By Manny Fernandez

April 7, 2020

Running Post VPN Login Script

I have been getting asked this question since this coronavirus thing started.  I decided I would address it with an article.  So the use case is:  You want to run a script after the user logs in.  This could be like mapping / mounting a share, running an application, etc.

I wrote an article about packaging the FortiClient.  You can follow the same process however there is another section you need to modify.

On Connect

Windows

Option I

<on_connect> 
   <script>
     <os>windows</os> 
       <script>
         <script> 
             <![CDATA[
                net use x: \\10.1.1.43\home /user:mfernandez 
                md c:\inbox
                copy x:\outbox\*.* c:\inbox
               ]]> 
             </script>
           </script> 
      </script>
</on_connect>

Option II

I updated this to show how you can run a batch file or script file.

<on_connect>
   <script>
     <os>windows</os>
       <script>
         <script>
             <![CDATA[
                 Script "C:\ournetwork\NETLOGON\manny.bat"
              ]]>
         </script>
       </script>
      </script>
</on_connect>

macOS X

In a macOS X environment,

<on_connect> 
   <script>
      <os>mac</os> 
      <script>
         /bin/mkdir /Volumes/Share1
         mount -F smbfs -o user=root,domain=monkey //server.myinfosec/tmp /Volumes/Sahre1 
      </script> 
    </script>
</on_connect>

 

On Disconnect

Windows

Similar to the On Connect (as above), we can also run scripts when you disconnect.

<on_disconnect> 
   <script>
      <os>windows</os> 
      <script>
        <script> 
          <![CDATA[
            net use x: /DELETE 
           ]]>
         </script> 
       </script>
    </script> 
</on_disconnect>

macOS X

<on_disconnect> 
    <script>
       <os>mac</os> 
       <script>
          /sbin/umount /Volumes/Share1
       </script>
     </script> 
</on_disconnect>
Hope this helps.
Thanks to Omar Ortiz and Matt Sherif for their input.

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story