For reasons we all know, I couldn’t access the external internet recently, so I used the company VPN — but connecting was time‑consuming with many steps. I looked for a better way.
An internal email helped a lot. I tested it successfully, so I’m summarizing it here.
The tedious manual flow
- Start Cisco AnyConnect Secure Mobility Client
- Enter account and password
- Choose SMS verification
- Check the SMS code on your phone
- Enter the code in the client
- Click confirm
How to automate it
Install oath-toolkit
$ brew install oath-toolkitWrite a shell script
Call it
vpn.shfor example.#!/bin/bash killall 'Cisco AnyConnect Secure Mobility Client' 2>/dev/ null /opt/cisco/anyconnect/bin/vpn disconnect >/dev/null code=`oathtool --totp -b **secret_key**` /opt/cisco/anyconnect/bin/vpn -s connect $1.company.vpn.com << EOF | sed 's/Password: .*/Password: ********/g' **username** **password** **second_authentication_method_index** $code EOF open -g '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app'
3. Fill in variables
- `secret_key`: your VPN TOTP secret. For Okta Verify: change password → Extra Verification → Okta Verify Mobile App → Setup → Next → Problems scanning barcode → copy the Secret Key.
- `username`: VPN username
- `password`: VPN password
- `second_authentication_method_index`: the index for the selected second‑factor method; if using the secret key TOTP, provide its index.
At this point, the most painful SMS verification code can be replaced by the secret key.
4. Make the script executable
```bash
chmod +x vpn.sh
```
5. Run the script
```bash
./vpn.sh bj
```
Here, the `bj` variable exists because our VPN has multiple node regions. The script uses `$1.company.vpn.com`. If you do not need it, remove the variable.
The script will automatically start the Cisco client and connect. This removes the tedious manual steps and saves at least 2 minutes each time. It also kills other client processes at startup, and re-running the script while the client is running is fine.
## Nice to have
Automation helps, but opening Terminal each time isn’t elegant. Create an Alfred workflow so typing “vpn” runs the script automatically.
## Final Thoughts
Repetitive steps are manual labor. Use tools to eliminate toil.
