How can I see if I'm logged in via VPN?
Solution 1
Route-based VPN or overlay network solutions (with virtual interfaces)
If you run ifconfig -a or ip link show you should be seeing something like tunX below which is a tun device used by most route-based VPN:
# tun device
# used by route-based VPN
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr: P-t-P: Mask:
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1300 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1435 (1.4 KB) TX bytes:1677 (1.6 KB)
# Jan 2020 refresh
# sample ifconfig output with 3 virtual interfaces
# for route-based VPN or overlay network
nebula1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1300
inet 172.16.87.100 netmask 255.255.255.0 destination 172.16.87.100
inet6 fe80::b2c4:4360:a3ae:15aa prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 37 bytes 2980 (2.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 331 bytes 17408 (17.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.16.200.1 netmask 255.255.255.0 destination 172.16.200.1
inet6 fe80::9d2e:5979:5ac2:43df prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1677 bytes 80496 (80.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 172.16.111.100 netmask 255.255.255.0 destination 172.16.111.100
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 37337578 bytes 10884991930 (10.8 GB)
RX errors 0 dropped 67878 overruns 0 frame 0
TX packets 60202096 bytes 66040772964 (66.0 GB)
TX errors 169 dropped 44429 overruns 0 carrier 0 collisions 0
ip link output
5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/none
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 100
link/none
11: nebula1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1300 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
link/none
Policy-based VPN (e.g. strongSwan)
Or if you are using IPsec (e.g. strongSwan), ifconfig -a will show a tunnel device (tunX) like below if you are using Route-based mode (default is policy-based):
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.11.2 P-t-P:192.168.11.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
If strongSwan is running policy-based routing (default), you'll be able to figure out by manipulating the kernel routing table or looking at ip-xfrm IP framework for transforming packets (encrypting payloads).
# manipulate kernel routing table for more info
ip r
route -nr
ip r show table main
ip r show table local
# strongswan specific table id 220
ip r show table 220
In addition, you can use ip tuntap show to see if there are tun/tap devices to determine if VPN is in use.
ip tuntap show
tun0: tun
Solution 2
You can also check your routes with the route command.
You will see more routes as normal and to different destinations.
Example
Connected without juniper:
moose@pc07:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 2 0 0 wlan0
link-local * 255.255.0.0 U 1000 0 0 wlan0
default 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
Connected with Juniper:
moose@pc07:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.1 * 255.255.255.255 UH 1 0 0 wlan0
vpn.kit.edu 192.168.0.1 255.255.255.255 UGH 1 0 0 wlan0
192.168.0.0 * 255.255.255.0 U 2 0 0 wlan0
link-local * 255.255.0.0 U 1000 0 0 wlan0
default vpn-cl-192-62.s 0.0.0.0 UG 1 0 0 tun0
default 192.168.0.1 0.0.0.0 UG 10 0 0 wlan0
Solution 3
In my case, the device is cscotun0 (I use Cisco Anyconect Secure Mobility Client) rather than tun0.
Therefore (based on Terry Wang's answer and zipizap's comment), if you do not know the device name, you may use:
if [ "0" == `ifconfig | grep tun0 | wc -l` ]; then echo "n"; else echo "y"; fi
or, if you know the device name:
if ifconfig cscotun0 &>/dev/null; then echo "y"; else echo "n"; fi
UPD With Ubuntu 18.04, I need:
if [ "`ifconfig | grep vpn0`" != "" ] ; then echo yes; else echo no; fi
Unfortunately, ifconfig vpn0 now returns 0 (success) even if vpn is not working.
Solution 4
Alternative solution (Gnome)
Check when it's running
➜ ifconfig -a | grep vpn | grep RUNNING
1:179:vpn0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1334
Check when it's not running
➜ ifconfig -a G vpn
179:vpn0: flags=4240<POINTOPOINT,NOARP,MULTICAST> mtu 1334
so you can check for UP, RUNNING via grep as shown below
ifconfig -a | grep vpn | grep RUNNING
vpn_running=$?
if [ $vpn_running -ne 0 ]; then
echo "VPN <span color='yellow'><tt>UP</tt></span> | iconName=utilities-terminal-symbolic bash='nmcli con up id VPN' terminal=false"
else
echo "VPN <span color='red'><tt>(DOWN)</tt></span> | iconName=utilities-terminal-symbolic bash='nmcli con down id VPN' terminal=false"
fi
I'm using fantastic argo gnome shell plugin, and above is part of my script so I can launch VPN from toolbar (or shut it down)
Solution 5
Using the juniper ncdiag commands will give you this information.
- Use
ncdiag -tfor a tunnel test. - Use
ncdiag -hfor host info.
More specifics:
$ cd ~/.juniper_networks/network_connect
~/.juniper_networks/network_connect$ file !$
file ncdiag
ncdiag: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, stripped
~/.juniper_networks/network_connect$ ./ncdiag
usage: ./ncdiag -A [or]
usage: ./ncdiag -i -s -d -t -h -a -r <hostname> -k -v
-A : All tests
-i : installation test
-s : service test
-d : driver tests
-t : tunnel test
-h : host info
-a : adaptor test
-r : resolve host
-k : kill NC gui
-v : version
~/.juniper_networks/network_connect$ ./ncdiag -t
+==============================================================================+
| Tests: | Results: |
+==============================================================================+
o NC Diagnostics
NC Tunnel Test Established
Finished running tests
+==============================================================================+
~/.juniper_networks/network_connect$ ./ncdiag -h
+==============================================================================+
| Tests: | Results: |
+==============================================================================+
o Host Details
Hostname tau
Domainname (none)
IP Routing Enabled Yes
IP Loopback test Passed
Nameserver Details
8.8.8.8 Ping Passed
8.8.6.6 Ping Passed
Gateway Ping Test
10.20.20.1 Ping Passed
Finished running tests
+==============================================================================+
Related videos on Youtube
27 : 37
03 : 52
05 : 39
08 : 53
04 : 14 : 36
Martin Thoma
I also have a blog about Code, the Web and Cyberculture and a career profile on Stackoverflow. My interests are mainly machine-learning, neural-networks, data-analysis.
Updated on September 18, 2022Comments
-
Martin Thoma over 1 year
I use Juniper Networks (a Java program that establishes a VPN connection).
Does a command exist that lets me check if I'm logged in with Juniper?
-
blong over 2 yearsA similar conversation has a nice tip:
nmcli con show --active. Source: askubuntu.com/a/1056879/31592
-
-
zipizap over 11 yearsBuilding upon Terry Wang answer, you can make use this one-liner to check it:
ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m" -
Aleks over 9 yearsThis is the better answer then the accepted one, at least if you ask me :)
