So, you’ve setup an IKEv2/IPSEC VPN service on your Mac, and you want a tool that will keep you connected at all times. Well you’ve found the right place. Let’s dive in.
I’ll skip the part where I would normally talk at length about why you should use a VPN, and how to setup your own server in the cloud to do so. But… I would be remiss if I didn’t take this opportunity to share Algo, an incredible free command-line tool that automatically sets up and launches an Amazon EC2 server, installs IPSEC VPN software and locks it down, then also creates the security profiles for you to easily add on your Mac or mobile device. It’s by far the easiest free way to setup your own cloud-based VPN that I have found, and they are definitely worth checking out.
This point on assumes you already have an IPSEC VPN server up and running, and can connect to it from your Mac fine.
This post is only to share a solution I have created to address the problem of a disconnected VPN.
If you Google around (and I bet you already have), you may have found this AppleScript,
or a varient of it, to auto-reconnect a disconnected VPN. Sounds like what we need right? Wrong. This script,
or others that depend on the
scutil to reconnect will not work with IKEv2/IPSEC VPNs. But, you probably
already know that, since you have found my page.
To keep my VPN auto-connected at all times, I wrote a simple AppleScript that runs as an App in the background.
Going line-by-line, let me explain what it does.
on idlemeans this script will run periodically in the background, when the OS decides it is not an inconvenient time to do so. Once it returns, it will not be run until the next time the OS is idle.
Lines 3-4: These are the only two variable you should need to set. One is the external IP address of your VPN server. This is the value that, if connected properly, would also be your Mac’s external IP address. The other is the name of the VPN service on your Mac. You can find this by navigating to
Networkand looking at the title in the left column.
- Lines 6-13: This creates a variable to hold your Mac’s current external IP address, and a bunch of possible commands to run to get this value. Unfortunately, the only really reliable way to get your external IP is to ask an external service.
- Lines 15-21: This is a simple loop which iterates over the external IP address commands. It runs one, then breaks the loop if we got it successfully. Otherwise, it tries the next command in the loop. 99% of the time you will only run one command, but if for some reason there is a network issue, there are several more options for it to try.
Line 23: A simple check to see if the external IP address we have (
myIP) is the one we should have (
vpnIPAddress). If it is, we must be connected to the VPN already, and the script ends here.
Lines 25-34: This is a little bit of UI scripting that will locate the VPN Status Bar item, click it, find your VPN by looking for
vpnServiceName, then click again to connect it. UI scripting is a little hacky I know, but this runs in about 0.2 seconds, meaning there is minimal interference with your routine. It also only runs when you get disconnected, which in my case is only about once a day.
So how do we use this script? It’s a little complicated to get setup, but follow these instructions and you should be fine.
Grab the code and change line 3 to be the IP address of your VPN.
Networkand find the name of your VPN network. Mine here is AlgoVPN.
Change line 4 of the script to include your VPN’s name instead of “AlgoVPN”.
This is also a good time to ensure that you have the
Show VPN status in Menu Baritem checked, as we will need that coming up.
Script Editor.appand paste in your edited script.
Command-Sto open the Save dialog, rename it to
Applicationsas the location, and make sure you have the following options selected.
File Formatneeds to be set to Application, and
stay open after run handleneeds to be checked in order to keep running on idle in the background.
AutoReconnectToVPN.appand run it by double clicking. The first time you run the application, you will get these two errors.
This is normal. Your computer is protecting you from scripts that can act on your behalf. In this case, we need to allow the App to “click” the VPN status bar item and connect, so let’s add this app to the list in Assistive Devices system preferences.
Security & Privacy>
Accessibility. Click the lock icon on the bottom left to make changes, then select the checkbox next to
Click the lock again to save changes, then close System Preferences. Note that if any edits are made to the App script after this point, you will need to delete the app from the Accessibility menu manually, and add it again manually. The system seems to only ask you once, and if an edit is made to the app’s code signature, it won’t work.
AutoReconnectToVPN.appto the Accessibility menu, you can run it again by double clicking. If all goes well, you should see something like this:
This shows the VPN starting off as disconnected. When the app is already open, it detects that we are disconnected, and re-connects from the script automatically.
These next steps are completely optional.
There’s only one more thing I did when setting this App up on my system, and that is to hide the App Icon. This should be a set-it-and-forget-it App, so I really didn’t want it showing in the dock.
The downsides to hiding the dock icon are that you need to us the
pscommand in Terminal, or the
Activity Monitor, if you want to terminate the App. It means there is no indication that the App is running, other than a hopefully persistently connected VPN server. So you don’t need to do this, but if you want to, here’s how.
AutoReconnectToVPN.appin Finder, and select
Show Package Contents.
Contents, and open
Info.plistin a Text Editor.
Under the main
dictkey, add the key
NSUIElement, with a
1, like this:
Save it and quit. You’re gonna hate me for not telling you this earlier, but since you have technically edited the App’s signature, you will need to repeat step 6. Sorry!
The last thing I did was to ensure this App would run at startup, so I added it to the
Users & Groups>
Login Itemsfor my user.
Caveats: This script is definitely not bullet proof. For one, it assumes your VPN status bar icon is going to be in spot 1 (rightmost), so make it so. Also, I’ve only tested on one machine, with one user account, with one VPN setup. That being said, I have used it for several weeks now and it behaves as it should, reconnecting my disconnected VPN whenever it gets disconnected for whatever reason. I hope it helps you too.
If you see anywhere that the script can be improved, please comment on or edit the GIST, or leave a comment below!