Shimo Makes OS X VPN Connections Bearable
Not very fond of Cisco's unpleasant VPN client? Neither are we. Fortunately there's Shimo, which lets you kick clunky VPN clients to the curb in style.
Arguably, the most annoying thing corporate OS X users deal with is the Cisco VPN client. It doesn't act much like a native OS X application and it's just plain horrible to use. Version 1.x of Shimo fulfilled the need for an OS X-integrated VPN client that could connect to Cisco VPN servers. With version 2.x, Shimo delivers many value added features to ease VPN users' lives.
Shimo is more than just a VPN client. As Cisco showed us, having a working VPN client is only half the battle. Shimo acts like a real OS X application, integrating with the menu bar, Keychain, and Growl. We'll get into those details shortly.
First impressions were great. Shimo required a working Cisco VPN client software installation, but knowing that I'd never have to launch that ugly application again was a joyous sensation. After starting Shimo version 2, a few features popped out as being "very cool". The most drool-evoking features, based on our experiences, are:
- The ability to execute a script after a VPN is connected, e.g. to launch the application you're probably connecting to the VPN to use
- The automatic VPN connection when connecting to specified wireless networks
- The ability to insert custom routes after connecting to the VPN
In reality those are the geek features. The best features, for casual users, are probably the fact that Shimo gives you a drop down menubar item and that it uses Growl for notifications such as connect/disconnect alerts. Shimo even allows you to define keyboard shortcuts to initiate a VPN connection. At a certain point, things just get too easy.
More on Macs
When first installing Shimo, I noticed that it automatically populated the list with two VPN connections. These are two VPNs that were previously configured via the OS X native VPN client on my laptop. One worked perfectly, the other didn't. Shimo created a shell of a PPTP VPN connection. The name was there, but the settings such as what server to connect to were missing. It still worked if I chose to connect via the OS X interface, but not via Shimo. To get around these nitpicks I decided to re-enter those connection settings, and Shimo began to work.
Shimo's not without its bugs. I had no problem with the latest release when I connected to Cisco, OpenVPN and Windows-based PPTP VPN servers. Other users, however, have reported issues: Some say it takes many minutes to make a VPN connection to some servers. Others say that Shimo drops their connection to a Cisco VPN, and that reverting to using the Cisco-provided client solves the issue. Again, I have personally seen none of these issues.
Enjoying the Extras
As seen in figure 1, and as was previously mentioned, you can tell Shimo to automatically connect to a VPN when you enter a specific wireless network or select a location profile.
Combine that functionality with the ability to construct split tunnels via the "custom routes" interface seen in figure 2, and you can craft some pretty complex connections. I started telling Shimo to connect to my work VPN whenever I'm at home and to send only work-destined traffic through the tunnel. The opposite is also possible as well, assuming your ISP doesn't block incoming VPN connections.
Shimo also allows you to manage usernames and passwords for all types of VPN connections via the Keychain application in OS X, which removes the need to enter a password every time you connect to a VPN. This is a small but extremely handy benefit to having a native OS X application that takes advantage of the operating system's existing features.
The scriptability of Shimo is nearly limitless, and it's why buying this application is probably worth it. You can call an arbitrary AppleScript upon connection to a VPN, which most people use to launch applications that they frequently use on the VPN. Safari, for example, can be launched and told to connect to your company's Intranet Web site. You can now also launch a script upon an error, which can be used to solve various issues with VPN connections being terminated. The most common "error" is that the VPN server is configured to disallow connections longer than two hours. After such time, the server terminates the connection. A script can easily be made that will re-connect if that happens. Shimo will also automatically reconnect to a VPN if you've put a laptop to sleep, which is also extremely handy.
Whether you want to connect to various VPNs based on your current location or if you just want to connect infrequently, Shimo makes it possible for all types of users. A simple interface (properly integrated with OS X) allows all users to establish a working VPN connection, but the advanced features provide limitless possibilities.
In reality, if you just want to find a better way to connect to a Cisco VPN, and that's the only VPN you'll ever use, then stick with Shimo 1.x. If you want to get fancy, this inexpensive application will not leave you wanting.
Charlie Schluting is the author of Network Ninja, a must-read for every network engineer.