This creates a daemon job to watch VPN and Wi-Fi state to ensure the native macOS VPN is active if it drops and is no longer active, or if there is a change in Wi-Fi state (as in the case of Wi-Fi being turned on).
- customize the string variables at the top of
vpn-killswitch.sh
to the name of your Wi-Fi network and VPN configuration - Place the
vpn-killswitch.sh
file somewhere, make it executable (chmod u+x vpn-killswitch.sh
) - alter the full path to whereever the script was placed in the
on-network-change.job.plist
file- (Change the line with
/Users/MYUSERNAME/full/path/to/vpn-killswitch.sh
)
- (Change the line with
- Save
on-network-change.job.plist
to within~/Library/LaunchAgents/
- load the launch agent to run when needed via
launchctl load -w ~/Library/LaunchAgents/on-network-change.job.plist
- One of the files being watched,
/private/var/run/ppp0.pid
, may only reflect the first of several VPNs, if multiple are present. Change as appropriate. - The other file being watched,
/private/var/run/resolv.conf
can change for other reasons (ex. whenever the DNS servers are updated). It's being used here because it's an easy file for the launch agent to watch without polling via a separate command.