Programatially determine if Cisco VPN Client is connected

Question

I am working with the basic Cisco VPN client (v.5 I believe). Is there anyway to determine programatically if a partciular profile (or any profile for that matter) is connected?

I'm looking to somehow get a status from the client itself. I don't want to have to try to ping some IP on the other end of the VPN to see if I get a response.

Answer 1

There is an API for Cisco VPN (vpnapi.dll).

Answer 2

Below a vbs script to check the connection status:

bIsVPNConnected = False

Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2") 
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration",,48) 

For Each objItem in colItems 
   strConnection = LCase(objItem.Description)

   If(InStr(strConnection, "cisco") > 0) Then
      wscript.echo (strConnection)
      bIsVPNConnected = objItem.IPEnabled
   End If
Next

If(bIsVPNConnected) Then
   WScript.echo  "VPN connected"
Else
   WScript.echo  "Not VPN connected"
End If

Answer 3

I am unaware of any APIs for Cisco VPN client but you could use the underlying OS.

On Mac OS X, you can query the System Configuration framework because when Cisco VPN client connects it creates a number of keys in the configuration directory (DNS and stuff):

$ printf "get State:/Network/Service/com.cisco.VPN" | sudo scutil

The programmatic equivalent of the above can be achieved in plain C Carbon or ObjC Cocoa.

Answer 4

As "diciu" wrote, you can query the System Configuration framework. The programmatic equivalent of the scutil command that he gave is something like

#import <SystemConfiguration/SystemConfiguration.h>

- (void)printPrimaryService {

    SCDynamicStoreRef dynamicStoreDomainState = SCDynamicStoreCreate(NULL,
                                                                     CFSTR("myApplicationName"),
                                                                     NULL,
                                                                     NULL);
    if (dynamicStoreDomainState) {
        NSString *netIPv4Key = [NSString stringWithFormat:@"%@/%@/%@/%@",
                                kSCDynamicStoreDomainState,
                                kSCCompNetwork,
                                kSCCompGlobal,
                                kSCEntNetIPv4];
        NSMutableDictionary *netIPv4Dictionary = (NSMutableDictionary *) SCDynamicStoreCopyValue(dynamicStoreDomainState, (CFStringRef)netIPv4Key);
        if (netIPv4Dictionary ) {
            NSString *primaryService = [netIPv4Dictionary objectForKey:(NSString *)kSCDynamicStorePropNetPrimaryService];
            if (primaryService) {
                NSLog(@"primary service = \"%@\"\n", primaryService);   /* When the Cisco VPN is active, I get "com.cisco.VPN" here */
            }
            [netIPv4Dictionary release];
        }
        CFRelease(dynamicStoreDomainState);
    }
}

Using the above, you can tell if the Cisco VPN client is connected. You can then do something similar to get the DNS servers associated with the VPN connection. I compare the resulting DNS servers to the DNS server of my company to tell if I'm VPN'd into my company. Klunky, but it works and it's fast - no waiting for a ping to timeout.

Note that with the recent version of the Cisco VPN Client, Cisco published an API. Unfortunately, it's only for Microsoft Windows. Maybe they'll produce one for Macs some day.

Answer 5

There are several ways, actually, without using the API (which I still cant find/DL)

One of the easiest ways is to check a registry setting found at: HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems\VPN Client\AllAccess\TunnelEstablished (0 or 1)

Another way is to do it is to detect it by the name of the network interface it establishes via using ManagementObjectSearcher, sample code below:

  ManagementObjectSearcher query = null;
                try { query = new ManagementObjectSearcher("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'TRUE'"); }
                catch (Exception ex)
                {

                }
                // "native code call stack error" 
                try { queryCollection = query.Get(); }
                catch (Exception ex)
                {

                }
                int i = 0;
                try
                {
                    foreach (ManagementObject mo in queryCollection)
                    {
                        MojPopisDostupnih[i] = mo["Description"].ToString();
                        // networksListBox.Items.Add(mo["Description"].ToString());
                        i = i + 1;
                    }
                    for (int j = 0; j <= MojPopisDostupnih.Length - 1; j++)
                    {
                        if (MojPopisDostupnih[j] != null)
                        {
                            if (MojPopisDostupnih[j].IndexOf("Cisco Systems VPN Adapter") != -1)
                            {  }
                            else 
                             {  }
                        }
                    }
                }
                catch (Exception ex)
                {

                }

Yet another way is to use process.start to run a CLI (command line) of "vpnclient stat", redirect standard output to a stringbuilder in your app and then check the string whether it contains appropriate data - for more info on this see here:

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/guide/vcAch5.html

Answer 6

Well if all else fails, parse the output of "route". The routing used by CiscoVPN has a telltale mark there.