Can someone help? I need a simple Analyses to tell me if a computer is connected to vpn or not. True or False would be great, with True being the machine is connected. Any help would be appreciated.
Thanks,
Sno
You may need to check with your VPN Team or vendor for guidance on detecting VPN connections. They can help identify potential registry entries, running services, or other indicators that signify an active VPN connection.
However, in general, most organizations rely on allocated IP range detection on endpoints. If your VPN assigns IPs from a specific range, you can use the following relevance to check if the device’s IP falls within that range:
Q: if (exists ((addresses whose (it as string != "0.0.0.0") of ip interfaces whose (loopback of it = false) of network) as string as version) whose (it >= "192.168.68.0" as version and it <= "192.168.68.255" as version)) then "VPN Connected" else "No VPN"
A: VPN Connected
T: 0.212 ms
1 Like
In addition to IP ranges, the name of the network adapter may be useful.
names of (adapters of network) whose ((up of it) and (exists address of it) and (not loopback of it))
If you only use one VPN provider, using that provider’s adapter name might be enough to depend on. But that might not work on all platforms. (On macOS, VPN adapter connection appear with name utun.)
Windows also has a tunnel inspector, but I’ve not personally used it.
1 Like
I don’t know that this is exactly what you are looking for, but we have an analysis with properties that we created years ago during covid because we have several types of VPN and we used adapters of network to identify which VPN they were on based on the adapter. You will likely have to change the text you
are looking at and modify this a little bit for what you need but it’s worked well for us. I also included a property at the bottom that will show all active interfaces.
Connection details
If (Exists(adapters whose ( up of it = true and description of it as lowercase does not contain “hyper-v” and (status of it = 1 and description of it as lowercase contains “vpn1” or description of it as lowercase contains “vpn2” or description of it as lowercase contains “vpn3” or description of it as lowercase contains “vpn5” or description of it as lowercase contains “vpn5” or description of it as lowercase contains “vpn4”) ) of networks)) Then (( friendly name of it | “n/a”, description of it | “n/a”, (address of it) as string | “n/a”, concatenation "; " of dns suffix of it | “n/a”, (encryption of wifi of it) as string | “n/a”, (secured of wifi of it) as string | “n/a”, (ssid of wifi of it) as string | “n/a”, (concatenation "; " of (address of gateway lists of it as string)) | “n/a” ) of adapters whose ( up of it = true and description of it as lowercase does not contain “hyper-v” and (status of it = 1 and description of it as lowercase contains “vpn1” or description of it as lowercase contains “vpn2” or description of it as lowercase contains “vpn3” or description of it as lowercase contains “vpn5” or description of it as lowercase contains “vpn5” or description of it as lowercase contains “vpn4”) ) of network) as string Else ( friendly name of it | “n/a”, description of it | “n/a”, (address of it) as string | “n/a”, concatenation "; " of dns suffix of it | “n/a”, (encryption of wifi of it) as string | “n/a”, (secured of wifi of it) as string | “n/a”, (ssid of wifi of it) as string | “n/a”, (concatenation "; " of (address of gateway lists of it as string)) | “n/a” ) of adapters whose ( up of it = true and description of it as lowercase does not contain “hyper-v” and description of it as lowercase does not contain “vpn1” and description of it as lowercase does not contain “vpn2” and description of it as lowercase does not contain “vpn3” ) of network as string
Active Connections
(friendly name of it | “n/a”, description of it | “n/a”, (address of it) as string | “n/a”, concatenation "; " of dns suffix of it | “n/a”, (encryption of wifi of it) as string | “n/a”, (secured of wifi of it) as string | “n/a”, (ssid of wifi of it) as string | “n/a”, (concatenation "; " of (address of gateway lists of it as string)) | “n/a”, maximum transmission unit of it as string | “n/a”) of adapters whose (up of it = true) of network as string
1 Like