 macOS High Sierra - WireGuard VPN Interactive Manager

Tested on macOS High Sierra using MacPorts

May support Homebrew (Untested)

A powerful terminal command line bash script for macOS that turns wg-quick into an interactive, paginated, and searchable menu. Especially helpful on older Mac's running outdated and unsupported OS versions; that cannot run the GUI for VPN's.

Features

• Interactive Menu: Browse all your WireGuard configuration files (.conf).
• Pagination: 15 items per page with easy navigation.
• Search: Filter servers instantly by keyword.
• Active Status: Clearly shows which VPN is currently connected.
• Automatic Verification: Runs connection checks immediately after connecting.
• Auto-switches: Automatically turns off active VPN before activating a new one.

Prerequisites (must be installed first)

1. Install Package Manager

• For MacPorts: If not installed, you must download and run the installer for your macOS version from macports.org.
• For Homebrew: If not installed, get it at brew.sh.

2. Install WireGuard Tools

• Via MacPorts:

  sudo port install wireguard-tools

  Config Path: /opt/local/etc/wireguard/
• Via Homebrew:

  brew install wireguard-tools

  Config Path: /etc/wireguard/

Installation

1. Copy the Script

(Currently using MacPorts - If using Homebrew, change the CONF_DIR= path to "/etc/wireguard")

After ensuring the correct path is specified, copy the following block of code (you need to specify the path properly) and paste it directly into your Terminal, then press Enter:

cat << 'EOF' | sudo tee /usr/local/bin/vpn > /dev/null
#!/bin/bash
# VPN Manager for WireGuard (Tested on macOS High Sierra)
# Features: Interactive Menu, Pagination, Search, Connection Verification

WG_QUICK="$(command -v wg-quick)"

# --- USER CONFIGURATION ---
# Change this path based on your installation method:
# Homebrew: /etc/wireguard
# MacPorts: /opt/local/etc/wireguard
CONF_DIR="/opt/local/etc/wireguard"
# --------------------------

# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color

# Function to run verification checks
run_check() {
    echo -e "\n${CYAN}Verifying connection...${NC}"
    # General check for IP and location
    curl -s https://ipapi.co/json | grep -E "city|region|org"
}

# --- Help Text ---
if [[ "$1" == "-h" || "$1" == "--help" ]]; then
    echo "Usage: vpn [command]"
    echo "Commands:"
    echo "  (none)    Open interactive menu"
    echo "  off       Stop active VPN"
    echo "      Connect to .conf"
    exit 0
fi

# --- Find Active VPN ---
ACTIVE_VPN=$(ls /var/run/wireguard/*.name 2>/dev/null | xargs -n 1 basename | sed 's/.name//' | head -n 1)

# --- Interactive Menu ---
if [ -z "$1" ]; then
    mapfile -t ALL_CONFIGS < <(ls "$CONF_DIR"/*.conf 2>/dev/null | xargs -n 1 basename | sed 's/.conf//')
    CONFIGS=("${ALL_CONFIGS[@]}")
    
    INDEX=0
    PAGE_SIZE=15
    SEARCH_TERM=""

    while true; do
        clear
        echo -e "${GREEN}--- ACTIVE ---${NC}"
        [ -z "$ACTIVE_VPN" ] && echo "None" || echo "$ACTIVE_VPN"
        echo ""
        
        if [ ! -z "$SEARCH_TERM" ]; then
            echo -e "${YELLOW}--- SEARCHING: $SEARCH_TERM (Type 'c' to clear) ---${NC}"
        else
            echo -e "${BLUE}--- SELECT A SERVER ---${NC}"
        fi

        # Show page
        for ((i=INDEX; i= 0)); then INDEX=$((INDEX-PAGE_SIZE)); fi
        elif [[ "$INPUT" == "q" ]]; then
            exit 0
        fi
    done
    
    # Connection Logic
    [ ! -z "$ACTIVE_VPN" ] && sudo "$WG_QUICK" down "$CONF_DIR/$ACTIVE_VPN.conf"
    echo -e "${GREEN}Starting $NAME...${NC}"
    sudo chmod 600 "$CONF_DIR/$NAME.conf"
    sudo "$WG_QUICK" up "$CONF_DIR/$NAME.conf"
    run_check
    exit 0
fi

