I use a VPN on our home router, which runs pfSense. When I'm on my laptop, I connect to the VPN for two reasons. The first is security when using unknown wifi connections. The second is for ease of access to my home Macs and network—when on the VPN, my laptop appears as part of the local network, so screen and file sharing are simple and 100% reliable.
To access the VPN, I use TunnelBlick, which runs as a menu bar application. Launch the app, activate its menu bar item, choose your VPN connection profile from the list, enter your password, and you're connected. But doing this several times a day gets annoying quite quickly. Thankfully, TunnelBlick includes AppleScript support.
Using that support and Keyboard Maestro, I wrote a few macros to simplify connecting to and disconnecting from our VPN, as well as changing the DNS address depending on whether I'm connected to the VPN or not.
Technically, the DNS address shouldn't have to be switched—I have the VPN and Tunnelblick configured to automatically switch on connect, but for whatever reason, it's just not happening. So I included DNS address switching in my macros.
I wound up with a set of four macros: Connect, Disconnect, Display DNS, and Toggle DNS.
The Connect and Disconnect macros use Tunnelblick's AppleScript support to, well, connect to and disconnect from the VPN. They also set the DNS address, based on whether the VPN is active or not.
But how can I tell when the VPN is active? Tunnelblick includes an AppleScript command to get the state of the connection:
tell application "Tunnelblick"
get state of configurations
I use this with Keyboard Maestro's Execute Action Until Conditions Met command to repeatedly check whether the VPN is active (or inactive, for disconnect); here's how that step looks in the Connect macro:
I execute the AppleScript once every second, and check what it returns. Once the state returns CONNECTED, I can then switch the DNS address, using the UNIX side of macOS:
networksetup -setdnsservers Wi-Fi 18.104.22.168
Replace 22.214.171.124 with the address of the DNS you want to use. You can also see the current DNS address with networksetup -getdnsservers Wi-Fi, which is how I display the current DNS address. Note: If you're using a server-provided DNS address, then you can't get its address with this command. I always manually set the DNS address on my laptop, though.
Note that if you don't use wifi, you'll need to replace Wi-Fi with the name of the network service you do use; the command networksetup -listallnetworkservices will display the names of your installed network services.
The Display DNS macro puts the current DNS address onscreen, but also includes some logic to test whether it's set correctly or not. If everything is right, then I see one of these two messages:
But if the DNS address is set to that of my home network, but the VPN isn't active, I'll see a message alerting me to the mismatch.
The Toggle DNS macro is only used if something goes wrong with the switching in the connect and disconnect macros, or if something else goes wrong, like an unexpected VPN disconnect. In those cases, I use this macro to flip between the two DNS addresses (on VPN and off VPN).
I assigned all four macros to one keyboard shortcut, so they pop up the palette (as seen above) when invoked. From there, I press 1 to connect, 2 to disconnect, etc.
If you'd like to use these macros, you're more than welcome to, but you'll need to customize them a bit to make them work for you. First, download the macro group, import it to Keyboard Maestro, and activate the macro group.
Here are the changes you'll need to make for these macros to work for you…
1 - Connect
Change the yourVPN bit in the connect... line in the AppleScript step to reflect the name of your VPN. You can see the name in the TunnelBlick menu bar menu.
In the final shell script step, replace 192.168.2.1 with the IP address of the DNS you want to use when connected to your VPN. And as above, if you don't use wifi, you'll need to change Wi-Fi to the name of the service you do use.
2 - Disconnect
Change the yourVPN bit in the disconnect... line in the AppleScript step to reflect the name of your VPN. You can see the name in the TunnelBlick menu bar menu.
In the final shell script step, replace 126.96.36.199 with the IP address of the DNS you want to use when you are not connected to your VPN. And as above, if you don't use wifi, you'll need to change Wi-Fi to the name of the service you do use.
Display DNS and Toggle DNS
Change any references to the internal (192.168.2.1) and external (188.8.131.52) DNS addresses to match those that you use.
Obviously, feel free to change the group activation shortcut and/or the individual macro launch keys as you wish. (I've actually changed it to use a macro group palette now, instead of the automatic conflict palette.)
With the above edits, you should be able to use these macros with your VPN configuration. No warranty expressed or implied, though!