I use an expect script to log in to my office VPN. I've been using this script for quite some time now, and it's worked perfectly. Up until this past week, I've been using Fedora Core 4, and over the weekend I upgraded to Fedora Core 6, and now my script doesn't work. In particular the forking seems to cause the script to fail.
I'm currently using expect version 5.43.0 under "Linux mark 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686 i686 i386 GNU/Linux"
Here's my script (edited for brevity):
Code:
log_file -a vpn.out
exp_internal 1
log_user 1
set pw [lrange $argv 0 0]
puts $pw
# if {[fork]} exit
# disconnect
spawn vpnclient connect myprofile
expect "Enter Username and Password."
expect "Username"
send mallarj\r
expect "Password"
send $pw\r
expect "Do you wish to continue?"
send y\r
expect "VPN tunnel info"
expect "Client address: "
expect \r
set myip "$expect_out(buffer)"
set myip [string trimright "$myip" "\""]
set myip [string trimright "$myip" "\r"]
set myip [string trimright "$myip" "\n"]
puts "IP: $myip"
exit 0
Here's the normal output from my VPN server:
Code:
/root:vpnclient connect myprofile
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Initiating TCP to XX.XXX.XXX.XX, port 443
Contacting the gateway at XX.XXX.XXX.XX
User Authentication for myprofile...
Enter Username and Password.
Username [mallarj]: mallarj
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
You have connected to the XXX Server. Unauthorized use of this system is prohibited.
Do you wish to continue? (y/n): y
Your VPN connection is secure.
VPN tunnel information.
Client address: YY.YYY.YYY.YYY
Server address: XX.XXX.XXX.XX
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port TCP 443
Local LAN Access is disabled
When I run the script as is, it works fine. Here's the output:
Code:
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {28735}
expect: does "" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Cisco Systems VPN Client Version 4.8.00 (0490)
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Client Type(s): Linux
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Running on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Config file directory: /etc/opt/cisco-vpnclient
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\nConfig file directory: /etc/opt/cisco-vpnclient\r\n\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Initializing the VPN connection.
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\nConfig file directory: /etc/opt/cisco-vpnclient\r\n\r\nInitializing the VPN connection.\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Initiating TCP to XX.XXX.XXX.XX, port 443
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\nConfig file directory: /etc/opt/cisco-vpnclient\r\n\r\nInitializing the VPN connection.\r\nInitiating TCP to XX.XXX.XXX.XX, port 443\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
Contacting the gateway at XX.XXX.XXX.XX
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\nConfig file directory: /etc/opt/cisco-vpnclient\r\n\r\nInitializing the VPN connection.\r\nInitiating TCP to XX.XXX.XXX.XX, port 443\r\nContacting the gateway at XX.XXX.XXX.XX\r\n" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
User Authentication for myprofile...
Enter Username and Password.
Username [mallarj]:
expect: does "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\nConfig file directory: /etc/opt/cisco-vpnclient\r\n\r\nInitializing the VPN connection.\r\nInitiating TCP to XX.XXX.XXX.XX, port 443\r\nContacting the gateway at XX.XXX.XXX.XX\r\nUser Authentication for myprofile...\r\n\r\nEnter Username and Password.\r\n\r\nUsername [mallarj]: " (spawn_id exp7) match glob pattern "Enter Username and Password."? yes
expect: set expect_out(0,string) "Enter Username and Password."
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "Cisco Systems VPN Client Version 4.8.00 (0490)\r\nCopyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.\r\nClient Type(s): Linux\r\nRunning on: Linux 2.6.20-1.2944.fc6 #1 SMP Tue Apr 10 18:46:45 EDT 2007 i686\r\nConfig file directory: /etc/opt/cisco-vpnclient\r\n\r\nInitializing the VPN connection.\r\nInitiating TCP to XX.XXX.XXX.XX, port 443\r\nContacting the gateway at XX.XXX.XXX.XX\r\nUser Authentication for myprofile...\r\n\r\nEnter Username and Password."
expect: does "\r\n\r\nUsername [mallarj]: " (spawn_id exp7) match glob pattern "Username"? yes
expect: set expect_out(0,string) "Username"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "\r\n\r\nUsername"
send: sending "mallarj\r" to { exp7 }
expect: does " [mallarj]: " (spawn_id exp7) match glob pattern "Password"? no
mallarj
Password []:
expect: does " [mallarj]: mallarj\r\nPassword []: " (spawn_id exp7) match glob pattern "Password"? yes
expect: set expect_out(0,string) "Password"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) " [mallarj]: mallarj\r\nPassword"
send: sending "PASSWORD\r" to { exp7 }
expect: does " []: " (spawn_id exp7) match glob pattern "Do you wish to continue?"? no
Authenticating user.
expect: does " []: \r\nAuthenticating user.\r\n" (spawn_id exp7) match glob pattern "Do you wish to continue?"? no
Negotiating security policies.
expect: does " []: \r\nAuthenticating user.\r\nNegotiating security policies.\r\n" (spawn_id exp7) match glob pattern "Do you wish to continue?"? no
Securing communication channel.
expect: does " []: \r\nAuthenticating user.\r\nNegotiating security policies.\r\nSecuring communication channel.\r\n" (spawn_id exp7) match glob pattern "Do you wish to continue?"? no
expect: does " []: \r\nAuthenticating user.\r\nNegotiating security policies.\r\nSecuring communication channel.\r\n\r\n" (spawn_id exp7) match glob pattern "Do you wish to continue?"? no
You have connected to the XXXXX Server. Unauthorized use of this system is prohibited.
