How to auto save a Cisco VPN connection password on Mac OS X?

I have set up a Cisco IPSec VPN connection instead of using the Cisco client on Mac OS X. I like it fairly well, it just sits in the tray next to the clock and allows me to easily connect and disconnect.

However, the one disadvantage to this is that Apple's network preference pane really enforces the remote server's policy of not storing user passwords, so it will let me store it once when I first create the connection, and it will let me connect with it that way, but after I disconnect it removes the password and won't let me type in that field anymore.

enter image description here

What I end up with is a box prompting me for login credentials each time I connect. Is there a way to bypass / auto fill this?

enter image description here


In the bad old days of using Cisco's client, it was easy to edit the .pcf file to work around the remote server policy. Using the alternative client Shimo has worked for me as of a couple of years ago (it's now closed-source, but you can get the old version from Google Code). Here's another workaround I haven't tried that uses the Keychain.


There is a workaround with AppleScript that works for me.


I got another script on github.

Instead of simulating click and input, this script access the process and simply triggers the actions.

While the first time the script runs, OSX may ask for accessibility.


I finally found a working solution. I'm using Anyconnect VPN secure mobility 4.8

We can use this to connect to Anyconnect with terminal

To connect:

printf 'USERNAME\nPASSWORD\ny' | /opt/cisco/anyconnect/bin/vpn -s connect HOST

Replace USERNAME, PASSWORD, and HOST. The \ny at the end is to accept the login banner - this is specific to my host.

Note the single quotes ' instead of double quotes " - this is because double quotes tell Bash to interpret certain characters within strings, such as exclamation marks, as Bash history commands. Double quotes will make this command fail with an "event not found" error if the password contains an exclamation mark. Single-quoted strings pass exclamation marks along without interpreting them.

To disconnect:

/opt/cisco/anyconnect/bin/vpn disconnect

I've made an alias to bash_profile to those commands