Update Aug 25, 2020
CloudFlare now has a beta of their macOS (and Windows) specific 22.214.171.124 app! I encourage you to go try that instead of tinkering with this. I'll leave the code up in case it's helpful for anyone, but will be archiving the repository immediately. Thanks for the interest!
126.96.36.199 on macOS
CloudFlare has a cool app for iOS devices that enables easy switching to faster, private, and encrypted DNS queries. While switching DNS isn't exactly difficult, I found the user experience to be interesting - very easy to configure, just tap a switch and you're in.
Another interesting thing about it is that, unless they're doing some super custom stuff (which is totally possible), I'm gonna hazard a guess that it has to be built on top of
NetworkExtension APIs. With the exception of smaller things like NEDNSProxyProvider, most of that stuff should work fine on macOS now... but very few companies ever take the time to take an almost-compatible iOS codebase and shim it for Cocoa/AppKit. The UI used on
188.8.131.52 isn't too difficult to do in macOS, though.
Thus, over the holidays I dug in to see how annoying it'd be to do. This implements a very basic VPN tunnel that sets DNS to go over 184.108.40.206, in a basic UI as a status bar menu app. Some screenshots are below. I probably won't be pursuing this further in lieu of working on other projects, so anyone out there should feel free to take this and extend it as they wish.
Also, side notes:
- There are two types of on-demand VPNs, which this uses - Personal and Enterprise. By using
NETunnelProvider, the VPN profile counts as an Enterprise one, which trumps Personal in cases where two might get loaded.
- I wager CloudFlare probably goes much deeper than this, as some old documentation buried on Apple's site indicates that connections that use POSIX Sockets and
CFSockettechnically won't go through an on-demand VPN. If this is still true, I can't imagine they'd have overlooked it like this approach does.
- While macOS supports
NetworkExtensionAPIs, I have to wonder if the old
SystemConfigurationAPIs weren't slightly more useful for what's intended here.
- You probably want a true VPN instead of this, but this isn't a bad approach either in the grand scheme of things. Probably one where doing your research is worthwhile. :)
What else is here?
This repo could also be used as scaffolding/reference for a nibless Swift Cocoa app, if you're into that sorta thing. I personally think Interface Builder makes anyone who deals with UI in code (web devs, etc) groan out loud, so maybe this goes towards showing it's not that difficult or outlandish to do otherwise.
- It implements a taskbar app with a custom
NSPopoverview in code.
- It implements a working
UISwitchreplacement, using a slightly-modified JSSwitch.
This is very much a "do-wtf-you-want-with-it" license. Code is as-is. I'd like to give props to this list of TLDs by popmedic, because compiling it myself would've been annoying. His code inspired some of the VPN portion as well; I spent enough time on it but couldn't come up with a better approach than his, so wound up just tweaking it slightly for my needs.