Skip to content

ReadMe.md

Latest commit

 

History

History
148 lines (100 loc) · 3.54 KB

ReadMe.md

File metadata and controls

148 lines (100 loc) · 3.54 KB

HTWG VPN Connect Script (Linux)

This Bash script automates connecting to the HTWG Konstanz VPN (OpenVPN with MFA / OTP). It combines your password with a time-based one-time password (TOTP) generated by Python — all in a single command.

Disclaimer

The current version stores the password and user as env variable on the system. This is considered not safe. Use this script on one's own responsibility. Feel free to implement an own version with a secured password-manager.

Project Structure

vpn-connect/
├── connecttovpn.sh                 -> Main script (executes the VPN connection)
├── getotp.py              -> Python script that generates the OTP from your TOTP secret
└── vpn_log.txt            -> Log file for errors and debug output

Requirements

  • OTP secret The OTP secret is provided by the HTWG IT department via QR code. For this script, you need the string representation of the secret. You can extract it using tools like extract_otp_secrets.

  • OpenVPN

  • Linux system e.g. Ubuntu, Fedora, Arch, etc. (In theorie MacOs shall also work. This though has not been tested by me, since I have no MacOs instance)

  • Python 3.x with the pyotp package installed:

    To keep dependencies isolated, you can use a virtual environment:

    python3 -m venv .venv
source .venv/bin/activate

    Then install package pyotp

    pip install pyotp

  • Access to the configuration file HTWG-MFA-[current_semester]-STUD.ovpn (provided by HTWG → Link)

Environment Variables

The script uses three environment variables for your credentials and the OTP secret:

export VPN_USER="your.htwg.username"
export VPN_PASS="your_htwg_account_password"
export HTWG_TOTP_SECRET="SECRET_FROM_MFA_APP"

Tip: You can add these lines to your .env or ~/.bashrc file to have them loaded automatically on startup.

Usage

  1. Make the script executable:

    chmod +x connecttovpn.sh

  2. Run the script:

    ./connecttovpn.sh
    • If not run as root, it will automatically restart with sudo.
    • The OTP is generated by getotp.py.
    • The OpenVPN connection is established in the same step.

How It Works

  1. Checks for root privileges → if not, restarts with sudo.

  2. Resolves paths relative to the script directory (even when called via symlink).

  3. Generates the OTP using the Python script:

    python3 getotp.py $HTWG_TOTP_SECRET

  4. Combines the password and OTP, writes a temporary auth.txt file.

  5. Starts OpenVPN with:

    openvpn --config HTWG-MFA-SOSE25-STUD.ovpn --auth-user-pass <(echo -e "$VPN_USER\n$VPN_PASS$OTP")

  6. Logs any errors to vpn_log.txt.

Debugging

If something goes wrong:

cat vpn_log.txt

Common issues:

  • Incorrect HTWG_TOTP_SECRET
  • Missing pyotp installation
  • openvpn not found in PATH
  • Configuration file not found or in wrong directory

Example

export VPN_USER="mmuster"
export VPN_PASS="SuperSecure123"
export HTWG_TOTP_SECRET="JBSWY3DPEHPK3PXP"
./connecttovpn.sh

Optional: Create a Symlink

Create a symlink

Execute this command while being in this repo.

sudo ln -s $PWD/connecttovpn.sh /usr/local/bin/htwgvpn

This way, you can keep your script in its project folder but still run it globally:

htwgvpn