alfred-vpn-manager icon indicating copy to clipboard operation
alfred-vpn-manager copied to clipboard

Published 20 hours ago verified publisher icon deanishe

Please support native VPNs from network preferences

Open JuoCode opened this issue 6 years ago • 14 comments

This is a fantastic workflow!

I'm a heavy user of VPNs, so I'm desperately want this workflow to manage all my VPN softwares and the VPN configured natively in the macOS.

Could you also add support to that?

Thanks!

JuoCode avatar Mar 07 '18 07:03 JuoCode

Could you also add support to that?

Doubtful. To do that I need to be able to get a list of the system VPNs, and that doesn't work (on my El Cap system, at least).

The command that is supposed to list system VPNs (scutil --nc list) outputs an empty list for me, even though I have a VPN configured.

So unless you know of a way to get a list of system VPNs that actually works, it's not possible.

deanishe avatar Mar 08 '18 13:03 deanishe

I'd like to bump this - I have no idea why scutil --nc list isn't working for you; I'm using Martin Rodelgaard's alfred-network-manager which gets the list of system VPNs via that command, and it works fine on Catalina (and did on Mojave).

Any chance you'd be open to revisiting this? I'd be happy to try and generate a pull request or something similar - would be very handy, as I have multiple system VPNs and multiple OpenVPNs in Viscosity.

This would also possibly be a way to get WireGuard support, since that hooks into the native VPN framework from my understanding, which would also be awesome.

EDIT: wow that was fast. Thank you!

ideologysec avatar Sep 11 '20 23:09 ideologysec

Any chance you'd be open to revisiting this?

Sure. I'm on Catalina now. I'll add a VPN and see if I can do anything with it.

deanishe avatar Sep 11 '20 23:09 deanishe

I can also confirm after testing that whatever that plugin is doing for managing system VPNs, it works with WireGuard as well (since it adds VPNs to the system network interfaces via the network extension framework). See attached for L2TP and WireGuard VPNs (and I know screenshots aren't code, but, it's at least a start...):

wg+l2tp

Appears to work even when the WireGuard menubar app is closed, which is great - the config should only need to be imported, and after that, unless status is desired in the menubar, the workflow would not need to open the app.

ideologysec avatar Sep 12 '20 00:09 ideologysec

I can also confirm after testing that whatever that plugin is doing for managing system VPNs

The problem was that it didn't work on my Mac. And if it doesn't work on my Mac, I can't build a workflow around it.

deanishe avatar Sep 12 '20 07:09 deanishe

For sure. Are you saying it still doesn't work on your Mac, or that it didn't work when you tested it a year or two back?

ideologysec avatar Sep 12 '20 07:09 ideologysec

Are you saying it still doesn't work on your Mac, or that it didn't work when you tested it a year or two back?

Umm … both, I think. I've just checked, and I have a bunch of IKEv2 VPNs in Network Preferences, but scutil isn't showing them.

deanishe avatar Sep 12 '20 08:09 deanishe

I just created a test WireGuard VPN and then ran scutil --nc list. But you are right, is not showing any IKEv2 VPNs

❯ scutil --nc list
Available network connection services in the current set (*=enabled):
* (Disconnected)   663D103A-B32C-41C1-99D3-4780E8E7EB47 VPN (com.wireguard.macos) "abyss"                          [VPN:com.wireguard.macos]

mariusv avatar Sep 14 '20 06:09 mariusv

Further testing reveals that the wireguard menubar app does need to be running for the VPN to connect, but that seems easy enough to fix.

The other issue is a bit trickier. scutil does not support IKEv2 VPNs; this is apparently a bug.

What about including something like vpnutil bundled into the workflow?

ideologysec avatar Sep 14 '20 19:09 ideologysec

What about including something like vpnutil bundled into the workflow?

vpnutil doesn't list VPNs, only connects/disconnects them. It would need altering to produce the required information.

deanishe avatar Sep 16 '20 12:09 deanishe

Huh?

Maybe we're not looking at the same version. The one in the blog post doesn't do listing, no. I followed the link at the bottom of the post to the GitHub for vpnutil. It looks like he cut the 1.0 release not two weeks ago, and that version definitely has listing.

$ curl -O https://github.com/Timac/VPNStatus/releases/download/1.0/vpnutil.zip
$ unzip vpnutil.zip
$ xattr -c vpnutil; chmod +x vpnutil; mv vpnutil /usr/local/bin/vpnutil
$ vpnutil list
L2TP Disconnected
algo-wireguard Disconnected

seems to work for me.

ideologysec avatar Sep 16 '20 21:09 ideologysec

It looks like he cut the 1.0 release not two weeks ago, and that version definitely has listing.

Right. I built it from the source code, which hasn't been updated in 2 years, and it doesn't support listing.

deanishe avatar Sep 16 '20 22:09 deanishe

Following up on this - the source code is not updated in master, no. I've no idea why. I'll reach out and ask, and see if he's willing to change that. Meantime, however, the Source code.zip file attached to the 1.0 release does have the most recent source for vpnutil, and that version does support listing.

I'm also curious as to why you're building from source; would bundling the compiled utility and checking for new binary releases via GitHub not be an option?

Cheers again for this utility, even as it stands. :)

ideologysec avatar Dec 04 '20 23:12 ideologysec

Following up on this, the source for VPNutil is definitely up to date in the tree (as of April 2023). I don't use IKE VPNs anymore, so I don't know if scutil is still broken, but more VPNs would be awesome.

ideologysec avatar Jun 06 '23 19:06 ideologysec