Determining if the system is connected to a VPN from the command line under OS X

Learning that lasts. Online courses from $14.99

I connect to a work Virtual Private Network (VPN) from home using a MacBook Pro laptop running OS X El Capitan (10.11.6) and was curious if there was a way that I could determine whether the system was connected to the VPN or disconnected from a VPN using a command-line interface (CLI), i.e., a Terminal window, other than by checking the IP address that external systems see for the system, e.g., by visiting WhatIsMyIP.com. At How can I tell if OS X is connected to a VPN network from the command line?, I found someone suggesting using the scutil command scutil --nc list and piping the output to the grep command looking for the word "Connected", i.e., scutil --nc list | grep Connected. However, that didn't work when I attempted to discern whether the laptop was connected to the VPN via that method, since the scutil command always produced the following output whether or not the system was connected to the VPN:

$ scutil --nc list 
Available network connection services in the current set (*=enabled):
$

However, I was able to determine if the system was connected to the VPN by using the method listed in the post by the person who posed the question. I.e., I could use the ifconfig command and count the number of occurences of "utun0," since the count was zero if the system was not connected to the VPN and one if it was connected to the VPN. E.g., if the system was not connected to the VPN, I would see the following output.

$ ifconfig | grep utun0
$ ifconfig | grep -c utun0 
0
$

When the system was connected to the VPN, I would see the following output:

$ ifconfig | grep utun0
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1400
$ ifconfig | grep -c utun0
1
$

I.e., when connected to the VPN, I would see "utun0:" followed by "flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>" and a maximum transmission unit (MTU) size of 1,400 bytes. I could use the scutil command to make the determination, if I used scutil --nwi and looked for "utun0" in its output. E.g., when I wasn't connected to the VPN, I would see the following output:

$ scutil --nwi
Network information (generation 83217872608522)
IPv4 network interface information
     en0 : flags 0x5 (IPv4,DNS)
           reach 0x00000002 (Reachable)
           Signature Hash: <data> 0x69483ec13a29ac154aa31dd39b6ec294f5cbe02d
           generation 82648601556353

   REACH : flags 0x00000002 (Reachable)

IPv6 network interface information
   No IPv6 states found

   REACH : flags 0x00000000 (Not Reachable)

Network interfaces: en0
$ scutil --nwi | grep "utun0"
$
$ scutil --nwi | grep -c "utun0"
0
$

However, when I was connected to the VPN, I would see the following output:

$ scutil --nwi
Network information (generation 8661702448046)
IPv4 network interface information
   utun0 : flags 0x5 (IPv4,DNS)
           reach 0x00000002 (Reachable)
           Signature Hash: <empty>
           generation 8661702448046
     en0 : flags 0x5 (IPv4,DNS)
           reach 0x00000002 (Reachable)
           Signature Hash: <data> 0x2d4e225ada4dd5b1d9f123b7781d7f6724df49d8
           generation 8661702448046

   REACH : flags 0x00000002 (Reachable)

IPv6 network interface information
   No IPv6 states found

   REACH : flags 0x00000000 (Not Reachable)

Network interfaces: utun0 en0
$ scutil --nwi | grep -c "utun0"
2
$

So, if I count the number of instances of "utun0" with "grep -c", I will see zero if the VPN connection isn't active and two if it is. Note: those using Back to my Mac may see "utun0" without a VPN connection being active according to an answer posted in response to the question Who creates utun0 adapter?. The respondent noted:

utun0 is created by macOS for VPN and Back to My Mac, regardless of whether these features are enabled. This is not indicative of any unwanted application being installed; utun0 is expected on macOS Sierra and later.

In my case macOS Sierra (version 10.12) is a later version of the operating system what is on the corporate laptop I'm using.

Related Articles:

  1. Viewing and setting the host name on a Linux or OS X system