search

mullvad / mullvadvpn-app

The Mullvad VPN client app for desktop and mobile
https://mullvad.net/
GNU General Public License v3.0
5.14k stars 342 forks source link

Add machine-readable CLI output #3686

Open emilmelnikov opened 2 years ago

emilmelnikov commented 2 years ago

Issue report

Operating system: macOS 12.4

App version: 2022.2

Issue description

I created a script that uses mullvad CLI tool for connecting/disconnecting and toggling the "Always Require VPN" feature. With the recent update, the output from mullvad status changed from Tunnel status: connected ... to Connected ..., so I had to update my script.

It would be nice to have machine-readable output from the tool in some record-oriented or JSON format, which should be less brittle than parsing human-readable strings.

faern commented 2 years ago

First of all, you can use mullvad connect --wait to make the command block until it's connected. So you don't need to parse the output of mullvad status to figure out the state really. Depending on how you use it more exactly of course.

The way you are using this, it sounds like you have misunderstood the intended usage of "Always Require VPN". If you enable it when you connect and disable it when you disconnect it will do absolutely nothing for you. The only thing "Always Require VPN" does for you is to keep the firewall locked when you have disconnected mullvad (mullvad disconnect). While mullvad is in the secured mode (mullvad connect) "Always Require VPN" has no effect. The built in always-active kill switch is always making sure no leaks can happen as long as mullvad is engaged. And with engaged I mean constantly until you call mullvad disconnect. That kill switch will handle all unexpected tunnel disconnects etc. If you actively disable "Always Require VPN" every time you also issue mullvad disconnect it is not going to have any effect at all. What are you trying to achieve more exactly?

emilmelnikov commented 2 years ago

First of all, you can use mullvad connect --wait to make the command block until it's connected. So you don't need to parse the output of mullvad status to figure out the state really. Depending on how you use it more exactly of course.

Usually I am just using GUI to control Mullvad (switch location, reconnect). The script is used only occasionally for toggling Mullvad's state. It would be pretty inconvenient for me to start and stop a connection via terminal (need to always keep an open tab).

The way you are using this, it sounds like you have misunderstood the intended usage of "Always Require VPN". If you enable it when you connect and disable it when you disconnect it will do absolutely nothing for you. The only thing "Always Require VPN" does for you is to keep the firewall locked when you have disconnected mullvad (mullvad disconnect). While mullvad is in the secured mode (mullvad connect) "Always Require VPN" has no effect. The built in always-active kill switch is always making sure no leaks can happen as long as mullvad is engaged. And with engaged I mean constantly until you call mullvad disconnect. That kill switch will handle all unexpected tunnel disconnects etc. If you actively disable "Always Require VPN" every time you also issue mullvad disconnect it is not going to have any effect at all. What are you trying to achieve more exactly?

I need to enable and disable both connection and the kill switch because, sometimes, I'm connecting to my work VPN (I am using built-in macOS Cisco IPSec) which, apparently, doesn't work when Mullvad connection is active. I always know when I'm turning off the kill switch because I'm doing it for a limited timeframe each day. If it's possible to connect to another VPN while still being connected to Mullvad, I'd gladly use that option.