When connected to a SSL VPN on macOS sometimes you want to find which physical network interface the VPN is using. Listing network interfaces using ifconfig doesn’t help as it is just a list of adapters and if they are linked or not. Looking up the default route with route get 1.1.1.1 only shows you the tun adapter the VPN is using:

❯ route get 1.1.1.1
   route to: one.one.one.one
destination: default
       mask: default
    gateway: my-mac
  interface: utun0
      flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1400         0

In this case the VPN is using “utun0” which is the virtual adapter. Again this isn’t what we are after. To get the physical interface hidden beneath the virtual adapter use:

scutil --nwi

Which on my mac returns the following:

Network information

IPv4 network interface information
   utun0 : flags      : 0x5 (IPv4,DNS)
           address    : 10.0.3.166
           reach      : 0x00000002 (Reachable)
     en4 : flags      : 0x5 (IPv4,DNS)
           address    : 192.168.13.244
           reach      : 0x00000002 (Reachable)
     en0 : flags      : 0x5 (IPv4,DNS)
           address    : 192.168.13.76
           reach      : 0x00000002 (Reachable)

   REACH : flags 0x00000002 (Reachable)

IPv6 network interface information
   No IPv6 states found


   REACH : flags 0x00000007 (Reachable,Transient Connection,Connection Required)

Network interfaces: utun0 en4 en0

Here was can see that “utun0” has the client address of the VPN service, the next two interfaces are the actually physical interfaces, in order of preference. en4 is wired and en0 is wireless. scutil is not specifically for networking, rather scutil provides a command line interface to the “dynamic store” data maintained by configd.

For other scutil examples check out the man page:

man scutil