple as that. Enjoy.đŸ™‚

One comment

  1. Thank you for your very helpful post; I’m only experiencing a little trouble: after launching the vpn-connect.bat file, the Cisco authentication windows pops up, asking me to click OK in order to proceed, making then necessary human participation.
    May you help me to handle this?
    Thank you!
    Peter

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s