DEV Community

Cover image for Ensuring Secure Connections: How the Get-VPNConnectionInfo Function Identifies VPN Usage
uyriq
uyriq

Posted on

Ensuring Secure Connections: How the Get-VPNConnectionInfo Function Identifies VPN Usage

Get-VPNConnectionInfo

Overview

The Get-VPNConnectionInfo function checks if the current internet connection is made through one of the known VPN providers. It fetches the current IP information from ipapi.co and compares the organization name (org field) against a predefined list of VPN providers.

Requirements

  • PowerShell 5.1 or higher.
  • An Internet connection to perform queries to ipapi.co.
  • knownVPNproviders.json file in the same directory as the script.

The format of the knownVPNproviders.json file.

This JSON file should contain an array of strings, each representing the name of a VPN provider recognized in the org field of a response from ipapi.co or ipinfo.io or other similar online services. The file should be structured as follows:

["VPNProviderName1", "VPNProviderName2", "VPNProviderName3"]

Enter fullscreen mode Exit fullscreen mode

Replace "VPNProviderName1"`,"VPNProviderName2", and"VPNProviderName3" with the real names of the VPN providers you want to recognize. This can be your employer's VPN provider, a personal VPN service, or any other VPN provider you want to discover. The main thing is that this provider should provide specific information in the org field for whois services like ipapi.co/ipinfo.io. So if the org field is empty or non-unique. it can be confusing. but this doesn't happen very often.

Usage.

  1. Make sure that the Get-VPNConnectionInfo function and the knownVPNproviders.json file are in the same directory.
  2. Create the Get-VPNConnectionInfo.ps1 script file in a PowerShell session. You can do this by navigating to the script directory and running the . .\Get-VPNConnectionInfo.ps1 command.
  3. Call the function with Get-VPNConnectionInfo.

Adding it to a PowerShell profile

For convenience, you can add the function to your PowerShell profile so that it is automatically available in every session:

  1. Open the PowerShell profile file for editing. If you do not know where it is located, find it by typing $PROFILE in the PowerShell window.
  2. Add the following line to the profile file:
 . "C:\path\to\to\Get-VPNConnectionInfo.ps1"
Enter fullscreen mode Exit fullscreen mode

Replace "C:\path\to\to\Get-VPNConnectionInfo.ps1" with the actual path to your script.

  1. Save the profile file and restart PowerShell. The Get-VPNConnectionInfo function will now be available in every session.

Function Details.

  • Input: None.
  • Output: A custom PowerShell object with the following properties:
    • connectedVPN: a boolean value indicating whether or not the current connection is being made through a known VPN provider.
    • connect_info: An object containing information about the IP connection, including the name of a potentially suitable VPN provider. You can assume that if the provider name includes the word VPN, it is a suitable service.

The published code has an open license. If you have suggestions, pull requests are welcome.

function Get-VPNConnectionInfo {
$connectedVPN = $false
try {
# Read the list of known VPN providers from a JSON file
if (Test-Path -Path "./knownVPNproviders.json") {
$knownVPNProviders = Get-Content -Path "./knownVPNproviders.json" | ConvertFrom-Json
}
else {
Write-Warning "Warning: The file 'knownVPNproviders.json' was not found."
$knownVPNProviders = @()
}
}
catch {
Write-Host "Error occurred while fetching VPN connection information: $($_.Exception.Message)" -ForegroundColor Red
}
try {
$connect_info = (Invoke-WebRequest -UseBasicParsing -ErrorAction SilentlyContinue 'https://ipapi.co/json').Content | ConvertFrom-Json
# Convert to PSCustomObject to ensure properties can be added
$connect_info = [PSCustomObject]$connect_info
# Add field to store VPN name
if (-not $connect_info.psobject.Properties.Match('vpnName').Count) {
Add-Member -InputObject $connect_info -MemberType NoteProperty -Name vpnName -Value ""
}
# If $connect_info.org contains substring VPN in it, set $connect_info.vpnName or leave ""
if ($connect_info.org -match "VPN") {
$connect_info.vpnName = $connect_info.org
$connectedVPN = $true
}
else {
$connect_info.vpnName = "Not connected to any known VPN " # Empty by default
}
if ($connect_info.org -in $knownVPNProviders) {
$connectedVPN = $true
$connect_info.vpnName = $connect_info.org
}
if ([IPAddress]::TryParse($connect_info.ip, [ref]$null)) {
$connect_info = @{
ip = $connect_info.ip
city = $connect_info.city
country = $connect_info.country
org = $connect_info.org
vpnName = $connect_info.vpnName
}
}
$vpnConnectionInfo = [PSCustomObject]@{
connectedVPN = $connectedVPN
connect_info = $connect_info
}
return $vpnConnectionInfo
}
catch {
Write-Host "Error occurred while fetching VPN connection information: $($_.Exception.Message)" -ForegroundColor Red
return $connectedVPN
}
}
["VPNProvider1", "VPNProvider2", "other_provider_name_taken_from_org_field"]

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Top comments (2)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs