App Support.

We're here to help.



Conditional Connections

With Viscosity you can choose to automatically block or allow connections attempts unless they meet certain conditions. This feature is known as "conditional connections".

Conditional connections are helpful when there are situations where you may not want VPN connections to take place. For example, a workplace may want to allow laptop users to establish a VPN connection to the work network when working remotely, but prevent VPN connections when in the office. Likewise, a home user may want to establish a connection to a VPN Service Provider when away from home, but prevent VPN connections when at home.

Writing A Conditional Connection Script

Conditional connections are implemented using a "Before Connect" connection script. Please see the Running AppleScripts When Connected/Disconnected article for Mac, and the Running Batch/VBS Scripts when Connected/Disconnected article for Windows, for more information on how to write and use connection scripts before continuing.

A "Before Connect" is automatically run by Viscosity before starting the connection attempt for the VPN connection. Here you can decide whether to allow a VPN connection to take place. To allow a VPN connection to take place the script must either return "ViscosityConnect" or return no output. To block a VPN connection attempt the script must return "ViscosityNoConnect".

Your Before Connect script can consider absolutely anything when deciding whether to allow to allow or block a VPN connection from taking place. For example, it might look at the Wi-Fi network the user is connected to, what IP address the user has, whether a certain DNS domain is resolvable, whether a webpage is loadable, and so forth. We've included several examples in the section below.

Conditional Connection Script Examples

The following are example Before Connect scripts for Mac and Windows. They can be modified to suit the actual network conditions being checked.

Example 1

This script decides whether to allow a connection based on the Wi-Fi network the computer is connected to. If it is connected to a Wi-Fi network with the name "MyWirelessNetwork" it will prevent the VPN connection from connecting.

Mac

set wifinetwork to do shell script "networksetup -getairportnetwork en1 | awk '{print $4}'"

if wifinetwork is equal to "MyWirelessNetwork" then
	return "ViscosityNoConnect"
else
	return "ViscosityConnect"
end if

Windows

@echo off
for /f "delims=: tokens=2" %%n in ('netsh wlan show interface name="Wi-Fi" ^| findstr /c:" SSID"') do set "Network=%%n"
set "Network=%Network:~1%"
if %Network% EQU MyWirelessNetwork (
 echo ViscosityNoConnect
) else (
 echo ViscosityConnect
)

Example 2

This script decides whether to allow a connection based on the IP address of the primary network interface (en0 for Mac, which is typically Ethernet, for Windows, we can just use the first reported). This should be changed if checking the IP address of a different network interface. In this case the script is checking whether the computer's IP address is in the 192.168.0.x range, and if so it will prevent the VPN connection from connecting.

Mac

set ipaddress to do shell script "/sbin/ifconfig en0 | grep 'inet ' | awk '{print $2}'"

if ipaddress contains "192.168.0." then
	return "ViscosityNoConnect"
else
	return "ViscosityConnect"
end if

Windows

@echo off
for /f "skip=1 delims={}, " %%A in ('wmic nicconfig get ipaddress') do for /f "tokens=1" %%B in ("%%~A") do set "IP=%%~B"

if not x%IP:192.168.0.=%==x%IP% (
	echo ViscosityNoConnect
) else (
	echo ViscosityConnect
)