How to programatically create a VPN connection on Mac OS X?

Question

I have a config file that completely describes how to connect to a VPN. I'd like to write a tool (C or Objective-C) to read in the file and then create a new VPN interface on the system. I'm guessing the answer will have something to do with SCNetworkServiceCreate and/or SCNetworkInterfaceCreateWithInterface. Both of these want to bind to another interface. What stumps me is that, in theory, the VPN connections should ride on top of any IP interface so I'm at a loss what to use for the base interface. Any help or pointers would be greatly appreciated.

Answer 1

macosvpn is a command line tool written in Objective-C over on GitHub which allows you to "Create Mac OS VPNs programmatically". E.g. to add a L2TP over IPSec VPN service you would do this:

sudo macosvpn create --l2tp Atlantic --endpoint atlantic.example.com --username Alice --password p4ssw0rd --shared-secret s3same

It should be straightforward to read your config file params into the command's flag args.

As of today macosvpn is available via Homebrew: brew install macosvp. Xcode is a build requirement.

Answer 2

Answering this for completeness.

So, the answer is not well documented. However, there is a magical constant interface definition for any protocol that you want to ride on top of the currently connected IPv4 interface, kSCNetworkInterfaceIPv4.

Therefore the code to create a new VPN builds the VPN stack on top of that interface.