jakub holý

building the right thing, building it right, fast

Connect Tunnelblick to VPN automatically after wake up


Need: Make sure that VPN is always running except when at work.

Partial solution: Make sure VPN is always running with "connect when computer starts" and using an AppleScript to connect after waking up from sleep. Disconnect manually when at work.

Future: Check the current location (wifi name? IP?) and do not connect when at work.

Tunnelblick config

Select "When computer starts" for the VPN config option "Connect".

(Re)Connect to VPN after wake up from sleep

Wake-up script

Create the AppleScript ~/wake.sh to connect VPN and display a notification about it (OS X 10.9+):

# Start Tunnelblick VPN after wakeup (run via sleepwatcher)
# See /Users/me/Library/LaunchAgents/de.bernhard-baehr.sleepwatcher-20compatibility.plist

tell application "Tunnelblick" connect "MY_VPN" ## Uncomment v to wait until the connection is establieshed: # get state of first configuration where name = "MY_VPN" # repeat until result = "CONNECTED" # delay 1 # get state of first configuration where name = "MY_VPN" # end repeat end tell

display notification "(See ~/wake.sh)" with title "Tunneblick connecting..."

Running the wake-up script

We will use sleepwatcher, install it f.ex. via brew:

brew install sleepwatcher

And create a launch agent to start it with the wake script, based on the example provided by brew when installing (/usr/local/Cellar/sleepwatcher/2.2/de.bernhard-baehr.sleepwatcher-20compatibility-localuser.plist, renamed and modified) - ~/Library/LaunchAgents/de.bernhard-baehr.sleepwatcher.plist:

<!--string>-s ~/.sleep</string-->
<string>-w ~/wake.sh</string>

Testing it

Start the launch agent:

launchctl load ~/Library/LaunchAgents/de.bernhard-baehr.sleepwatcher.plist

Now make your computer sleep, wake it up and see if you get the notification (click on the notification icon if it doesn't show up) and if VPN starts.

Troubleshooting - run the wake.sh manually from the command line (provided that you chmod +x it first).