Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/crcastle/connect-to-vpn-on-unknown-wifi

Ask user whether to connect to Mullvad VPN when connecting to an unknown Wi-Fi network
https://github.com/crcastle/connect-to-vpn-on-unknown-wifi

Last synced: about 2 months ago
JSON representation

Ask user whether to connect to Mullvad VPN when connecting to an unknown Wi-Fi network

Host: GitHub
URL: https://github.com/crcastle/connect-to-vpn-on-unknown-wifi
Owner: crcastle
Created: 2024-05-09T06:17:27.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-09-17T01:01:05.000Z (4 months ago)
Last Synced: 2024-10-14T04:44:25.581Z (3 months ago)
Language: AppleScript
Size: 10.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # connect-to-vpn-on-unknown-wifi

All the [talk](https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/) of [TunnelVision](https://www.leviathansecurity.com/blog/tunnelvision) got me thinking about being more diligent about using a VPN when I'm on public Wi-Fi.

This makes it easy for me to do so.

The first time I connect to a Wi-Fi network, this asks me whether I want to enable [Mullvad VPN](https://mullvad.net/en) (my current VPN of choice). If I click **Connect**, it connects me. If I click **Don't Connect** it then asks me if I'd like to save the current Wi-Fi network SSID to a list of known networks. If I say **Yes**, I'm not prompted to connect to Mullvad VPN the next time I connect to this SSID.

I also use Tailscale.~~, so this also disables Tailscale before enabling Mullvad.~~ Mullvad can now run simultaneously with Tailscale by adding a firewall rule using `pfctl` and a route for DNS using `route`.

## Setup

- Save `unknown-wifi-connect-vpn.job.plist` to `~/Library/LaunchAgents/unknown-wifi-connect-vpn.job.plist`

- Save `connect-mullvad-on-unknown-network.applescript` somewhere your user has permissions, e.g., `~/bin/connect-mullvad-on-unknown-network.applescript`

- Update the path to the `.applescript` in the `.plist` file

- The AppleScript script needs to be able to run `route` and `pfctl` using `sudo` non-interactively, so ideally add a file to `/etc/sudoers.d/` containing the following, replacing `crcastle` with your username. This will let the AppleScript script run `route` and `pfctl` without a password or Touch ID.

      crcastle		ALL = (ALL) NOPASSWD: /sbin/route,/sbin/pfctl

- Enable the launchd job with `sudo launchctl load -w ~/Library/LaunchAgents/unknown-wifi-connect-vpn.job.plist`