Mac OS: Split-Tunnel VPN

Posted in The Mac & More by

So you’ve already setup a VPN connection to your home or office, but then you realize that you either can’t connect to your VPN network, or you can’t connect to the internet. If you want to have access to both, you’ll need to setup a split-tunnel. On a Mac this is a bit more frustrating than on a Windows machine, so I’ve used some script-foo to make it easier.

I’ll assume you’ve got your VPN connecting, and there is no issue there. The following Applescript will look for a VPN connection called “Office VPN” and will attempt to send traffic destined for the 192.168.1.X IP range through the VPN. This IP range should be the network IP range of the remote network you are connecting to.

This applescript works as a VPN connect button as well. If the VPN is not connected, it will connect it. If it’s connected, then it will disconnect. During the connection process it will ask for your admin login and password. This is required to setup the tunneling in your system’s settings.

AppleScript:

set service_name to "Office VPN"

if ConnectVPN(service_name) then
	
	set the_timer to 0
	set isConnected to false
	
	repeat until isConnected or the_timer > 45
		
		delay 5
		set the_timer to the_timer + 5
		
		tell application "System Events"
			tell current location of network preferences
				set VPNservice to service service_name -- name of the VPN service
				set isConnected to connected of current configuration of VPNservice
			end tell
		end tell
		
	end repeat
	
	ConnectPPP()
	
end if

-----

on ConnectVPN(service_name)
	tell application "System Events"
		tell current location of network preferences
			set VPNservice to service service_name -- name of the VPN service
			set isConnected to connected of current configuration of VPNservice
			if isConnected then
				disconnect VPNservice
				set VPNstatus to "off"
				display dialog "VPN Disconnected" buttons {"OK"} giving up after 5
				
			else
				connect VPNservice
				set VPNstatus to "on"
				--Start when Connected				
				
			end if
		end tell
	end tell
	
	if VPNstatus is equal to "off" then
		return false
	else
		return true
	end if
	
end ConnectVPN

on ConnectPPP()
	try
		set route_status to do shell script "netstat -rn | grep \"192.168.1 \"*ppp"
	on error
		set route_status to false
	end try
	
	if route_status is equal to false then -- no route has been added yet
		try -- setup the routes to the ip addresses we need
			set the_ppp to do shell script "ifconfig | grep -B 1 192.168.1.1 | grep ppp | cut -d ':' -f 1"
			if the_ppp is not equal to "" then
				do shell script "sudo route add -net 192.168.1.0/24 -interface " & the_ppp with administrator privileges
			end if
		end try
		
	end if
	
end ConnectPPP

Save the above as a “.app” style script and place it on your desktop or dock.

Leave a comment