This is my first post on Powershell. Hopefully it won’t be too painful. Anyway, Campus recently mandated that we get away from the Cisco IPSec client, and move to the AnyConnect client. Problem is, the IPSec client was REALLY easy to put the username and password in the launch shortcut (just switches), and it’d connect. That doesn’t seem to be the case with the AnyConnect client, so I had to figure out how to do this in powershell. The script below (the fold) does this, and seems to work quite well. The reason for automating it is because we’re an almost 100% Mac shop, and there is a piece of “Banner” that is PC only. So we provide a Terminal Services/RDC Server that Mac users connect to, VPN fires up, and they’re able to connect to this package ((Note, our VPN admin had to allow VPN connections from a Multiuser environment, and Remote Desktop Connection)).
I just dropped this script into C:\powershell\vpn.ps1, and then created a shortcut in the user account start menu, startup, and had the path be: “%windir%\system32\windowspowershell\v1.0\powershell.exe C:\powershell\vpn.ps1” ((this is windows server 2003, sadly)).
Good luck. And thanks to the forums here, and it’s users, for the base code that I modified to work with my environment.
#Please change following variables
#IP address or host name of cisco vpn
[string]$CiscoVPNHost = “vpn.example.com”
[string]$Login = “username”
[string]$Password = “password”
[string]$agree = “y”
#Please check if file exists on following paths
[string]$vpncliAbsolutePath = ‘C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe’
[string]$vpnuiAbsolutePath = ‘C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe’
#****************************************************************************
#**** Please do not modify code below unless you know what you are doing ****
#****************************************************************************
Add-Type -AssemblyName System.Windows.Forms -ErrorAction Stop
#Set foreground window function
#This function is called in VPNConnect
Add-Type @’
using System;
using System.Runtime.InteropServices;
public class Win {
[DllImport(“user32.dll”)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetForegroundWindow(IntPtr hWnd);
}
‘@ -ErrorAction Stop
#quickly start VPN
#This function is called later in the code
Function VPNConnect()
{
Start-Process -FilePath $vpncliAbsolutePath -ArgumentList “connect $CiscoVPNHost”
$counter = 0; $h = 0;
while($counter++ -lt 1000 -and $h -eq 0)
{
sleep -m 10
$h = (Get-Process vpncli).MainWindowHandle
}
#if it takes more than 10 seconds then display message
if($h -eq 0){echo “Could not start VPNUI it takes too long.”}
else{[void] [Win]::SetForegroundWindow($h)}
}
#Check if VPN is running, but disconnected, and if so, kill the process so we can reconnect.
if ((“$vpncliAbsolutePath state”) -like “*Disconnected*”) {
#Terminate all vpnui processes.
Get-Process | ForEach-Object {if($_.ProcessName.ToLower() -eq “vpnui”)
{$Id = $_.Id; Stop-Process $Id; echo “Process vpnui with id: $Id was stopped”}}
#Terminate all vpncli processes.
Get-Process | ForEach-Object {if($_.ProcessName.ToLower() -eq “vpncli”)
{$Id = $_.Id; Stop-Process $Id; echo “Process vpncli with id: $Id was stopped”}}
}
#Connect to VPN
echo “Connecting to VPN address ‘$CiscoVPNHost’ as user ‘$Login’.”
VPNConnect
#Write login and password
[System.Windows.Forms.SendKeys]::SendWait(“$Login{Enter}”)
[System.Windows.Forms.SendKeys]::SendWait(“$Password{Enter}”)
[System.Windows.Forms.SendKeys]::SendWait(“$agree{Enter}”)
#Start vpnui
start-Process -FilePath $vpnuiAbsolutePath