Using NWPathMonitor to catch VPN connections

Can there be more than one utun* interfaces even if VPN is not on?

Yes, there can be. Take a look at % ifconfig to see the interfaces being used at any given time.

Also what else should I look for to test for VPN, if any.

You could use the SCDynamicStore set of APIs, which is roughly equivalent to % scutil --nc list to crawl through the System Configurations to see if there are network configurations for VPNs. This may only give you the information though and not exactly tell you if the VPN is connected.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Thanks Matt.

I was aware of ifconfig and aware that there are three utun* interfaces running by default on Big Sur. Most seem to be Apple related.

scutil --nc list  doesn't seem to return anything for two VPNS I have tried, TunnelBlick and Viscosity. I get:

Available network connection services in the current set (*=enabled): and then nothing.

for now I am making the assumption that Apple services using the utun interfaces are ip6 and most VPNS are on ip4 so I test for

          "State:/Network/Interface/utun\(n)/IPv4"

I listen on:

State:/Network/Global/IPv4, which seems to work for all cases of network or interface changes

However I am stuck as how to recognise a ip6 VPN. I can surely catch a new iP6 but it might be an additional Apple service. There's no way, as far as I can see, to differentiate between an Apple service running on the network interface and third party services.