Friday, October 24, 2014

Auto-connect OSX IPSEC VPN on system boot / wakeup

If you have OSX 10.10 (Yosemite) or higher  installed and need to automatically (re-) connect a VPN connection on system boot or wakeup, read on.

For a headless remote OSX machine, I needed to setup automatic VPN connection so the remote device is always accessible via VPN.


1. create LaunchDaemon plist file
sudo vi /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist


content:

<?xml version="1.0" encoding="UTF-8"?>  
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">  
 <plist version="1.0">  
  <!--  
    See http://roosbertl.blogspot.com  
    Auto-connect to named OSX VPN when network is reachable.   
    This LaunchDaemon monitors the state of the given VPN configuration.  
    If the VPN is disconnected, it pings an internet host, first (www.google.com)  
    Then it establishes the VPN again.  
    Note: using scutil to connect, as "networksetup" does not work on Yosemite to reconnect a VPN  
    Based on plist by patrix   
    http://apple.stackexchange.com/questions/42610/getting-vpn-to-auto-reconnect-on-connection-drop  
    Config:  
      1. Replace "VPN (Cisco IPSec)" below with your VPN connection name as configured in system prefs  
      2. Install this file in /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist (sudo)   
      3. Set permissions  
       sudo chown root:wheel /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist   
       sudo chmod 644 /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist   
      4. activate/update with:  
      sudo launchctl unload -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist   
      sudo launchctl load -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist   
   -->  
  <dict>  
   <key>Label</key>  
   <string>org.roosbertl.osxvpnautoconnect</string>  
   <key>ProgramArguments</key>  
   <array>  
    <string>bash</string>  
    <string>-c</string>  
    <string>(test $(networksetup -showpppoestatus "VPN (Cisco IPSec)") = 'disconnected' &amp;&amp; echo "Re-Connecting VPN (Cisco IPSec).." &amp;&amp; ping -o www.google.com &amp;&amp; scutil --nc start "VPN (Cisco IPSec)") ; sleep 10</string>  
   </array>  
   <key>RunAtLoad</key>  
   <true/>  
   <key>KeepAlive</key>  
   <true/>  
  </dict>  
 </plist>

2. set  permissions

sudo chown root:wheel /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist 
sudo chmod 644 /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist


3. activate

sudo launchctl load -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist


Eingestellt von um 8 comments:
Subscribe to: Posts (Atom)