This project allows Cisco Anyconnect and Traps/Cortex to run in a VM using Vagrant.
Please note: you need to stay logged in into the VM as long as you want to use the VPN. On logout the VPN connection is automatically disconnected!
Currently, all DNS traffic is sent through the VPN.
The usual steps you would take are the following:
- launch the VM, log in and stay logged in
- connect and disconnect the VPN as needed
- halt the VM
Steps:
- Obtain the AnyConnect linux installer program. Place in the file 'packages/anyconnect.tar.gz'
- Obtain the "Traps/Cortex" debian linux installer. Place in the file 'packages/cortex.deb' directory.
- The routes which forwarded through the VPN are currently hardcoded in
forward.sh
- Create a file
vpnconfig
which contains three lines:- VPN hostname
- number of VPN group
- username
- password
Example for vpnconfig
:
vpn.company.com
1
joe
joes-secret-password
$ cat ~/.bashrc | grep -i vpn
#VPN
VPNDIR="~/git/anyconnect-vagrant"
alias vpn-vm-up="$VPNDIR/vm-login.sh"
alias vpn-up="$VPNDIR/vpn-up.sh && $VPNDIR/vpn-poll-state.sh"
alias vpn-vm-suspend="$VPNDIR/vm-suspend.sh"
Then you can simply
vpn-vm-up
and in another shell
vpn-up
and when you're done
alias vpn-vm-suspend
./vm-login.sh
- creates and provisions the VM (only on the first run)
- starts the VM if not running
- log in
The following scripts are meant to be executed on the host, not on the guest VM. This is due to the fact that we have to change state locally (forwarding) and on the VM (VPN).
./vpn-up.sh
- establishes the VPN connection
- forwards traffic through the VPN (will ask for root password to do this)
If you get bash: /opt/cisco/anyconnect/bin/vpn: No such file or directory
when you first try this,
the VM was not properly provisioned. Either try /vagrant/install.sh
from within the VM, or just delete the VM
and start again.
./vpn-poll-state.sh
- shows status of
- VPN
- forwarding
This polls the state every 60 seconds and terminates sshuttle
(and thereby the DNS forwarding) if VPN connection is down.
If you get sshuttle is not running starting sshuttle
every time then try modifying the forward.sh
to replace the
--daemon
with an &
. On MacOS the daemon tag simply made sshuttle
exit silently on startup.
./vpn-state.sh
- shows status of
- VPN
- forwarding
./vpn-down.sh
- stop forwarding of the traffic
- disconnects from the VPN
./vm-suspend.sh
- stop forwarding of the traffic
- disconnects from the VPN
- suspend the VM
This is usually a bit faster than halting the VM, also during next start of the VM.
./vm-halt.sh
- stop forwarding of the traffic
- disconnects from the VPN
- halts the VM
If things go wrong try this:
This script has to be executed on the VM itself. Therefore:
./vm-login.sh
: log in into the VM/vagrant/connect.sh up
This establishes the VPN connection. But no traffic is forwarded yet to the VPN.
This script has to be executed locally on the host.
./forward.sh
Forward traffic from the host to the VPN.
The VM is created and configured via Vagrant. Download it here: Downloads | Vagrant by HashiCorp
The VM runs in VirtualBox. Download it here:
Ubuntu: you need to compile your own up-to-date version of sshuttle and specify the path to that binary
in forward.sh
sshuttle requires Python >= 3.5
This project is for informational use only. Do not use it to bypass your company procedures or security policies. Use at your own risk. I can offer no support for this project.