Automatic non-sticky disconnect in the server subnet?

Got a problem with Viscosity or need help? Ask here!

acronce

Posts: 10
Joined: Mon Sep 18, 2017 5:01 am

Post by acronce » Mon Sep 18, 2017 5:28 am
Hi all,

We're in the process of moving our office VPN from IPSEC to OpenVPN. The current Mac client we're using for IPSEC is VPNTracker. I'm exploring OpenVPN clients.

So far I really like Viscosity, but I'd like to see it do a better job of disconnecting and reconnecting seamlessly when we move our laptops between the VPN server's LAN and remote networks.

This is one area where VPNTracker does a really good job. For example, I have the office VPN enabled. When I'm at home it automatically connects to the office. When I bring my machine to the office, VPNTracker senses that it's on the same subnet and it automatically disconnects. When I come back home again, it automatically reconnects. I never have to touch the VPN settings (when the client works, which is another subject).

Viscosity doesn't seem to handle this situation seamlessly with the current set of reconnection options. If I leave the VPN enabled at home then go to the office, it reconnects to the VPN at the office. I've verified that in this case it actually passes data through the VPN rather than the LAN, which is not what I want.

After poking around for solutions, I noticed that Viscosity supports calling scripts at connect and disconnect times. So I wrote an AppleScript that senses when I'm at the office and returns "ViscosityNoConnect" when I'm onsite. That works and Viscosity disconnects. But it "remembers" this disconnect, so when I go back home I have to manually reconnect.

What I really want is for the connection to the office to be sticky, and for Viscosity to disable the VPN when I'm in a LAN provided by the VPN.

I apologize if there's already a way to do this that I'm missing. Thanks in advance for any help.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Sep 19, 2017 10:08 pm
Hi acronce,

Thanks for the feedback - we'll take it on board.

We do have some new features in the works that should help, however I'm afraid Viscosity can't currently implement such behaviour on its own. However it is possible to combine Viscosity's AppleScript support with a third party location-aware tool such as ControlPlane or Sidekick to trigger connections or disconnections on certain events. More information regarding controlling Viscosity can be found at:
http://www.sparklabs.com/support/kb/art ... cript-mac/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

acronce

Posts: 10
Joined: Mon Sep 18, 2017 5:01 am

Post by acronce » Wed Sep 20, 2017 12:32 am
I'll look into using one of these third party tools.

But it seems like this specific feature should be possible to implement in Viscosity alone (resources permitting, of course).

Presumably the VPN server provides a list of subnets to the client. Viscosity could compare the subnets that the machine has access to normally (not over the VPN). If there's a match, it would disable the VPN connection in a non-sticky way.
3 posts Page 1 of 1