Automating Proxy settings upon VPN connections

obuno | | 2 min read
Automating Proxy settings upon VPN connections

A brief post about how you can automate your Windows system wide proxy auto-configuration settings upon a successful SSL-VPN tunnel connection.

As I've wrote in a few FortiProxy former posts, my only break out possible path is now through FPX, which implies the even on VPN connections establishment, the FPX box has to be addressed if outbound connectivity is needed/wanted.

In order to automate the Windows setting called Automatic proxy setup, in which you'd invoque your FortiProxy FQDN:PACPORT/proxy.pac file, you'll need a nice WinPE tool which is kindly developed by a Microsoft Employee. You'll find the needed setproxy.exe file here

Now within the FortiClient VPN, within your connections settings, Fortinet provide you with the ability to execute scripts upon "connect" as well as "disconnect" tunnels status. In order to address and edit these parameters, you can export your current FortiClient configuration, rendering a .conf file that you'll be able to edit in any text editors of choice.

Within your connection(s) profile(s) you'll find these two <on_connect>/<on_disconnect> sections.

<on_connect>
    <script>
        <os>windows</os>
        <script>
            <![CDATA[
                c:\vpn\on_connect.bat
            ]]>
        </script>
    </script>
</on_connect>
<on_disconnect>
    <script>
        <os>windows</os>
        <script>
            <![CDATA[
                c:\vpn\on_disconnect.bat
            ]]>
        </script>
    </script>
</on_disconnect>

Hence, indeed, FortiClient will execute the on_connect.bat file on that particular tunnel profile successful connection and will execute the on_disconnect.bat file on, you've guessed it, tunnel disconnection.

Here is what I currently have within both of these files:

c:\vpn\setproxy.exe autoconfigURL http://fpx.fqdn.suffix:pacport/proxy.pac >> c:\vpn\on_connect_logs.txt 2>&1
c:\vpn\setproxy.exe\setproxy.exe reset >> c:\vpn\on_disconnect_logs.txt 2>&1
c:\vpn\setproxy.exe\setproxy.exe DIRECT >> c:\vpn\on_disconnect_logs.txt 2>&1

As such, on every VPN establishment, I'm always addressing the FortiProxy appliance/proxy.pac and reverting that setting to direct connections upon VPN disconnection.

In the hope you've found some useful information's in this post.
Cheers,
Obuno

Image credits: Ian Stewart, Nostromo Mother#2

Share:
Show Comments