emptist / macosvpn Goto Github PK

This is a command-line tool written in Objective-C that can create VPN network configurations on your Mac.

It supports both L2TP over IPSec and Cisco IPSec.

• Mac OS Yosemite or Mavericks (I have not tested it on older versions, it might work)
• Administrator privileges (i.e. you've got to run it with sudo)

Start a Terminal and run this curl command to get the executable:

sudo bash -c "curl -L https://github.com/halo/macosvpn/releases/download/0.1.3/macosvpn > /usr/local/bin/macosvpn"
sudo chmod +x /usr/local/bin/macosvpn

You can always run macosvpn --version to see the version currently installed on your system and compare it to the latest available version on Github.

Creating a single L2TP over IPSec VPN Service:

sudo macosvpn create --l2tp Atlantic --endpoint atlantic.example.com --username Alice --password p4ssw0rd --shared-secret s3same

Replace --l2tp with --cisco to create a Cisco IPSec instead. A Cisco IPSec groupname can be specified with --groupname.

By default, enables the option "Send all traffic over VPN connection", also known as wildcard routing. To disable this option, include the --split flag to use the VPN Service for specific routes only. Split tunnelling may require use of /etc/ppp/ip-up and /etc/ppp/ip-down scripts.

The same command but shorter:

sudo macosvpn create l2tp Atlantic endpoint atlantic.example.com username Alice password p4ssw0rd shared-secret s3same

The same command even shorter:

sudo macosvpn create -l Atlantic -e atlantic.example.com -u Alice -p p4ssw0rd -s s3same

The same command as short as possible:

sudo macosvpn create -leups Atlantic atlantic.example.com Alice p4ssw0rd s3same

Simular command for Cisco VPN

sudo macosvpn create -c Atlantic -e atlantic.example.com -u Alice -p p4ssw0rd -g EasyVPNGRoup -s s3same

Repeat the arguments for creating multiple Services at once (no matter which short version you use :)

sudo macosvpn create -leups Atlantic atlantic.example.com Alice p4ssw0rd s3same \\
                     -leups Northpole northpole.example.com Bob s3cret pr1v4te

Assign default values which will be applied to every service. Say you want to create the following VPN services:

no name      endpoint              user  password sharedsecret
--------------------------------------------------------------
1  Australia australia.example.com Alice p4ssw0rd s3same
2  Island    island.example.com    Alice p4ssw0rd s3same

You could do that with the following command:

sudo macosvpn create --default-username Alice --default-password p4ssw0rd --default-endpoint-suffix .example.com \\
                     --l2tp Australia --endpoint-prefix australia --shared-secret s3same \\
                     --l2tp Island --endpoint-prefix island --shared-secret letme1n

The same command a little shorter:

sudo macosvpn create -m Alice -a p4ssw0rd -x .example.com \\
                     -l Australia -f australia -s s3same \\
                     -l Island -f island -s letme1n

If you feel adventurous you can find all available flags at the bottom of this file.

• If you get a warning that says "Creating Keychain item failed: write permissions error", you need to run the application with sudo.
• If you're stuck, try to add the --debug flag and see if it says something useful.

• If a VPN with the given name already exists, a new one with an incremental number is created. In the future there should be a --force option to re-create it

Feel free to browse through the code of this application. It's pretty small and straight-forward.

It all began with finding this page you probably already found. But it was not before this practical example that I actually dared to try to implement this. Then, google led me to this page where I learned how to set the Shared Secret. The last hurdle was to get the "Send all traffic over VPN" flag, which I finally found the answer to here. Finally, I learned from over here how to add things to the System Keychain.

Useful commands for debugging:

# Show all current VPN service configurations
open /Library/Preferences/SystemConfiguration/preferences.plist

# Show all Keychain Items and their access policies
security dump-keychain -a /Library/Keychains/System.keychain

To the beautiful 3rd party libraries I was allowed to use:

• NSError/ArgumentParser
• CocoaLumberjack
• beelsebob/CoreParse

MIT 2015 halo. See MIT-LICENSE.