For a headless remote OSX machine, I needed to setup automatic VPN connection so the remote device is always accessible via VPN.
1. create LaunchDaemon plist file
sudo vi /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist
content:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <!-- See http://roosbertl.blogspot.com Auto-connect to named OSX VPN when network is reachable. This LaunchDaemon monitors the state of the given VPN configuration. If the VPN is disconnected, it pings an internet host, first (www.google.com) Then it establishes the VPN again. Note: using scutil to connect, as "networksetup" does not work on Yosemite to reconnect a VPN Based on plist by patrix http://apple.stackexchange.com/questions/42610/getting-vpn-to-auto-reconnect-on-connection-drop Config: 1. Replace "VPN (Cisco IPSec)" below with your VPN connection name as configured in system prefs 2. Install this file in /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist (sudo) 3. Set permissions sudo chown root:wheel /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist sudo chmod 644 /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist 4. activate/update with: sudo launchctl unload -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist sudo launchctl load -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist --> <dict> <key>Label</key> <string>org.roosbertl.osxvpnautoconnect</string> <key>ProgramArguments</key> <array> <string>bash</string> <string>-c</string> <string>(test $(networksetup -showpppoestatus "VPN (Cisco IPSec)") = 'disconnected' && echo "Re-Connecting VPN (Cisco IPSec).." && ping -o www.google.com && scutil --nc start "VPN (Cisco IPSec)") ; sleep 10</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> </dict> </plist>
2. set permissions
sudo chown root:wheel /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist sudo chmod 644 /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist
sudo launchctl load -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist
Doing good job...
ReplyDeletevpn on mac
I've thought about setting this up for my users who work remotely from the office. But, a question does come to mind.
ReplyDeleteWhat happens if the person isn't connected to an active internet connection? Will there be any type of an error message, or is it just going to not reconnect the VPN?
Or perhaps they don't have wi-fi set to auto-connect, so they're not on the internet at that point.
As a side note, will this work with older versions of OSX? If yes, how far back?
THANKS!!
Robert
Thank you.Good job.
ReplyDeletetop10-bestvpn.com
Thank you.
ReplyDeleteIt works good.
10webhostingservice.com
This errors with a message about shared secret not being stored. Of course it is stored and connect manually just fine. Any suggestion?
ReplyDeletescutil --nc start "vpnname" --user myusername --password mypasword --secret mysharedsecret
ReplyDeletewill do
Hey, any chance this script could be updated to work on macOS 12 please? THis would be a very handy resource with lots of people still working remotely. I do not have the skills to write these scripts!
ReplyDeleteHey, any chance this script could be updated to work on macOS 12 please? THis would be a very handy resource with lots of people still working remotely. I do not have the skills to write these scripts!
ReplyDelete