Programatially determine if Cisco VPN Client is connected

断了今生、忘了曾经 提交于 2019-12-18 17:00:47

问题


I am working with the basic Cisco VPN client (v.5 I believe). Is there anyway to determine programatically if a partciular profile (or any profile for that matter) is connected?

I'm looking to somehow get a status from the client itself. I don't want to have to try to ping some IP on the other end of the VPN to see if I get a response.


回答1:


There is an API for Cisco VPN (vpnapi.dll).




回答2:


Below a vbs script to check the connection status:

bIsVPNConnected = False

Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2") 
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration",,48) 

For Each objItem in colItems 
   strConnection = LCase(objItem.Description)

   If(InStr(strConnection, "cisco") > 0) Then
      wscript.echo (strConnection)
      bIsVPNConnected = objItem.IPEnabled
   End If
Next

If(bIsVPNConnected) Then
   WScript.echo  "VPN connected"
Else
   WScript.echo  "Not VPN connected"
End If



回答3:


I am unaware of any APIs for Cisco VPN client but you could use the underlying OS.

On Mac OS X, you can query the System Configuration framework because when Cisco VPN client connects it creates a number of keys in the configuration directory (DNS and stuff):

$ printf "get State:/Network/Service/com.cisco.VPN" | sudo scutil

The programmatic equivalent of the above can be achieved in plain C Carbon or ObjC Cocoa.




回答4:


As "diciu" wrote, you can query the System Configuration framework. The programmatic equivalent of the scutil command that he gave is something like

#import <SystemConfiguration/SystemConfiguration.h>

- (void)printPrimaryService {

    SCDynamicStoreRef dynamicStoreDomainState = SCDynamicStoreCreate(NULL,
                                                                     CFSTR("myApplicationName"),
                                                                     NULL,
                                                                     NULL);
    if (dynamicStoreDomainState) {
        NSString *netIPv4Key = [NSString stringWithFormat:@"%@/%@/%@/%@",
                                kSCDynamicStoreDomainState,
                                kSCCompNetwork,
                                kSCCompGlobal,
                                kSCEntNetIPv4];
        NSMutableDictionary *netIPv4Dictionary = (NSMutableDictionary *) SCDynamicStoreCopyValue(dynamicStoreDomainState, (CFStringRef)netIPv4Key);
        if (netIPv4Dictionary ) {
            NSString *primaryService = [netIPv4Dictionary objectForKey:(NSString *)kSCDynamicStorePropNetPrimaryService];
            if (primaryService) {
                NSLog(@"primary service = \"%@\"\n", primaryService);   /* When the Cisco VPN is active, I get "com.cisco.VPN" here */
            }
            [netIPv4Dictionary release];
        }
        CFRelease(dynamicStoreDomainState);
    }
}

Using the above, you can tell if the Cisco VPN client is connected. You can then do something similar to get the DNS servers associated with the VPN connection. I compare the resulting DNS servers to the DNS server of my company to tell if I'm VPN'd into my company. Klunky, but it works and it's fast - no waiting for a ping to timeout.

Note that with the recent version of the Cisco VPN Client, Cisco published an API. Unfortunately, it's only for Microsoft Windows. Maybe they'll produce one for Macs some day.




回答5:


There are several ways, actually, without using the API (which I still cant find/DL)

One of the easiest ways is to check a registry setting found at: HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems\VPN Client\AllAccess\TunnelEstablished (0 or 1)

Another way is to do it is to detect it by the name of the network interface it establishes via using ManagementObjectSearcher, sample code below:

  ManagementObjectSearcher query = null;
                try { query = new ManagementObjectSearcher("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'TRUE'"); }
                catch (Exception ex)
                {

                }
                // "native code call stack error" 
                try { queryCollection = query.Get(); }
                catch (Exception ex)
                {

                }
                int i = 0;
                try
                {
                    foreach (ManagementObject mo in queryCollection)
                    {
                        MojPopisDostupnih[i] = mo["Description"].ToString();
                        // networksListBox.Items.Add(mo["Description"].ToString());
                        i = i + 1;
                    }
                    for (int j = 0; j <= MojPopisDostupnih.Length - 1; j++)
                    {
                        if (MojPopisDostupnih[j] != null)
                        {
                            if (MojPopisDostupnih[j].IndexOf("Cisco Systems VPN Adapter") != -1)
                            {  }
                            else 
                             {  }
                        }
                    }
                }
                catch (Exception ex)
                {

                }

Yet another way is to use process.start to run a CLI (command line) of "vpnclient stat", redirect standard output to a stringbuilder in your app and then check the string whether it contains appropriate data - for more info on this see here:

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/guide/vcAch5.html




回答6:


Well if all else fails, parse the output of "route". The routing used by CiscoVPN has a telltale mark there.



来源:https://stackoverflow.com/questions/512365/programatially-determine-if-cisco-vpn-client-is-connected

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!