PowerShell: Detecting Network and VPN Connections Print E-mail
PowerShell
Written by Darwin Sanoy   
Saturday, May 3, 2014 6:29am
If a machine is connected to the network via a VPN connection, you may want to think twice about sending them that 1.2 GB software install :)  But how do you detect a VPN or other type of connection?

Many moons ago I wrote a VBS script that leveraged the Win32_NetworkAdapterConfiguration class to determine when a connection to a corporate network had been made.  In that case it utilitized WMI event notifications to check the criteria every time a new connection was made.

Win32_NetworkAdapterConfiguration sounds like it should contain a bunch of static configuration data for hardware network adapters - but in reality it is the repository of every type of network connection - whether associated with real adapters, tunnelling or VPN.  It is also dynamic - it is updated immediately upon the making or breaking of network connections.

Using the rich set of properties in this WMI class with PowerShell makes it easy to design a one liner to determine if the machine has a specific type of network connection.

Once you have connected to a network you wish to detect (say your company VPN), you can list the network connections attributes.

A simple table of predetermined values can be done with this code:

gwmi win32_networkadapterconfiguration  | ft Description, dnsdomain, defaultipgateway, ipenabled -autosize -wrap
The resultant table is some of the major markers that might help you create a criteria.
To get the full set of data available, use this code instead:

gwmi win32_networkadapterconfiguration  | fl *

Once you have this data, try to pick some elements that:

  1. Uniquely identify the network(s) you are interested in (won't be likely to be true for other connections like the user's home broadband or hotspot wireless)
  2. Do not depend on network data that has a vast array of possible options or might change.  For instance, default gateways and DNS and DHCP addresses may change over time or you may simply have too many to match on.  Keep in mind you can use substrings or even regular expressions to match multiple values if they have some pattern to them.

One handy attribute is "IpEnabled" - it will only be true if the connection is live.

In my case I was looking for VPN connections.  The company used only Juniper for VPN services.  So a criteria of looking for *juniper* in the description and "IpEnabled = $True" was sufficient to catch all VPN connections anywhere in the world.

If that hadn't worked, then there were three main DNS servers that could have been compared.  These DNS servers also indicate which major global data center clients connect to - so if I ever needed to know exactly *where* they VPNed into - that would be possible as well.

The following code outputs matching network connections for VPNs:

gwmi Win32_NetworkAdapterConfiguration | Where-Object {($_.Description -ilike "*juniper*") -and ($_.IpEnabled -eq $True)}

The "ilike" operator is very handy when doing substring comparisons.  The like operator supports wildcard characters and the "i" makes it case insensitive.  I have found -contains and -match to be a little too fussy for simple substring matches and I want to be sure.

But wait a minute - this just gives me output if I hve a connection and no output if I do not.

As we cover in our free video on demand course PowerShell for the Enterprise DesktopQuick Start Tips, Tricks and Ready To Run Code, PowerShell has a very simple way to make this into a true / false check.

We simple use the boolean type accelerator like this:

[bool](gwmi Win32_NetworkAdapterConfiguration | Where-Object {($_.Description -ilike "*juniper*") -and ($_.IpEnabled -eq $True)}})

Now we will get a true if a connection meets our criteria and a false if it does not.

We can also wrap a function around it to make it easy to use in many scripts:

Test-IfVPNConnected {

return [bool](gwmi Win32_NetworkAdapterConfiguration | Where-Object {($_.Description -ilike "*juniper*") -and ($_.IpEnabled -eq $True)}})

}

Here are a few more examples that might be necessary in certain environments:

[bool](gwmi Win32_NetworkAdapterConfiguration | Where-Object {($_.DefaultGateway -ilike "10.0.*") -and ($_.IpEnabled -eq $True)}})

[bool](gwmi Win32_NetworkAdapterConfiguration | Where-Object {@("Domain1","Domain2","Domain3") -contains $_.DNSDomain) -and ($_.IpEnabled -eq $True)}})

[bool](gwmi Win32_NetworkAdapterConfiguration | Where-Object {@("10.0.0.1","10.0.0.2") -contains $_.DHCPServer) -and ($_.IpEnabled -eq $True)}})

Ahhhh - no more users waiting for 1 GB to come across their VPN connection!