-
Notifications
You must be signed in to change notification settings - Fork 0
macOS
Ronny Esterluss edited this page Jun 11, 2026
·
8 revisions
- download latest
GnosisVPN-Installer.pkgfrom releases - double click to run the installer
This step is mandatory when installing a newer version of Gnosis VPN. The older version should be first uninstalled.
- in a terminal run
sudo /Library/Application\ Support/GnosisVPN/uninstall.sh
- in a terminal run
sudo launchctl kickstart -k system/com.gnosisvpn.gnosisvpnclient
- The identity is stored in
/Library/Application\ Support/GnosisVPN/.config
To get there do:
sudo su
cd /Library/Application\ Support/GnosisVPN/
| Folder | Purpose | Owner | Permissions | Default Value / Notes | macOS best practice |
|---|---|---|---|---|---|
/Library/Application Support/GnosisVPN/ |
Application state and home directory | gnosisvpn:gnosisvpn |
0750 |
Service working directory; also set as TMPDIR and HOME for the daemon |
✓ Standard — /Library/Application Support/<AppName>/ is the Apple-recommended location for system-wide application state |
/Library/Logs/GnosisVPN/ |
Service log directory | gnosisvpn:gnosisvpn |
0755 |
gnosisvpn.log written here; rotated via newsyslog at 100 MB, 10 copies |
✓ Standard — /Library/Logs/ is the Apple-recommended location for application logs visible in Console.app |
/Library/Logs/GnosisVPN/installer/ |
Installer log directory | root:wheel |
0755 |
installer.log written during install/uninstall steps |
✓ Reasonable sub-directory of the main log folder |
/etc/gnosisvpn/ |
Configuration directory | root:gnosisvpn |
— | Network config templates and config.toml symlink; /etc is a symlink to /private/etc on macOS |
Differs — the macOS convention for system-wide app config is /Library/Application Support/<AppName>/ or /Library/Preferences/; using /etc/ mirrors the Linux layout but is not idiomatic on macOS |
/etc/gnosisvpn/templates/ |
Network config templates | root:gnosisvpn |
— |
jura.toml.template, rotsee.toml.template, dufour.toml.template
|
Same concern as /etc/gnosisvpn/ above — non-idiomatic on macOS |
| Path | Purpose | Default | macOS best practice |
|---|---|---|---|
/usr/local/bin/gnosis_vpn-root |
Main VPN daemon binary |
root:wheel, 0750
|
✓ Acceptable — /usr/local/bin/ is the standard location for third-party system binaries on macOS (Intel and Apple Silicon both support it) |
/usr/local/bin/gnosis_vpn-worker |
Worker process binary |
root:gnosisvpn, 0750
|
✓ Same as above |
/usr/local/bin/gnosis_vpn-ctl |
CLI control tool |
gnosisvpn:gnosisvpn, 0755
|
✓ Same as above |
/usr/local/bin/gnosis_vpn-manager |
Management utility script |
root:gnosisvpn, 0755
|
Workable, but a helper script installed to /usr/local/bin/ is unusual — /usr/local/sbin/ would better signal that it is an admin-only tool |
/usr/local/bin/{wg,wg-quick,wireguard-go} |
Bundled WireGuard tools |
root:wheel, 0755
|
Acceptable; bundling avoids dependency on a separate WireGuard install, but the binaries must be kept up to date independently |
/Library/LaunchDaemons/com.gnosisvpn.gnosisvpnclient.plist |
LaunchDaemon service definition | Loaded and enabled at boot, runs as root | ✓ Standard — /Library/LaunchDaemons/ is the correct location for system-wide daemons that start at boot before login |
/etc/newsyslog.d/gnosisvpn.conf |
Log rotation policy | 100 MB threshold, 10 rotations; /etc → /private/etc
|
✓ Standard — /etc/newsyslog.d/ is the correct drop-in location for newsyslog (macOS log rotation) |
/etc/sudoers.d/gnosis-vpn |
Sudoers drop-in for launchctl operations | Allows gnosisvpn group to run specific launchctl subcommands without password; root:wheel, 0440
|
✓ Standard location — macOS includes /etc/sudoers.d/ by default; 0440 is the required permission for sudoers files |
/etc/gnosisvpn/config.toml |
Symlink to active network config | Points to templates/jura.toml.template (default network: jura) |
Same concern as /etc/gnosisvpn/ — non-idiomatic location on macOS; the symlink pattern itself is acceptable |
/Applications/Gnosis VPN.app |
GUI application bundle | Extracted from archive during postinstall; root:admin, 0755
|
✓ Standard — /Applications/ is the correct location for system-wide macOS application bundles |
/var/run/gnosisvpn.pid |
Daemon PID file | Written by the daemon at startup | Redundant on macOS — launchd tracks process lifecycle natively; PID files are a Unix convention that launchd makes unnecessary |