OpenConnect VPN with Multifactor Authentication shell alias

OpenConnect is a VPN client that can replace Cisco Anyconnect on multiple platforms, it is useful as it allows to run multiple concurrent VPN whereas Cisco Anyconnect cannot.

In order to make its day-to-day usage more straightforward you may want to configure a shell alias to run the full command and input your password, this will also allow you to ask for the second password that can be used with multifactor authentication systems, such as Duo Mobile.


Below are the steps to get it working on macOS with Z shell.

1- Install OpenConnect via Homebrew

brew install openconnect

2- Add it to the sudoers with NOPASSWD privileges

sudo nano /etc/sudoers

Add the following line:

%admin ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect

3- Customize the following alias to your needs and add it to ~/.zshrc – if you are using bash the read command will need some adjustments

alias my-vpn='(read -s \?"VPN Password: " Y; read \?"MFA code: " X; printf "$Y\n$X") | sudo openconnect --user=USERNAME --passwd-on-stdin --authgroup=YOUR_GROUP VPN_URL'

4- You should be able to connect using the alias my-vpn!

Source: OpenConnect on Mac OS X

Leave a Reply

Your email address will not be published. Required fields are marked *