A wrapper for connecting to WiscVPN using OpenConnect. Supports MFA (Duo Push) and split tunneling.
The default recommendation is to use the GlobalProtect Client, however the proprietary client does not support the use of split tunnels.
Based on a script shared by @ERIC.SCHOVILLE.
- openconnect v8.00 or later
- vpn-slice (optional, used for split tunneling)
Copy config.sample somewhere and fill in the blanks.
If a config file path is not specified on the command line, the script will look for configuration in $XDG_CONFIG_HOME/vpn/config, falling back to $HOME/.config/vpn/config if $XDG_CONFIG_HOME is not set.
Know and love the XDG Base Directory Specification if interested.
vpn [--split [args]] [config_file_path]
The script assumes you're using a Duo Push for MFA rather than a Duo passcode and will pause while waiting for the push to be accepted.
By default all outbound network traffic will traverse the VPN. To only send traffic bound
for well-known UW Madison Campus IP address ranges,
use --split (see the script for which IPs are included).
If you want split VPN but do not want vpn-split to attempt to write entries into /etc/hosts (e.g. on a system like NixOS where that file is immutable), add the --no-host-names and --no-dns-hosts arguments as well.
To use a static VPN IP address, you'll first need to reserve one. See the KB for details.