Skip to content

Connect to a F5 BIG-IP APM VPN server using the FastPPP protocol without any graphical frontend

License

Notifications You must be signed in to change notification settings

evenbrenden/svpn-login

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

F5 SSLVPN Command-line client

This project allows you to connect to an F5 Networks VPN server (BIG-IP APM) using the proprietary FastPPP protocol but without any graphical frontend.

Setup

Acquire svpn

The script requires svpn, which is a component of the BIG-IP Edge Client. If you already have the BIG-IP Edge Client installed, then you already have svpn.

Otherwise, if you are on macOS, you can get it by going to https://[your-VPN-server]/ in a web browser, clicking on "Edge Client - macOS", unzipping the file you downloaded, and running the installer that you unzipped.

If you are on Linux, choose one of the following options depending on which distro you run.

Distro Option
Ubuntu or Debian https://[your-VPN-server]/public/download/linux_f5vpn.x86_64.deb
CentOS/Red Hat https://[your-VPN-server]/public/download/linux_f5vpn.x86_64.rpm
Arch Linux Install the f5vpnAUR package
NixOS Same as Ubuntu/Debian (put the Debian package in the repo root)

Acquire svpn-login

$ git clone https://github.com/zrhoffman/svpn-login.git
$ cd svpn-login

Basic Usage (supports two-factor authentication):

(Note that on NixOS, svpn needs to be run as root, but NixOS does not support setuid, so svpn-login needs to be run as root.)

./svpn-login.py --sessionid=0123456789abcdef0123456789abcdef [hostname]

You can find the session ID by going to the VPN host in a web browser, logging in, and running this JavaScript in Developer Tools:

document.cookie.match(/MRHSession=(.*?); /)[1]

If your organization does not use 2FA and you are able to log in with just your username and password:

./svpn-login.py [user@host]

DNS and Routing

  • By default, the script will change your DNS servers to the ones provided by the VPN server. Skip this step by by passing the --skip-dns option.

  • By default, once connected, the script will route all traffic through the newly-created VPN network interface. Skip this step by passing the --skip-routes option (your VPN connection will be useless if this option is used, so only use it if you plan to set up the routing table yourself).

Other Info

[user@host] is saved for future invocations, so doesn't need to be specified on future invocations.

Use CTRL-C to exit.

The application will save [user@host] and last session ID in ~/.svpn-login.conf. If no user was given, [host] will still be saved. In case of problems or for reset the session data simply remove that file.

About

Connect to a F5 BIG-IP APM VPN server using the FastPPP protocol without any graphical frontend

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 96.0%
  • Nix 4.0%