I'm trying to get a new MacBook Pro running the latest version of Sierra to connect to my corporate VPN before the login screen. My machine is connected via Ethernet so I don't have to try and start Wi-Fi service prior to login. My command line script to connect to the VPN works fine in terminal. I know the file needs to be placed in /Library/LaunchDaemons/ but I'm not sure how to make sure it's processing before getting to the login screen. I'm new to writing plist files, so any help would be appreciated!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.vpn_at_boot</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>-c</string>
<string>sudo /usr/local/Cellar/sstp-client/1.0.11_1/sbin/sstpc vpn-hidden.hidden.com --user <hidden> --password <hidden> --log-stderr --cert-warn require-mschap-v2 noauth refuse-eap noccp</string>
</array>
<key>RunAtLoad</key>
<true/>
Best Answer
Your plist contains major errors and minor glitches. The proper plist - including stderr and stdout - looks like this:
Replace redacted with the proper domain name, user and password in your plist.
Your plist misses important tags (e.g.
</dict>and</plist>). It contains unnecessary stuff likesudo. The sstp-client may be updated later, so use its link in /usr/local/sbin. I also recommend to add /usr/local/sbin to /etc/paths.The plist permissions have to look like this:
After running the daemon successfully (i.e. without errors) you may remove the keys StandardErrorPath and StandardOutPath and their corresponding strings in the plist.