Pritunl is an Enterprise Distributed OpenVPN server.
In order to run its client on macOS, an .app
is provided. However, using it to
log in every day is quite tedious.
Let’s automate it so that we can connect to the VPN with a single command.
In order to fetch the credentials in this example in a secure manner, we’ll be
using 1password. pass
would have worked just
as fine.
First, configure Pritunl via its app UI, creating a profile for your corp credentials.
Then figure out what the profile ID you just created is:
profile_id=$(/Applications/Pritunl.app/Contents/Resources/pritunl-client list --json | jq -r '.[0].id')
Now, create an entry in 1Password for your Pritunl credentials associated with the profile above.
Let’s use the op
official CLI tool from 1Password to fetch the password and
the OTP (one-time password) for the “Pritunl (VPN)” entry (change it
accordingly).
op_id="$(op item get 'Pritunl (VPN)' --format json | jq -r '.id')"
password="$(op read "op://private/$op_id/password")"
otp="$(op item get "$op_id" --totp)"
Now we can use the pritunl-client
to log in programmatically:
pritunl-client start "$profile_id" --password "$password$otp"
Then verify it has indeed connected:
pritunl-client list
The trick is that it accepts the concatenation of the password with the OTP as
the password. There’s not a separate --otp
flag.
Putting everything together, we can create a function for our favorite shell:
# Log into corp VPN
pritunl_login() {
local profile_id=$(/Applications/Pritunl.app/Contents/Resources/pritunl-client list --json | jq -r '.[0].id')
local op_id="$(op item get 'Pritunl (VPN)' --format json | jq -r '.id')"
local password="$(op read "op://private/$op_id/password")"
local otp="$(op item get "$op_id" --totp)"
pritunl-client start "$profile_id" --password "$password$otp"
pritunl-client list
}