Do you wish to continue? (y/n):
expect: does " []: \r\nAuthenticating user.\r\nNegotiating security policies.\r\nSecuring communication channel.\r\n\r\nYou have connected to the XXXXX Server. Unauthorized use of this system is prohibited.\r\r\n\r\nDo you wish to continue? (y/n): " (spawn_id exp7) match glob pattern "Do you wish to continue?"? yes
expect: set expect_out(0,string) "Do you wish to continue?"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) " []: \r\nAuthenticating user.\r\nNegotiating security policies.\r\nSecuring communication channel.\r\n\r\nYou have connected to the XXXXX Server. Unauthorized use of this system is prohibited.\r\r\n\r\nDo you wish to continue?"
send: sending "y\r" to { exp7 }
expect: does " (y/n): " (spawn_id exp7) match glob pattern "VPN tunnel info"? no
y
Your VPN connection is secure.
expect: does " (y/n): y\r\n\r\nYour VPN connection is secure.\r\n\r\n" (spawn_id exp7) match glob pattern "VPN tunnel info"? no
VPN tunnel information.
Client address: YY.YYY.YYY.YYY
Server address: XX.XXX.XXX.XX
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port TCP 443
Local LAN Access is disabled
expect: does " (y/n): y\r\n\r\nYour VPN connection is secure.\r\n\r\nVPN tunnel information.\r\nClient address: YY.YYY.YYY.YYY\r\nServer address: XX.XXX.XXX.XX\r\nEncryption: 168-bit 3-DES\r\nAuthentication: HMAC-MD5\r\nIP Compression: None\r\nNAT passthrough is active on port TCP 443\r\nLocal LAN Access is disabled\r\n\r\n" (spawn_id exp7) match glob pattern "VPN tunnel info"? yes
expect: set expect_out(0,string) "VPN tunnel info"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) " (y/n): y\r\n\r\nYour VPN connection is secure.\r\n\r\nVPN tunnel info"
expect: does "rmation.\r\nClient address: YY.YYY.YYY.YYY\r\nServer address: XX.XXX.XXX.XX\r\nEncryption: 168-bit 3-DES\r\nAuthentication: HMAC-MD5\r\nIP Compression: None\r\nNAT passthrough is active on port TCP 443\r\nLocal LAN Access is disabled\r\n\r\n" (spawn_id exp7) match glob pattern "Client address: "? yes
expect: set expect_out(0,string) "Client address: "
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "rmation.\r\nClient address: "
expect: does "YY.YYY.YYY.YYY\r\nServer address: XX.XXX.XXX.XX\r\nEncryption: 168-bit 3-DES\r\nAuthentication: HMAC-MD5\r\nIP Compression: None\r\nNAT passthrough is active on port TCP 443\r\nLocal LAN Access is disabled\r\n\r\n" (spawn_id exp7) match glob pattern "\r"? yes
expect: set expect_out(0,string) "\r"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "YY.YYY.YYY.YYY\r"
write() failed to write anything - will sleep(1) and retry...
write() failed to write anything - will sleep(1) and retry...
However - the script doesn't fork to the background, which I'd like it to do to free up my terminal. So, I simply uncomment these two lines:
Code:
# if {[fork]} exit
# disconnect
Now, when I run the script, it fails. It appears that for some reason expect isn't communicating with the forked process at all.
Here's the output from the run with the fork enabled:
Code:
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {0}
fork: returns {28574}
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {28575}
expect: does "" (spawn_id exp7) match glob pattern "Enter Username and Password."? no
expect: timed out
expect: does "" (spawn_id exp7) match glob pattern "Username"? no
expect: timed out
send: sending "mallarj\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "Password"? no
expect: timed out
send: sending "PASSWORD\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "Do you wish to continue?"? no
expect: timed out
send: sending "y\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "VPN tunnel info"? no
expect: timed out
expect: does "" (spawn_id exp7) match glob pattern "Client address: "? no
expect: timed out
expect: does "" (spawn_id exp7) match glob pattern "\r"? no
expect: timed out
can't read "expect_out(buffer)": no such variable
while executing
"set myip "$expect_out(buffer)""
(file "/share/bin/ctl-vpn" line 31)
write() failed to write anything - will sleep(1) and retry...
Any idea what's up?
