如何查看我是否通过VPN登录?

16

我使用Juniper Networks(建立VPN连接的Java程序)。

是否存在可让我检查是否已使用Juniper登录的命令行命令?

networking  vpn 
马丁·托马
source

Answers:

20

如果您运行ifconfig -aip link show应该看到类似tunX以下的内容,这是大多数基于路由的VPN使用的tun设备:


# tun device
# used by route-based VPN

    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:  P-t-P:  Mask:
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1300  Metric:1
              RX packets:10 errors:0 dropped:0 overruns:0 frame:0
              TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:500 
              RX bytes:1435 (1.4 KB)  TX bytes:1677 (1.6 KB)

# Jan 2020 refresh
# sample ifconfig output with 3 virtual interfaces
# for route-based VPN or overlay network

nebula1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1300
        inet 172.16.87.100  netmask 255.255.255.0  destination 172.16.87.100
        inet6 fe80::b2c4:4360:a3ae:15aa  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 37  bytes 2980 (2.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 331  bytes 17408 (17.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.16.200.1  netmask 255.255.255.0  destination 172.16.200.1
        inet6 fe80::9d2e:5979:5ac2:43df  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1677  bytes 80496 (80.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 172.16.111.100  netmask 255.255.255.0  destination 172.16.111.100
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 37337578  bytes 10884991930 (10.8 GB)
        RX errors 0  dropped 67878  overruns 0  frame 0
        TX packets 60202096  bytes 66040772964 (66.0 GB)
        TX errors 169  dropped 44429 overruns 0  carrier 0  collisions 0

ip link 输出


5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 100
    link/none
11: nebula1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1300 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
    link/none

或者,如果您使用的是IPsec(例如strongSwan),ifconfig -a则在使用基于路由的模式(默认基于策略)时,将显示如下所示的隧道设备(tunX):

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.11.2  P-t-P:192.168.11.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

如果strongSwan运行的是基于策略的路由(默认),则可以通过操作内核路由表或查看ip-xfrm用于转换数据包(加密有效负载)的IP框架来弄清楚。

# manipulate kernel routing table for more info

ip r
route -nr

ip r show table main
ip r show table local

# strongswan specific table id 220
ip r show table 220

此外,您可以ip tuntap show用来查看是否有tun / tap设备来确定是否正在使用VPN。

    ip tuntap show
    tun0: tun

source
2
ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m"
王泰瑞(
9

您也可以使用以下route命令检查路线。您会看到更多正常的路线和到达不同目的地的路线。

无需杜松连接:

moose@pc07:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     2      0        0 wlan0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
default         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0

与瞻博网络连接:

moose@pc07:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.1     *               255.255.255.255 UH    1      0        0 wlan0
vpn.kit.edu     192.168.0.1     255.255.255.255 UGH   1      0        0 wlan0
192.168.0.0     *               255.255.255.0   U     2      0        0 wlan0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
default         vpn-cl-192-62.s 0.0.0.0         UG    1      0        0 tun0
default         192.168.0.1     0.0.0.0         UG    10     0        0 wlan0
德雷
source
这是比被接受的更好的答案,至少如果您问我:)
Aleks 2014年
1

使用juniper ncdiag命令将为您提供此信息。

  • 使用ncdiag -t了风洞试验。
  • 使用ncdiag -h主机信息。

更多细节:

$ cd ~/.juniper_networks/network_connect
~/.juniper_networks/network_connect$ file !$
file ncdiag
ncdiag: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, stripped
~/.juniper_networks/network_connect$ ./ncdiag 
    usage: ./ncdiag -A [or]
    usage: ./ncdiag -i -s -d -t -h -a -r <hostname> -k -v
     -A : All tests
     -i : installation test 
     -s : service test 
     -d : driver tests 
     -t : tunnel test 
     -h : host info 
     -a : adaptor test 
     -r : resolve host 
     -k : kill NC gui 
     -v : version   

~/.juniper_networks/network_connect$ ./ncdiag -t
+==============================================================================+
|   Tests:          |        Results:                      |
+==============================================================================+
       o  NC Diagnostics            
             NC Tunnel Test          Established

       Finished running tests 
+==============================================================================+
~/.juniper_networks/network_connect$ ./ncdiag -h
+==============================================================================+
|   Tests:          |        Results:                      |
+==============================================================================+

   o  Host Details              
         Hostname            tau
         Domainname          (none)
         IP Routing Enabled      Yes
         IP Loopback test        Passed
         Nameserver Details     
           8.8.8.8       Ping Passed

           8.8.6.6       Ping Passed
         Gateway Ping Test           
            10.20.20.1       Ping Passed

   Finished running tests

+ ================================================= =========================== +

贝拉夸
source
1

就我而言,设备是cscotun0(我使用Cisco Anyconect Secure Mobility Client)而不是tun0

因此,(基于Terry Wang的回答和zipizap的评论),如果您不知道设备名称,则可以使用:

if [ "0" == `ifconfig | grep tun0 | wc -l` ]; then echo "n"; else echo "y"; fi

或者,如果您知道设备名称:

if ifconfig cscotun0 &>/dev/null; then echo "y"; else echo "n"; fi

UPD使用Ubuntu 18.04,我需要:

if [ "`ifconfig | grep vpn0`" != "" ] ; then echo yes; else echo no; fi

不幸的是,ifconfig vpn0即使vpn无法正常工作,现在也返回0(成功)。

18446744073709551615
source
0

替代解决方案(Gnome)

检查它何时运行

➜ ifconfig -a | grep vpn | grep RUNNING
1:179:vpn0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1334

检查它何时未运行

➜ ifconfig -a G vpn
179:vpn0: flags=4240<POINTOPOINT,NOARP,MULTICAST>  mtu 1334

因此您可以通过grep 检查UPRUNNING,如下所示

ifconfig -a | grep vpn | grep RUNNING
vpn_running=$?

if [ $vpn_running -ne 0 ]; then

    echo "VPN <span color='yellow'><tt>UP</tt></span> | iconName=utilities-terminal-symbolic bash='nmcli con up id VPN' terminal=false"
else
    echo "VPN <span color='red'><tt>(DOWN)</tt></span> | iconName=utilities-terminal-symbolic bash='nmcli con down id VPN' terminal=false"
fi

我正在使用出色的 Argo gnome Shell插件,以上内容是我脚本的一部分,因此我可以从工具栏启动VPN(或将其关闭)

德米特里·谢梅诺夫
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.