{"id":19866293,"url":"https://github.com/halo/macosvpn","last_synced_at":"2025-04-04T14:07:57.386Z","repository":{"id":19068371,"uuid":"22295301","full_name":"halo/macosvpn","owner":"halo","description":":wrench: Create macOS VPNs programmatically (L2TP \u0026 Cisco)","archived":false,"fork":false,"pushed_at":"2023-04-15T21:20:07.000Z","size":1876,"stargazers_count":450,"open_issues_count":5,"forks_count":71,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-03-28T13:09:11.013Z","etag":null,"topics":["cisco","ipsec","keychain","l2tp","macos","ppp","vpn","vpn-client"],"latest_commit_sha":null,"homepage":"","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/halo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2014-07-26T20:03:10.000Z","updated_at":"2025-03-14T21:58:58.000Z","dependencies_parsed_at":"2024-01-15T03:59:17.027Z","dependency_job_id":"1490cb5a-8807-4d3d-a1be-450e79006793","html_url":"https://github.com/halo/macosvpn","commit_stats":{"total_commits":243,"total_committers":5,"mean_commits":48.6,"dds":0.09876543209876543,"last_synced_commit":"0dbe429031eabf701e471f09269bf685221eed0a"},"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/halo%2Fmacosvpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/halo%2Fmacosvpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/halo%2Fmacosvpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/halo%2Fmacosvpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/halo","download_url":"https://codeload.github.com/halo/macosvpn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247190250,"owners_count":20898702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cisco","ipsec","keychain","l2tp","macos","ppp","vpn","vpn-client"],"created_at":"2024-11-12T15:25:25.992Z","updated_at":"2025-04-04T14:07:57.365Z","avatar_url":"https://github.com/halo.png","language":"Swift","funding_links":[],"categories":["Swift","Uncategorized"],"sub_categories":["Uncategorized"],"readme":"[![Version](https://img.shields.io/github/tag/halo/macosvpn.svg?style=flat\u0026label=version)](https://github.com/halo/macosvpn/releases)\n[![Homebrew](https://img.shields.io/homebrew/v/macosvpn.svg?style=flat)](https://github.com/Homebrew/homebrew-core/blob/master/Formula/macosvpn.rb)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat)](https://github.com/halo/macosvpn/blob/master/LICENSE.md)\n[![Build Status](https://github.com/halo/macosvpn/actions/workflows/tests.yml/badge.svg?branch=master)](https://github.com/halo/macosvpn/actions)\n[![Codebeat](https://codebeat.co/badges/b60656d2-1cc8-4644-a1a9-4a35177476fb)](https://codebeat.co/projects/github-com-halo-macosvpn)\n[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/halo/macosvpn)\n![Swift](https://img.shields.io/badge/Swift-5-F16D39.svg?style=flat)\n\n## Create Mac OS VPNs programmatically\n\nThis is a command-line tool written in Swift that can create VPN network configurations on your Mac.\n\nIt supports **L2TP over IPSec** and **Cisco IPSec**.\nIntegration tests are run as Github Action, to ensure it's working properly.\n\nThis open-source code is actively maintained. Should you like to motivate me, you may click on the ✭ in the top-right corner.\n\n![Screenshot](https://cdn.rawgit.com/halo/macosvpn/master/doc/screenshot_1.0.0-rc1.jpg)\n\n## Requirements\n\n#### macOS 10.10 or higher\n\nNote that the installation via homebrew could fail on previous operating systems, such as High Sierra. In that case, please browse the [releases](https://github.com/halo/macosvpn/releases) section to find an earlier build for your operating system.\n\n#### Administrator privileges\n\nI.e. you *have* to run it with sudo. The passwords of VPN services are exclusively stored in the *System Keychain*.\nOnly `sudo` or a [HelperTool](https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html#//apple_ref/doc/uid/TP40002589-SW2) can write to the *System Keychain*.\nI don't want you to have to deal with the complexity a HelperTool can entail, so we simply use `sudo`.\n\n## Installation\n\nIf you have [Homebrew](http://brew.sh) installed, you can simply start a Terminal and run:\n\n```sh\n# To see which version is installed via homebrew, have a look at:\n# https://github.com/Homebrew/homebrew-core/search?q=macosvpn\u0026type=Issues\n\nbrew install macosvpn\n```\n\nIf not, you can run this curl command to get the compiled executable from Github:\n\n```sh\n# Make sure first that the directory /usr/local/bin exists\n\nsudo sh -c \"curl -L https://github.com/halo/macosvpn/releases/download/1.0.0/macosvpn \u003e /usr/local/bin/macosvpn\"\nsudo chmod +x /usr/local/bin/macosvpn\n```\n\nAs of macOS Catalina you may once have to \"accept\" that this executable is considered \"safe\":\n\n```sh\nxattr -d com.apple.quarantine /usr/local/bin/macosvpn\n```\n\nIf that freaks you out (it should), you can compile it yourself if you have a recent Xcode version installed:\n\n```sh\ngit clone https://github.com/halo/macosvpn.git\ncd macosvpn\nbin/build\n```\n\nYou can always run `macosvpn --version` to see the version currently installed on your system\nand compare it to [the latest available version](https://github.com/halo/macosvpn/releases) on Github.