Bash script to deactivate and activate the Endpoint Security VPN on macOS

vpn.sh

#!/usr/bin/env bash

get_plist_key() {
    local value
    if value="$(set -o pipefail; plutil -extract "${2}" xml1 -o - "${1}" | grep -Ev "^<(\?|\!|/?plist)")"; then
        printf "%s" "${value}"
    fi
}

plist_status() {
    #TODO: Implement functionality to patch the plist's
    local value
    value="$(get_plist_key "/Library/LaunchAgents/com.checkpoint.eps.gui.plist" "RunAtLoad")"
    if [[ "${value}" != "<false/>" ]]; then
        echo "  ⚠️  Application: RunAtLoad enabled in \"/Library/LaunchAgents/com.checkpoint.eps.gui.plist\""
    fi
    value="$(get_plist_key "/Library/LaunchAgents/com.checkpoint.eps.gui.plist" "KeepAlive")"
    if [[ "${value}" != "<false/>" ]]; then
        echo "  ⚠️  Application: KeepAlive enabled in \"/Library/LaunchAgents/com.checkpoint.eps.gui.plist\""
    fi
    value="$(get_plist_key "/Library/LaunchDaemons/com.checkpoint.epc.service.plist" "RunAtLoad")"
    if [[ "${value}" != "<false/>" ]]; then
        echo "  ⚠️  Daemon     : RunAtLoad enabled in \"/Library/LaunchDaemons/com.checkpoint.epc.service.plist\""
    fi
    value="$(get_plist_key "/Library/LaunchDaemons/com.checkpoint.epc.service.plist" "KeepAlive")"
    if [[ "${value}" != "<false/>" ]]; then
        echo "  ⚠️  Daemon     : KeepAlive enabled in \"/Library/LaunchDaemons/com.checkpoint.epc.service.plist\""
    fi
}

check_components() {
    vpn_kext=$(kextstat | grep com.checkpoint.cpfw)
    vpn_daemon=$(pgrep 'TracSrvWrapper')
    vpn_app=$(pgrep 'Endpoint_Security_VPN')
}

kext_status() {
    vpn_kext=$(kextstat | grep com.checkpoint.cpfw)
    if [[ "${vpn_kext}" != "" ]]; then
        echo "  ✅ Extension  : cpfw.kext"
    else
        echo "  ❌ Extension  : cpfw.kext"
    fi
}

daemon_status() {
    vpn_daemon=$(pgrep 'TracSrvWrapper')
    if [[ "${vpn_daemon}" != "" ]]; then
        echo "  ✅ Daemon     : TracSrvWrapper (PID ${vpn_daemon})"
    else
        echo "  ❌ Daemon     : TracSrvWrapper"
    fi
}

app_status() {
    vpn_app=$(pgrep 'Endpoint_Security_VPN')
    if [[ "${vpn_app}" != "" ]]; then
        echo "  ✅ Application: Endpoint Security VPN.app (PID ${vpn_app})"
    else
        echo "  ❌ Application: Endpoint Security VPN.app"
    fi
}

if [[ "${1}" = "" ]]; then
    echo "Check Point Endpoint Security VPN status:"
    plist_status
    kext_status
    daemon_status
    app_status
    echo ""
    echo "Usage:"
    echo "  vpn [up|down]"
elif [[ "${1}" = "down" ]]; then
    echo "Shutting down Check Point Endpoint Security VPN:"
    plist_status
    check_components
    if [[ "${vpn_app}" != "" ]]; then
        sudo kill -9 "${vpn_app}"
        app_status
    fi
    if [[ "${vpn_daemon}" != "" ]]; then
        sudo launchctl unload "/Library/LaunchDaemons/com.checkpoint.epc.service.plist" 2>/dev/null
        daemon_status
    fi
    if [[ "${vpn_kext}" != "" ]]; then
        sudo kextunload /Library/Extensions/cpfw.kext
        kext_status
    fi
elif [[ "${1}" = "up" ]]; then
    echo "Starting up Check Point Endpoint Security VPN:"
    check_components
    if [[ "${vpn_kext}" = "" ]]; then
        sudo kextload /Library/Extensions/cpfw.kext
        kext_status
    fi
    if [[ "${vpn_daemon}" = "" ]]; then
        sudo launchctl load /Library/LaunchDaemons/com.checkpoint.epc.service.plist 2>/dev/null
        sudo launchctl start com.checkpoint.epc.service
        daemon_status
    fi
    if [[ "${vpn_app}" = "" ]]; then
        open "/Applications/Endpoint Security VPN.app"
        app_status
    fi
else
    echo "Invalid option"
    echo "Usage:"
    echo "  vpn [up|down]"
fi

Before running, disable RunAtLoad and KeepAlive in /Library/LaunchAgents/com.checkpoint.eps.gui.plist and /Library/LaunchDaemons/com.checkpoint.epc.service.plist