How can I track down the process that started a VPN interface on Catalina?

network vpn launch-services

The direct answer to my question:

Track down the process by gathering more information

scutil --nwi

Network information

IPv4 network interface information
  ipsec0 : flags      : 0x5 (IPv4,DNS)
           address    : 10.6.4.48
           VPN server : X.X.X.X
           reach      : 0x00000003 (Reachable,Transient Connection)

Check PIDs of network connections to VPN server and find parent PID

lsof -i | grep -E "X.X.X.X"

NEIKEv2Pr  **942** todd    7u  IPv4 0x6816df6181c68875      0t0  UDP 192.168.0.32:ipsec-msft->X.X.X.X:ipsec-msft

ps -l 942 | grep -v grep

UID   PID  PPID        F CPU PRI NI       SZ    RSS WCHAN     S             ADDR TTY           TIME CMD
  502   942     **1**     4004   0  31  0  5007340   8496 -      Ss                  0 ??         0:00.46 /System/Library/Frameworks/NetworkExtension.framework/PlugIns/NEIKEv2Provider.appex/Contents/MacOS/NEIKEv2Provider

PID 1 belongs to launchd in this case...now on to my next problem of finding the service responsible for launching this NEIKEv2 process..any help is welcome although I'll most likely have to start a new thread.

Related

What was the format for personal sites hosted with (deprecated) .Mac?
Updating app that were downloaded with a different apple ID
How to output sound through HDMI adapter (late 2008 Macbook)? [closed]
Use Automator to run Python script when files added to folder
Guest account only cannot access admin
My external USB Keyboard types wrong Keys on Macbook Pro
Upgrade Mac OS from El Capitan to Sierra
Is there a app or software to do random photo selection on iphone?
Prevent saved home screen icons opening a browser without address bar?
Bootcamp - show bootloader by default
As a developer, how to display notifications on MacOS [closed]
How to restore wrongly edited + wrongly saved TextEdit file?