Guides/Use Case3 min read

Keep Mac Awake Only When VPN Is Connected

Shake It On 1.1.0's VPN trigger keeps your Mac awake only when a VPN tunnel is up. It detects any utun, ppp, ipsec, tap, or tun interface β€” works for Tunnelblick, Cisco AnyConnect, GlobalProtect, NordVPN, ExpressVPN, WireGuard, and Tailscale.

VPN as a "I'm working" signal

For people whose work setup requires a VPN (remote employees, IT contractors, anyone with strict corporate access policies), the VPN connection is a great proxy for "I'm working right now". Connect VPN β†’ start working β†’ keep Mac awake. Disconnect VPN β†’ done β†’ let Mac sleep normally.

Set up the VPN trigger

  1. Open Settings (menu bar β†’ Settings…).
  2. Scroll to Only Shake If.
  3. Turn on VPN is connected.

That's it. No SSID lists, no IP ranges. As long as any active network interface looks like a VPN tunnel, the condition passes.

VPN detection ships in Shake It On 1.1.0. Shake when the tunnel is up, sleep when it's down.

How VPN detection works

Shake It On reads the active network interfaces via macOS's SystemConfiguration framework and checks for any interface name with the standard VPN-tunnel prefixes:

  • utun* β€” modern macOS VPN tunnels (most providers)
  • ppp* β€” PPP/L2TP-style
  • ipsec* β€” IPsec/IKEv2
  • tap*, tun* β€” OpenVPN, WireGuard, etc.

If any of these are up and have an IPv4 address, Shake It On considers a VPN connected. No specific provider configuration needed β€” it just works for any standards-based VPN client (Tunnelblick, Cisco AnyConnect, GlobalProtect, NordVPN, ExpressVPN, WireGuard, Tailscale, etc.).

Combine with other conditions

VPN connected is one of the Only Shake If conditions, which means it OR's with the others. Some useful combinations:

  • VPN OR specific app open β€” keep Mac awake when you're tunneled in OR Slack is running. Belt-and-braces for "I'm working".
  • VPN + day-of-week schedule β€” only run during work hours, only when VPN is up. (Schedule is a separate gate; both have to allow it.)
  • VPN AND Paused When camera in use β€” work-mode shake, but stand down for video calls.

Tailscale and similar mesh VPNs

Tailscale, Tailnet, ZeroTier, and other mesh VPNs all run over utun* interfaces, so they're detected the same way. If you keep Tailscale connected 24/7, the VPN trigger isn't the right choice β€” it'll always be on. SSID match or app-running match are better signals in that case.

Note
A VPN being "connected" isn't the same as "active and routing traffic." Shake It On checks the interface state, which is accurate for nearly all VPN clients. If yours leaves the interface up but doesn't route, file a feature request.

Related

See also: SSID match for when network name is the better signal, IP range match for when VPN client behavior is unpredictable but the resulting IP isn't.

Keep your Mac awake the easy way.
Shake It On lives in your menu bar and uses organic mouse movement to prevent sleep. Set it once and forget it.
One-time purchase. No subscription. Free updates forever.

Related Guides

How-To Guide
Keep Mac Awake Only on Specific Wi-Fi Networks
Auto-shake on the office Wi-Fi, sleep at home. Comma-separated SSID list, requires Location.
4 min read
How-To Guide
How to Save and Switch Shake It On Sessions
Save your current settings as a named Session and switch between them in one click.
4 min read