Ensuring Secure Connections: How the Get-VPNConnectionInfo Function Identifies VPN Usage

Get-VPNConnectionInfo

Overview

The Get-VPNConnectionInfo function checks if the current internet connection is made through one of the known VPN providers. It fetches the current IP information from ipapi.co and compares the organization name (org field) against a predefined list of VPN providers.

Requirements

• PowerShell 5.1 or higher.
• An Internet connection to perform queries to ipapi.co.
• knownVPNproviders.json file in the same directory as the script.

The format of the knownVPNproviders.json file.

This JSON file should contain an array of strings, each representing the name of a VPN provider recognized in the org field of a response from ipapi.co or ipinfo.io or other similar online services. The file should be structured as follows:

["VPNProviderName1", "VPNProviderName2", "VPNProviderName3"]

Replace "VPNProviderName1"`,"VPNProviderName2", and"VPNProviderName3" with the real names of the VPN providers you want to recognize. This can be your employer's VPN provider, a personal VPN service, or any other VPN provider you want to discover. The main thing is that this provider should provide specific information in the org field for whois services like ipapi.co/ipinfo.io. So if the org field is empty or non-unique. it can be confusing. but this doesn't happen very often.

Usage.

1. Make sure that the Get-VPNConnectionInfo function and the knownVPNproviders.json file are in the same directory.
2. Create the Get-VPNConnectionInfo.ps1 script file in a PowerShell session. You can do this by navigating to the script directory and running the . .\Get-VPNConnectionInfo.ps1 command.
3. Call the function with Get-VPNConnectionInfo.

Adding it to a PowerShell profile

For convenience, you can add the function to your PowerShell profile so that it is automatically available in every session:

1. Open the PowerShell profile file for editing. If you do not know where it is located, find it by typing $PROFILE in the PowerShell window.
2. Add the following line to the profile file:

 . "C:\path\to\to\Get-VPNConnectionInfo.ps1"

Replace "C:\path\to\to\Get-VPNConnectionInfo.ps1" with the actual path to your script.

1. Save the profile file and restart PowerShell. The Get-VPNConnectionInfo function will now be available in every session.

Function Details.

• Input: None.
• Output: A custom PowerShell object with the following properties:
  • connectedVPN: a boolean value indicating whether or not the current connection is being made through a known VPN provider.
  • connect_info: An object containing information about the IP connection, including the name of a potentially suitable VPN provider. You can assume that if the provider name includes the word VPN, it is a suitable service.

The published code has an open license. If you have suggestions, pull requests are welcome.

Comments

[Michael Cameroon]

Do you have a script that can get the VPN provider names from ip2location.io API?

[uyriq]

looks like there is a great utility written on GO github.com/ip2location/ip2location... that @michael_cameroon_5cbe537b suggested and it gives all the info you need about the ISP, even its proxy/vpn/tor/etc type...
thanks for the tip! i did not find a way to use api as unregistered service user. in general it is advised to do reqs to
https://api.ip2location.io/?key={YOUR_API_KEY}&ip=&format=json. As a workaround it allow for any unregisterd users request to endpoint https://api.ip2location.io/?1&format=json

# Assuming $url contains the IP2Location API URL
$url = "https://api.ip2location.io/?1&format=json"

# Invoke the IP2Location API
$response = Invoke-RestMethod -Uri $url

# Map the API response to the $connect_info format
$connect_info = @{
    ip      = $response.ip
    city    = $response.city_name
    country = $response.country_name
    org     = $response.as
}

# Now $connect_info contains the mapped information as of ipinfo.io response standard