Article summary
Over the last few years, we’ve published a few posts about VPNs that build on each other. Each shows how to make day-to-day life a little nicer when you must connect to a Virtual Private Network (VPN) on macOS.
- How to Keep Home Stuff off Your Work VPN while Social Distancing
- A Selective VPN for Mobile App Development
- A LaunchAgent for Automatic Proxy Configuration
Based on what those posts cover, I have a LaunchAgent that ensures my automatic proxy configuration server is always running. I’m able to connect to a client VPN using openconnect and ocproxy, with only the traffic specified in the .pac file going through the VPN. Anything that’s not covered by the .pac configuration skips the VPN entirely — yay!
This works seamlessly for most applications (browsers, iOS simulators, Android Emulators, etc.). However, it doesn’t work for a Java application that needs to send traffic through the VPN proxy – unless you do some additional configuration.
Automatic Proxy Configuration
It turns out that Java has a specific command line option that tells it to use whatever proxy the OS has been configured to use.
-Djava.net.useSystemProxies=true
A Specific Proxy
If you want to use another proxy besides the OS system proxy, that’s also possible using a different set of arguments.
-DproxyHost=localhost -DproxyPort=3128
You could use this to point to a local proxy or potentially to a proxy running on a remote machine.
Running the Application
The Java application I needed was installed as a regular macOS .app application (in the /Applications directory). This means I’m not starting it using the java command from the command line. So how do you pass the application the flag telling it to use a proxy? With an environment variable!
export JAVA_TOOL_OPTIONS='-Djava.net.useSystemProxies=true'
In macOS, there’s no place to set system-wide environment variables (unlike with Windows). So, the only decent option is to create a wrapper script that exports the variable and then opens the application.
#!/bin/bash
export JAVA_TOOL_OPTIONS='-Djava.net.useSystemProxies=true'
open /Applications/SomeJavaApp.app
Make that script executable (chmod +x ./wrapper.sh), run it, and the Java application will start up, and use the system proxy for just the .pac configured traffic.