HEL/hei-vpn-for-linux
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
Python script to use the HEI VPN on Linux. This is an alternative to the Pulse Secure client which no longer works because of 2FA
6 Commits 1 Branch 0 Tags 42 KiB
Python 100%
093b386515
Go to file
LordBaryhobal 093b386515 added credits
2024-03-18 20:42:45 +01:00
config.json initial commit 2024-03-18 17:25:18 +01:00
main.py added credits 2024-03-18 20:42:45 +01:00
README.md added credits 2024-03-18 20:42:45 +01:00
requirements.txt added requirements.txt 2024-03-18 20:27:43 +01:00

README.md

hei-vpn-for-linux

This is a Python script which allows you to continue to use the HEI VPN on Linux.

Table of contents

Requirements

  • Python 3+ with the following modules:

    • psutil: to access PIDs in the workaround for Firefox profiles trickery
    • requests: to check whether the user is already in the HEI network (using its public IP)
    • selenium: to control Firefox

  • Firefox

  • Geckodriver

Usage

To use the script, simply run it with the default python interpreter like so:

python3 main.py

What is the problem with Pulse Secure or Juniper Secure Connect ?

Since 2FA has become mandatory to connect to the VPN, standard VPN clients fail to parse the login forms correctly.

How does this script work ?

The script uses Selenium, a Python module capable of controlling a headless web browser, to load the gateway webpage. When redirected to the login form, the user is prompted to enter their credentials, which are then saved in a Firefox profile. The next time it is used, the connection is made automatically.

Then, the session id cookie is extracted and passed to a commandline VPN client (openconnect).

Why is it asking me for sudo privileges ?

There are two points for which sudo is required. The first and most obvious is to enable the VPN, since your network interfaces are being modified. The second one is due to how Firefox profiles work when installed as a snap package. In fact, when launching Firefox with a given profile, a copy of said profile is made in a temporary directory. However, when Firefox is a snap, this temporary directory is isolated from the rest of the system, and sudo permissions are needed to copy the profile back to a persistent directory.

If you don't trust me, I encourage you to take a look at the source code and see by yourself that nothing suspicious is done.

Contributions

I made this mainly for myself but thought I would share it in the hope it could help at least one other person. Feel free to make suggestions, create issues and/or pull requests.

Credits

Thanks to sh4dowb for the workaround used to save Firefox profiles even when using Selenium (gist)

Thanks to artfulrobot for their class allowing to "OR" multiple expected conditions (StackOverflow answer)