Algo VPN not added to macOS configd dynamic store

trailofbits / algo

Set up a personal VPN in the cloud

https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/

GNU Affero General Public License v3.0

28.89k stars 2.32k forks source link

Algo VPN not added to macOS configd dynamic store #226

Open quinncomendant opened 7 years ago

quinncomendant commented 7 years ago

I setup Algo rev 8d21923 installed to digitalocean from macOS 10.11.6.

I installed the .mobileconfig profile to my mac, and connecting to the VPN works. However, the VPN is not added to the macOS configd dynamic store, and is not available in the list produced by:

scutil --nc list

The VPN does appear in the list of interfaces in the Network.prefPane.

Likewise, running scutil --nc start Algo returns “No service”.

As far as I know, IPSec IKEv1 VPN should be manageable by scutil. Is there something about the profile that has prevented it from being added to confid?

dmazin commented 7 years ago

Is this a bug?

quinncomendant commented 7 years ago

It's not a bug, because it's not necessary for the VPN to be registered in the configd store for it to work properly (via macOS GUI). If IKEv1 VPNs can be registered in configd, it would be useful for it to be there (so that the VPN can be controlled via the scutil command line tool). This is half question, and half feature request.

movalex commented 6 years ago

Here's an Apple script which reconnects IKEv2 VPN automatically on MacOS. Didn't test it though. https://gist.github.com/coneybeare/fb9481b2c1fb0d90f40b30fce4c68ac7

dentarg commented 5 years ago

It's a bug/limitation in macOS, this blog post has more info about it: https://blog.timac.org/2018/0719-vpnstatus/

The source code for the apps introduced in the blog post above are also on GitHub: https://github.com/Timac/VPNStatus