\n\n## Usage\n\nCreating a single L2TP over IPSec VPN Service:\n\n```sh\nsudo macosvpn create --l2tp Atlantic --endpoint example.com --username Alice \\\n                     --password p4ssw0rd --sharedsecret s3same\n```\n\n* Replace `--l2tp` with `--cisco` to create a Cisco IPSec instead.\n* Groupnames can be specified with `--groupname`.\n* Add `--force` to overwrite an existing VPN with the same name.\n\nBy default, L2TP is created with the \"Send all traffic over VPN connection\" option, also known as wildcard routing.\nYou can add the `--split` flag to **not** force all traffic over VPN.\n\nThe same command shorter (try out `--help` to see all available arguments):\n\n```sh\nsudo macosvpn create -l Atlantic -e example.com -u Alice -p p4ssw0rd -s s3same\n```\n\nWith L2TP you can\n\n* add `--split` to *not* force all traffic over VPN.\n* add `--disconnectswitch` to disconnect when switching user accounts.\n* add `--disconnectlogout` to disconnect when user logs out.\n\n#### Creating multiple VPNs at once\n\nRepeat the arguments to create multiple Services at once.\n\n```sh\nsudo macosvpn create -c Atlantic -e atlantic.example.com -u Alice -p p4ssw0rd \\\n                     -l Pacific -e pacific.example.com -u Bob -p s3same\n```\n\n#### Deleting VPN services\n\n```sh\nsudo macosvpn delete --name MyVPN\nsudo macosvpn delete -n AnotherOne -n ThisOneToo\nsudo macosvpn delete --all # Careful!\n```\n\n## Troubleshooting\n\n* If you're stuck, try to add the `--debug` flag and see if it says something useful.\n\n## Limitations\n\n* It is not possible to add so called \"configurations\" for L2TP. See [this issue](https://github.com/halo/macosvpn/issues/17).\n\n## Development\n\nThe `master` branch is always edge and may not be ready for production.\n\nThere are XCTest units test and integration tests that are run using ruby. Simply look at [bin/test](https://github.com/halo/macosvpn/blob/master/bin/test) to see how to run the tests on your Mac.\n\nUseful commands for debugging:\n\n```bash\n# Show all current VPN service configurations\nopen /Library/Preferences/SystemConfiguration/preferences.plist\n```\n\n```bash\n# Show all Keychain Items and their access policies\nsecurity dump-keychain -a /Library/Keychains/System.keychain\n```\n\n## History and credits\n\nFeel free to browse through the code of this application.\nIt's pretty small and straight-forward.\n\nIt all began with finding [this page](https://lists.apple.com/archives/macnetworkprog/2011/May/msg00032.html) you probably already found.\nBut it was not before [this practical example](https://lists.apple.com/archives/macnetworkprog/2013/Apr/msg00016.html) that I actually dared to try to implement this.\nThen, google led me to [this page](https://lists.apple.com/archives/macnetworkprog/2007/Dec/msg00045.html) where I learned how to set the Shared Secret.\nThe last hurdle was to get the \"Send all traffic over VPN\" flag, which I finally [found the answer to here](http://pastebin.com/112KEHSV).\nFinally, I [learned from over here](http://stackoverflow.com/questions/24363935) how to add things to the System Keychain.\n\n## Special thanks\n\nThank you for reporting bugs. And thanks to all keen [contributors](https://github.com/halo/macosvpn/graphs/contributors).\n\nAlso thanks to \"[The Eskimo!](https://developer.apple.com/forums/profile/eskimo)\",\nwhenever I'm deep down in the undocumented macOS VPN stack,\nI end up finding random forum posts by this remarkably helpful Apple engineer.\n\nThese are 3rd-party libraries, which were kindly released under the MIT license:\n\n* [Moderator](https://github.com/kareman/Moderator) by Kare Morstol\n* [PrettyColors](https://github.com/jdhealy/PrettyColors) by J.D. Healy\n\n## License\n\nMIT 2014-2020 halo. See [LICENSE.md](https://github.com/halo/macosvpn/blob/master/LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhalo%2Fmacosvpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhalo%2Fmacosvpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhalo%2Fmacosvpn/lists"}