# --- Direct Command Logic ---
if [[ "$1" == "off" || "$1" == "stop" ]]; then
    [ -z "$ACTIVE_VPN" ] && echo "Nothing running." || sudo "$WG_QUICK" down "$CONF_DIR/$ACTIVE_VPN.conf"
    exit 0
fi

NAME=$1
CONFIG="$CONF_DIR/$NAME.conf"
if [ ! -f "$CONFIG" ]; then echo "Error: '$NAME.conf' not found"; exit 1; fi
[ ! -z "$ACTIVE_VPN" ] && sudo "$WG_QUICK" down "$CONF_DIR/$ACTIVE_VPN.conf"
sudo chmod 600 "$CONFIG"
sudo "$WG_QUICK" up "$CONFIG"
run_check
EOF

2. Enter Your Password

The terminal will ask for your macOS login password. Note: Nothing will appear on the screen while you type your password. This is normal security behavior. Just type it and press Enter.

3. Configure Paths & Autocomplete

Open ~/.bash_profile in a text editor (e.g., sudo nano ~/.bash_profile) and add the section matching your installation:

For MacPorts Users:

# VPN Autocomplete for MacPorts
_vpn_autocomplete() {
    local cur=${COMP_WORDS[COMP_CWORD]}
    local configs=$(ls /opt/local/etc/wireguard/*.conf 2>/dev/null | xargs -n 1 basename | sed 's/.conf//')
    COMPREPLY=( $(compgen -W "$configs" -- "$cur") )
}
complete -F _vpn_autocomplete vpn
alias vpnfolder='cd /opt/local/etc/wireguard && ls'
alias checkvpn='curl -s https://ipapi.co/json | grep -E "ip|city|region|org"'
export PATH="/opt/local/bin:/opt/local/sbin:$PATH"

Run source ~/.bash_profile to apply changes.

For Homebrew Users:

# VPN Autocomplete for Homebrew
_vpn_autocomplete() {
    local cur=${COMP_WORDS[COMP_CWORD]}
    local configs=$(ls /etc/wireguard/*.conf 2>/dev/null | xargs -n 1 basename | sed 's/.conf//')
    COMPREPLY=( $(compgen -W "$configs" -- "$cur") )
}
complete -F _vpn_autocomplete vpn
alias vpnfolder='cd /etc/wireguard && ls'
alias checkvpn='curl -s https://ipapi.co/json | grep -E "ip|city|region|org"'

Run source ~/.bash_profile to apply changes.

4. Move .conf Files into the Appropriate Folder

You must move your VPN .conf files into the specific VPN directory; otherwise, the client will not find any servers to connect to. These files are generally downloadable from your VPN provider's website.

Important: Paste your .conf files into the designated vpnfolder.

Target Directories:

• MacPorts: /opt/local/etc/wireguard
• Homebrew: /etc/wireguard

Example Commands

Open your terminal and use the following commands based on your installation method. Make sure you are currently in the directory where you downloaded the .conf files.

For MacPorts:

cd ~/Downloads
sudo mv *.conf /opt/local/etc/wireguard/

For Homebrew:

cd ~/Downloads
sudo mv *.conf /etc/wireguard/

Note: If you downloaded the configuration files as a .zip archive, ensure you are in the download directory and use the following commands to unzip and move them automatically:

For MacPorts:

cd ~/Downloads
for f in *.zip; do unzip -j "$f" -d . && sudo mv *.conf /opt/local/etc/wireguard/; done

For Homebrew:

cd ~/Downloads
for f in *.zip; do unzip -j "$f" -d . && sudo mv *.conf /etc/wireguard/; done

Secure Configuration Files (Permissions)

For security reasons, WireGuard requires that configuration files are not readable by other users. Run the following command to set the correct permissions:

For MacPorts:

sudo chmod 600 /opt/local/etc/wireguard/*.conf

For Homebrew:

sudo chmod 600 /etc/wireguard/*.conf

Warning: Ensure your .conf filenames do not exceed 15 characters (excluding the .conf extension). Filenames longer than 15 characters may cause the VPN connection to fail.

Usage

1. Interactive Menu

Just type:

vpn

2. Manual Commands & Autocomplete

• Connect by name: vpn au-syd-101 (Press Tab to autocomplete file names)
• Disconnect: vpn off
• Go to config folder: vpnfolder
• Check IP Details: checkvpn