Scripting Cisco AnyConnect through powershell

anyconnectThis is my first post on Powershell. Hopefully it won’t be too painful. Anyway, Campus recently mandated that we get away from the Cisco IPSec client, and move to the AnyConnect client. Problem is, the IPSec client was REALLY easy to put the username and password in the launch shortcut (just switches), and it’d connect. That doesn’t seem to be the case with the AnyConnect client, so I had to figure out how to do this in powershell. The script below (the fold) does this, and seems to work quite well. The reason for automating it is because we’re an almost 100% Mac shop, and there is a piece of “Banner” that is PC only. So we provide a Terminal Services/RDC Server that Mac users connect to, VPN fires up, and they’re able to connect to this package1.

I just dropped this script into C:\powershell\vpn.ps1, and then created a shortcut in the user account start menu, startup, and had the path be: “%windir%\system32\windowspowershell\v1.0\powershell.exe C:\powershell\vpn.ps1″2.

Good luck. And thanks to the forums here, and it’s users, for the base code that I modified to work with my environment.

Powershell Code

#This script is tested with "Cisco AnyConnect Secure Mobility Client version 3.1.05160"
#Please change following variables

#IP address or host name of cisco vpn
[string]$CiscoVPNHost = "VPNHOST"
[string]$Login = "USERNAME"
[string]$Password = "PASSWORD"
#Uncomment the line below if your VPN host is asking for you to agree to conditions
#[string]$agree = "y"

#Please check if file exists on following paths
[string]$vpncliAbsolutePath = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe'
[string]$vpnuiAbsolutePath  = 'C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe'

#****************************************************************************
#**** Please do not modify code below unless you know what you are doing ****
#****************************************************************************

Add-Type -AssemblyName System.Windows.Forms -ErrorAction Stop

#Set foreground window function
#This function is called in VPNConnect
Add-Type @'
  using System;
  using System.Runtime.InteropServices;
  public class Win {
     [DllImport("user32.dll")]
     [return: MarshalAs(UnmanagedType.Bool)]
     public static extern bool SetForegroundWindow(IntPtr hWnd);
  }
'@ -ErrorAction Stop

#quickly start VPN
#This function is called later in the code
Function VPNConnect()
{
    Start-Process -FilePath $vpncliAbsolutePath -ArgumentList "connect $CiscoVPNHost"
    $counter = 0; $h = 0;
    while($counter++ -lt 1000 -and $h -eq 0)
    {
        sleep -m 10
        $h = (Get-Process vpncli).MainWindowHandle
    }
    #if it takes more than 10 seconds then display message
    if($h -eq 0){echo "Could not start VPNUI it takes too long."}
    else{[void] [Win]::SetForegroundWindow($h)}
}

#Terminate all vpnui processes.
Get-Process | ForEach-Object {if($_.ProcessName.ToLower() -eq "vpnui")
{$Id = $_.Id; Stop-Process $Id; echo "Process vpnui with id: $Id was stopped"}}
#Terminate all vpncli processes.
Get-Process | ForEach-Object {if($_.ProcessName.ToLower() -eq "vpncli")
{$Id = $_.Id; Stop-Process $Id; echo "Process vpncli with id: $Id was stopped"}}

Uncomment lines 2 and 3 if you are on a single user system.
#Disconnect from VPN
#echo "Trying to terminate remaining vpn connections"
#start-Process -FilePath $vpncliAbsolutePath -ArgumentList 'disconnect' -wait

#Connect to VPN
echo "Connecting to VPN address '$CiscoVPNHost' as user '$Login'."
VPNConnect

#Write login and password
[System.Windows.Forms.SendKeys]::SendWait("$Login{Enter}")
[System.Windows.Forms.SendKeys]::SendWait("$Password{Enter}")
[System.Windows.Forms.SendKeys]::SendWait("$agree{Enter}")

#Start vpnui
start-Process -FilePath $vpnuiAbsolutePath
  1. Note, our VPN admin had to allow VPN connections from a Multiuser environment, and Remote Desktop Connection []
  2. this is windows server 2003, sadly []

Re:load Pro Monitor on Raspberry Pi

RLP Monitor Raspberry PiNow that I have the Raspberry Pi, and the Re:load Pro, I wanted some way to monitor things. Luckily, someone else did the work! While I have no problem running it on the Mac, that defeats my purpose of the Raspberry Pi. So, I grabbed the source, and worked on installing it on there.

Here’s the long and short of it.

You need to download and compile node.js from source. This will take a LONG friggin’ time, so go have dinner. Watch a movie. Something. For me, it took about 2 hours to compile. After that, you need to install optipng, and libjpeg-progs (sudo apt-get install optipng libjpeg-progs). Finally, you have to install node-serialport (sudo npm install serialport). After that, you can install rlpmon by cd’ing into the directory, and running “npm install” (basically, follow the directions on Dean’s github page for the software.

After that, you’re good to go. Enjoy!

Repair of Asus RT-N16

RT-N16 Rear (No Antennas)Late last night, my router went down. Checking it, I saw that the lights were all off. Huh. So, I unplugged and replugged it, and it came back up. Figuring it was a glitch, I went back to bed, and thought nothing of it. This morning, I found it was off again, and re-plugging it would do nothing. Crap.

So, I pulled it off the wall, and opened it up. Hey look, a bad capacitor. It’s labeled as a 680uF 16V cap, with a nice bulged top. After finding a replacement in my capacitor stash, I went about removing the old one… which was, a pain. Mainly because it’s on a huge ground plane, so heating the leads enough to get it removed was a challenge. Even my FR-300 desoldering gun took a bit of work to get things hot enough to melt. But, after about 5 minutes of working on it, I got the old one out, and the new one in. The new one is a bit taller, but it does fit12.

[Read more…]

  1. And yes, I’m okay with a 16V capacitor in this case since the power supply is 12V (meaning a 75% derating) and the whole thing lives in my garage which is never above 20C. Yes, I know it’s above the minimum 70% derating, but not by much, and I didn’t have a 25V that would fit. []
  2. Also note: Asus, at least on this board, paints their capacitor markings backward. Where normally the negative capacitor lead would go in the solid white marked hole, it is actually the positive as can be seen for all the other caps on the board. Why Asus does this, I have NO idea. []