Is there anyway to check if I'm connected via a VPN through command line?

I'm using OpenVPN and I'm asking this question because whenever I'm connected over the VPN I try to do a simple: traceroute google.com and it doesn't bounce on the OpenVPN server. It just goes through the same route that it does without the VPN.

I tried to route http traffic through the VPN

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"

and it worked. My question here is to avoid using this method every time I create a new key to a client to make sure he is connected through the VPN.

I read that you can do a simple ifconfig -a. If the you have some sort of tunnel interface you are connected but how can you be sure that your traffic is going through the VPN?

Summary:

I'm the client of an OpenVPN. Is there anyway I can check if I'm connected through the VPN over command line? Something like traceroute.


Solution 1:

I have been googling much more than I care to admit about this matter. Here is the problems:

  • A VPN is a direct "tunnel" to your VPNServer. If you are trying to use a traceroute it will not bounce on the server because it's a tunnel. It doesn't have to bounce at the "end of the tunnel".
  • traceroute is a layer 3 utility and VPN is a layer 2 protocol. As far as I read there isnt any utility that operates on level 2 layer.

The only way you can see if you are connected through the VPN is doing a tcpdumpon the server and see if you have any traffic going through the server or the usual ifconfig -aand checks if there is any tun0as an interface.

Solution 2:

From the command line you can run:

vpn status

This provides a lot of output, but, if it is connected, you will see several lines with the string Connected (note the capital "C"). If not connected, you will see many other strings containing Disconnected (note the capital "D").

Therefore something as simple as:

vpn status | grep Disconnected | wc -l

will return a string integer > 0 if disconnected and zero if connected.

Or if you prefer:

vpn status | grep Connected | wc -l

returns a string integer > 0 if connected and zero otherwise.

There are many other ways to parse this, but the key is using the output of vpn status.