Configuration groupings

Question

Configuration groupings

Sjeanpierre opened this issue 8 years ago · 15 comments

Thanks for this great utility, I'm about to fork it and attempt to add some grouping functionality to it, but I wanted to pick your brain and see if you knew what would be needed in order to do so.

In the Network preferences UI we have the ability to add multiple configurations to the same VPN connection as seen in the screenshot below, any idea how to replicate this functionality via scutil? any help I can get would be wonderful

Thanks

Answer 1 · 2016-04-18T19:56:25.000Z

Hi! So I created an L2TP service with multiple configurations and expected this command

open /Library/Preferences/SystemConfiguration/preferences.plist

to include the different configurations (that command comes from the readme). But alas, they are not there. I expected one of these kSCProp-thingys to exist for those configurations. Who knows where Apple is hiding those on the hard disk ;)

From this point on I'd only have google as my only help, too. Sorry to tell you that. Additionally, the word "configuration" is also used here which is not the same as in your screenshot. It's a general term for the whole set of configuration parameters of a VPN service.

All this stuff is absolutely not documented anywhere. I had to dig around a lot, too :(

Answer 2 · 2016-04-18T19:59:46.000Z

Thanks for getting back to me. my previous solution was an apple script to do all of this, but it is a horrible kludgy mess. I hope I can figure this out and contribute back to this project.

if you never hear back from me know that I fought the good fight!

Answer 3 · 2016-04-18T20:16:39.000Z

😃

Indeed, Apple Script was the predecessor to macosvpn as well, don't let's talk about it :D

Answer 4 · 2016-04-18T20:21:03.000Z

In fact, your last way out might be to ask on the apple mailing list because apparently there are apple developers hidden in there :) If we only know what that configuration dropdown "feature" is called internally, we might be able to google much more specifically.

Answer 5 · 2016-04-18T21:11:11.000Z

Ok, i'll keep digging around. I will also ask in the mailing list and hope that someone bites

Answer 6 · 2016-04-19T17:38:12.000Z

So I tried doing a file system trace using the instruments app on my Mac while I modified the vpn configuration. Amazingly enough there were no file writes that corresponded with my action.

I have no clue what manner of sorcery is at play here, but I've now appealed to the higher powers of the mailing list.

Answer 7 · 2016-04-22T04:40:26.000Z

Got a reply from an Apple Dev. going to try and track down the lead
http://lists.apple.com/archives/macnetworkprog/2016/Apr/msg00015.html

Answer 8 · 2016-04-22T14:39:00.000Z

Wow! That's like seeing a light at the end of a (VPN) tunnel ;)

Answer 9 · 2016-04-25T18:22:10.000Z

Looks like this is only available for 10.10 and above and it is still not clear to me how to create new "configurations" from this. :-(

Answer 10 · 2016-05-04T12:14:37.000Z

Sorry to hear.

Posting the reply here for documentation purposes:

On 19 Apr 2016, at 00:19, Jean-Pierre, Stevenson email@hidden wrote:

I've been looking through the SCNetworkConfiguration Reference but I have been unable to find a method to add additional configurations to IPSEC/L2TP VPN connections.

Right. There’s a bit of a disconnect between the original System Configuration framework architecture and the VPN stuff that was layered on top of that. Part of that disconnect is that VPN configurations are not surfaced via System Configuration framework.

The resolution to this is the Network Extension framework, which is the recommended way to set up VPN configurations on platforms where it’s available.

Share and Enjoy
Quinn "The Eskimo!" http://www.apple.com/developer/
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

Answer 11 · 2016-05-05T18:51:35.000Z

Also, NEVPNManager only allows you to create one VPN service per application. See the docs.

Each application is allowed to create a single VPN configuration.

I guess that also applies to Mac OS, not only iOS (?)

Anyway, this video clarified that the Network Extension framework is definitely the new kid on the block. However, I believe that it does not support L2TP. Only IPSec. It can be used on the App Store, though, which is really cool.

Answer 12 · 2016-05-05T18:54:18.000Z

So what Quinn said

The resolution to this is the Network Extension framework, which is the recommended way to set up VPN configurations on platforms where it’s available.

Appears to contradict this statement:

No, you can't use SDK 8 NetworkExtension.framework to connect to L2TP. It can be used for IPSec with IKEv1 and IKEv2 only.

So, only L2TP services have VPN configurations, but then again those are not surfaced anywhere except in the new framework which doesn't have L2TP at all? 😕

Answer 13 · 2016-05-11T18:01:11.000Z

Yeah seems really weird. I guess it is not possible in the way I envisioned.

Answer 14 · 2016-05-11T18:01:20.000Z

Thanks for all of your help on this

Answer 15 · 2017-09-15T01:47:55.000Z

Workaround for the DNS pane configuration:

sudo networksetup -setdnsservers my_service_name 8.8.8.8 4.4.4.4