Ok, so I wrote yesterday about a solution for checking your VPN connection via a network interface change, but it turns out there’s a better way to do it. I discovered it shortly after posting (StackExchange thread), and received a few comments mentioning it. So here’s part two.

The command is scutil, used for managing (s)ystem (c)onfiguration parameters. The command scutil --nc list will show your available VPN devices and their state, either Connected or Disconnected. By doing a case-sensitive grep for Connected we can determine if one or more is connected.

So now the script to perform an action when the VPN is disconnected looks like:

#!/bin/bash

while true; do
  RES=`scutil --nc list | grep -c Connected`
  [[ $RES == 0 ]] && break
  sleep 1
done

say "VPN disconnected"

The scutil --nc list | grep -c Connected should return 0 if no VPN is connected, which you can then use to light up a button, integrate into launch/quit scripts, etc. Just a cleaner way to do what I showed yesterday.

Trevor Manternach has an interesting post using this trick with Wirecast and Bartender.