May 09

Macbook VPN Autoconnect on Wireless

Problem Scope: I had been working to find some solution for overcome machine authentication issue faced by MAC OS X machines. To connect to my wireless network currently machines must need to authenticate themselves before they can get access to resources on the Active Directory. The machines that fails authentication have limited access on the wireless network like internet and few other things. MAC OS doest perform window style machine authentication. So, wanted MAC users to use VPN once to access resources on Active Directory once they are connected to wireless network.I wanted to automate this whole part of VPN connection such that users don't have to first connect to wireless and than open VPN Clients windows to ask it for connection but as long as they get connected to wireless, the VPN Client should kick start itself automatically. For the reason I have worked the following way.
OS Used : MAC OS X Version 10.5.2VPN Client: Cisco VPN Client 4.9
Settings for VPN Client
VPN Client>Preferences> Check >Save Windows Settings >Minimize Upon Connect
>Enable Connect on Open

Now create a profile in VPN Clients which is according to network settings you are trying to connect and make this profile the default profile.
Note: Users in my network will use the same profile in VPN Client if they want to access the network on the wireless or from internet.
Following Script in created in MAC OS Script EditorThis script is based on other scripts available online at different MAC forums and blogshttp://dave.groupee.com/displayBLOG_ENTRY/content/14076434951483167

What does this script do:This script will be launched as their are changes on the wireless card of the macbook. This script would first check the SSID, if it is the SSID where we want to use VPN Client than it would ping a server address in the network to see if the wireless connection is successful. Once it gets the ping reply it will start VPN Client.The SSID parameter is used to make sure that VPN Client doesn't starts itself if user is connected to its home wireless network or any other network.

Create the following script and save this as application and uncheck all option other than 'Run Only' in save file dialog box. Save the file in user home directory likeMacintosh HD>Users>Username>autoconnect.app***************************************

set SSID to do shell script "/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '"

property server_address : "xxx.xxx.xxx.xxx"

if SSID = "yourssid" then

set firstTime to true



do shell script "ping -c 1 " & server_address

tell application "Finder"


open application file "VPNClient.app" of folder "Applications" of startup disk

end tell

exit repeat

on error errStatement number errNum

if errNum = 2 then

if firstTime then

end if


exit repeat

end if

delay 1

end try

end repeat

end if


Now with this script in place we place the second file which would monitor the Macbook airport interface and would execute this script once a change is detected.
Save the following file as
******************************************************** Label muhammad.wireless.vpn ProgramArguments /Users/USername/autoconnect.app WatchPaths /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist ************************************************************

Now, with all in place, turn off your wireless and connect to the network, it would execute the script application and would check for your SSID, if its the one you want your VPN to be active for, VPN would come up asking for your credentials, enter your username and password and here you go….

