Start configured VPN from command line (OSX)

I have two VPN configurations on my mac and I would like to be able to start them from the console when I ssh into my machine.

I have found the command networksetup which allows me to configure connections, but as far as I can tell not actually start one.

Using Lion.


For newer macOS versions, a very simple command can be used, as shown in the below answers, e.g. this one (give it a +1!).

All you need is:

 networksetup -connectpppoeservice "UniVPN"

The only problem is that you cannot disconnect using this command.


You can also use AppleScript to connect to the VPN services of your choice. We'll use shell functions, which are available from the command line, once they are loaded.

Add the functions below to your ~/.bash_profile or ~/.profile (whatever you use).

You just need to change the name of the VPN connection itself, as it appears under the Network preferences. I used my university VPN here.

enter image description here

You can change the names of the functions as well, if you want to do it for different ones. It might be possible to shorten this using arguments, but it works just fine this way. I tested it on Snow Leopard (but Leopard and Lion should work too).

Once you've added the functions, reload the terminal and call them with vpn-connect and vpn-disconnect, respectively.


function vpn-connect {
/usr/bin/env osascript <<-EOF
tell application "System Events"
        tell current location of network preferences
                set VPN to service "UniVPN" -- your VPN name here
                if exists VPN then connect VPN
                repeat while (current configuration of VPN is not connected)
                    delay 1
                end repeat
        end tell
end tell
EOF
}

function vpn-disconnect {
/usr/bin/env osascript <<-EOF
tell application "System Events"
        tell current location of network preferences
                set VPN to service "UniVPN" -- your VPN name here
                if exists VPN then disconnect VPN
        end tell
end tell
return
EOF
}

You can also, as of at least Lion1, use the scutil command.

For example, if I have a VPN service named "Foo", I could connect via:

$ scutil --nc start Foo

I can optionally specify a user, password, and secret using flags of the same names:

$ scutil --nc start Foo --user bar --password baz --secret quux

The service can be disconnected via:

$ scutil --nc stop Foo

For more detailed help, you can see the man page, or run:

$ scutil --nc help

Update

Adding a quick script to poll until the connection is established (in response to the comment from Eric B.

#!/bin/bash

# Call with <script> "<VPN Connection Name>"

set -e
#set -x

vpn="$1"

function isnt_connected () {
    scutil --nc status "$vpn" | sed -n 1p | grep -qv Connected
}

function poll_until_connected () {
    let loops=0 || true
    let max_loops=200 # 200 * 0.1 is 20 seconds. Bash doesn't support floats

    while isnt_connected "$vpn"; do
        sleep 0.1 # can't use a variable here, bash doesn't have floats
        let loops=$loops+1
        [ $loops -gt $max_loops ] && break
    done

    [ $loops -le $max_loops ]
}

scutil --nc start "$vpn"

if poll_until_connected "$vpn"; then
    echo "Connected to $vpn!"
    exit 0
else
    echo "I'm too impatient!"
    scutil --nc stop "$vpn"
    exit 1
fi

Footnotes:

  1. It's not clear when this command was added to OSX, I have it in Mavericks, and user Eric B. reports that it works in Lion (10.7.5).

Haven't tested this under Lion but but I'm using following command under Mountain Lion without any problem:

networksetup -connectpppoeservice UniVPN

You can use networksetup -connectpppoeservice "myvpn" to connect to a vpn named myvpn, and use networksetup -disconnectpppoeservice "myvpn" to disconnect from the vpn named myvpn

Before use these command lines, you need to manually config a connection in System Preferences > Network