The problem with desktop-driven operating systems is that they seem to lack most of the tools necessary to run under a server configuration. For OSX, one of the main problems is that it is difficult to keep a VPN connection started in the background even if the connection is terminated. Simply, one would have to access the user interface using AppleScript in order to reinitiate the connection as well as monitor its status. This can be particularly inconvenient if the server has to run in headless mode with no logged-in users.
For pptp connections, we can use the pppd daemon in order to initiate a connection to a VPN from the command line. However, we go one step forward and create a plist that will be able to achieve this automatically on system startup.
The following XML file can be placed in /Library/LaunchDaemons/ and loaded using:
launchctl load -w /Library/LaunchDaemons/com.vpn.user.plist
in order to automatically initiate a connection to a PPTP VPN server.
<plist version="1.0"> <dict> <key>Label</key> <string>com.vpn.user</string> <key>Program</key> <string>/usr/sbin/pppd</string> <key>ProgramArguments</key> <array> <string>pppd</string> <string>remoteaddress</string> <string>ADDRESS</string> <string>user</string> <string>USERNAME</string> <string>password</string> <string>PASSWORD</string> <string>serviceid</string> <string>3</string> <string>debug</string> <string>logfile</string> <string>/tmp/ppp.log</string> <string>plugin</string> <string>/System/Library/SystemConfiguration/PPPController.bundle/Contents/PlugIns/PPPDialogs.ppp</string> <string>plugin</string> <string>PPTP.ppp</string> <string>redialcount</string> <string>1</string> <string>redialtimer</string> <string>5</string> <string>idle</string> <string>1800</string> <string>mru</string> <string>1500</string> <string>mtu</string> <string>1448</string> <string>receive-all</string> <string>noipdefault</string> <string>ipcp-accept-local</string> <string>ipcp-accept-remote</string> <string>noauth</string> <string>refuse-pap</string> <string>refuse-chap-md5</string> <string>hide-password</string> <string>noaskpassword</string> <string>nodefaultroute</string> <string>nodetach</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> </dict> </plist>
There are several key-options in the above XML file that have to be configured:
ADDRESS is the address of the VPN to connect to.USERNAME is the username of the VPN account.PASSWORD is the password of the VPN account.Additionally, we note the following options:
<string>serviceid</string> <string>3</string>
This sets serviceid to 3. The serviceid acts as an unique identifier for the current connection. So, in case you need to set-up several plist files, this value will have to be changed.
The following option in the file:
<string>nodefaultroute</string>
tells pppd that it should not make the route pulled from the VPN server the default route.