Skip to content
This repository has been archived by the owner on Aug 26, 2020. It is now read-only.
/ Public archive

Experimenting with cloning CloudFlare's app as a macOS status bar app.

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



5 Commits

Repository files navigation

Update Aug 25, 2020

CloudFlare now has a beta of their macOS (and Windows) specific app! I encourage you to go try that instead of tinkering with this. I'll leave the code up in case it's helpful for anyone, but will be archiving the repository immediately. Thanks for the interest! on macOS

CloudFlare has a cool app for iOS devices that enables easy switching to faster, private, and encrypted DNS queries. While switching DNS isn't exactly difficult, I found the user experience to be interesting - very easy to configure, just tap a switch and you're in.

Another interesting thing about it is that, unless they're doing some super custom stuff (which is totally possible), I'm gonna hazard a guess that it has to be built on top of NetworkExtension APIs. With the exception of smaller things like NEDNSProxyProvider, most of that stuff should work fine on macOS now... but very few companies ever take the time to take an almost-compatible iOS codebase and shim it for Cocoa/AppKit. The UI used on isn't too difficult to do in macOS, though.

Thus, over the holidays I dug in to see how annoying it'd be to do. This implements a very basic VPN tunnel that sets DNS to go over, in a basic UI as a status bar menu app. Some screenshots are below. I probably won't be pursuing this further in lieu of working on other projects, so anyone out there should feel free to take this and extend it as they wish.

Also, side notes:

  • There are two types of on-demand VPNs, which this uses - Personal and Enterprise. By using NETunnelProvider, the VPN profile counts as an Enterprise one, which trumps Personal in cases where two might get loaded.
  • I wager CloudFlare probably goes much deeper than this, as some old documentation buried on Apple's site indicates that connections that use POSIX Sockets and CFSocket technically won't go through an on-demand VPN. If this is still true, I can't imagine they'd have overlooked it like this approach does.
  • While macOS supports NetworkExtension APIs, I have to wonder if the old SystemConfiguration APIs weren't slightly more useful for what's intended here.
  • You probably want a true VPN instead of this, but this isn't a bad approach either in the grand scheme of things. Probably one where doing your research is worthwhile. :)


Disconnected Connected

What else is here?

This repo could also be used as scaffolding/reference for a nibless Swift Cocoa app, if you're into that sorta thing. I personally think Interface Builder makes anyone who deals with UI in code (web devs, etc) groan out loud, so maybe this goes towards showing it's not that difficult or outlandish to do otherwise.

  • It implements a taskbar app with a custom NSPopover view in code.
  • It implements a working UISwitch replacement, using a slightly-modified JSSwitch.

License, etc

This is very much a "do-wtf-you-want-with-it" license. Code is as-is. I'd like to give props to this list of TLDs by popmedic, because compiling it myself would've been annoying. His code inspired some of the VPN portion as well; I spent enough time on it but couldn't come up with a better approach than his, so wound up just tweaking it slightly for my needs.

Questions can be directed to or @ryanmcgrath on Twitter.


Experimenting with cloning CloudFlare's app as a macOS status bar app.







No releases published


No packages published