This software allows you to connect to an F5 Networks VPN server (BIG-IP APM) without using their proprietary VPN client.
It is not supported or affiliated with F5 in any way. I actually find it rather sad the client they provide is so terribly poor that I had to write this in order to get reliable access to my company's VPN.
This software does not require any software from F5 to be installed on the client. The only requirement is Python 3. It works on at least Linux and MacOS systems, but porting to any similar OS should be trivial. Porting to Windows, on the other hand, is probably not reasonably possible.
The primary feature this fork adds over upstream is support for two-factor authentication.
This Repo is it WFM (Works For Me) mode. Thus, if you have an issue you will probably be on your own. If you can fix your issue yourself, feel free to create a pull request and I will look at it.
As an alternative there's also gof5, which however has no comfort login yet.
The script requires ppp. If you are on Linux, install it using your package manager. If you are on MacOS, you already have it.
The script also requires netstat, which is generally packaged as net-tools.
If your organization does not use 2FA and you are able to log in with just your username and password:
sudo ./f5vpn-login.py user@hostsudo ./f5vpn-login.py --sessionid=0123456789abcdef0123456789abcdef your.fully.qualified.hostnameYou can find the session ID by going to the VPN host in a web browser, logging in, and running this JavaScript in Developer Tools:
document.cookie.match(/MRHSession=(.*?); /)[1]Or, if you have Greasemonkey (FF-Only) or Violentmonkey(Most browsers) installed, click here to install a script to automatically copy the session ID to your clipboard on login.
Finally, to complete the circuit of laziness, write yourself a shell function to read the session ID from the clipboard and pass it to the script:
function vpnlogin {
sessionid=$(xclip -o -selection clipboard)
echo "Session ID from clipboard: $sessionid"
sudo /path/to/f5vpn-login/f5vpn-login.py --sessionid $sessionid your.fully.qualified.hostname
}NOTE: The above is for Linux; on MacOS, use
pbpasteinstead ofxclip
Prerequisites:
- A User-Script plugin for your browser. The script is tests using Firefox. Others will probably work, too, but are not tested.
- Greasemonkey: FF-Only, but tested)
- Violentmonkey: Most browsers
- gnome-terminal: You can use every other terminal, too, but need to adjust the
urlwrapper.sh. - kdocker: Again, you can adjust the
urlwrapper.shto your needs.
Install the alternative Userscript to replace F5's onclick-handler with a link to a custom protocol.
If you are using Firefox go to about:config and add network.protocol-handler.expose.f5vpn as Boolean set to false.
(Please feel free to update this readme and create a pull request for other browsers or solutions.)
Now open the login-page and click on the VPN.
You will be asked for a program to open the link.
Choose the urlwrapper.sh.
Now a terminal window should pop up, requesting your password to run sudo.
-
By default, the script will change your DNS servers to the ones provided by the VPN server. Skip this step by by passing the
--skip-dnsoption. -
By default, once connected, the script will route all traffic through the newly-created VPN network interface. Skip this step by passing the
--skip-routesoption (your VPN connection will be useless if this option is used, so only use it if you plan to set up the routing table yourself).
user@host is saved for future invocations, so doesn't need to be specified on future invocations.
Use CTRL-C to exit.
The application will save "user@host" and last session ID in ~/.f5vpn-login.conf. In case of problems or for reset the session data simply remove that file.