Skip to content

GabrielFarfan/VPN-Connection-Tester

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
vpn_connection_tester.ps1
vpn_connection_tester.ps1
Β 
Β 

Repository files navigation

VPN Connection Tester

A comprehensive PowerShell script for testing VPN connectivity with Nagios integration and detailed diagnostics.

PowerShell License Platform

🎯 Overview

This script provides comprehensive VPN connectivity testing with specific focus on Cisco AnyConnect environments. It performs multiple validation tests to ensure your VPN connection is not only established but actually working correctly, including verification that traffic routes through the VPN tunnel.

Key Features

  • πŸ” Multi-layered VPN Detection: Network interfaces, CLI integration, services, and processes
  • 🌐 VPN Tunnel Validation: Ensures traffic actually routes through VPN (no bypass)
  • πŸ₯ Nagios Integration: Ready-to-use monitoring with performance data
  • ⚑ VPN Server Response Time: Tracks actual server connectivity performance
  • πŸŽ›οΈ Flexible Configuration: Test any internal server with custom ports
  • πŸ“Š Comprehensive Reporting: 8 different connectivity tests with scoring
  • πŸ”§ Cross-Platform: Works on Windows PowerShell 5.1+ and PowerShell Core

πŸš€ Quick Start

Basic Usage

# Download and run basic VPN test
.\vpn_connection_tester.ps1

# Test specific VPN server with custom ports
.\vpn_connection_tester.ps1 -VpnServer "myserver.local" -Ports 80,443,1433

# Nagios monitoring mode
.\vpn_connection_tester.ps1 -Nagios -VpnServer "db-server" -Ports 1433,5432

Example Output

=== VPN CONNECTION SUMMARY ===
Network Interface Detection: βœ“ PASS
CLI Status Check:           βœ“ PASS  
VPN Services Running:       βœ“ PASS
VPN Processes Running:      βœ“ PASS
VPN Routing Detected:       βœ“ PASS
Internet Connectivity:      βœ“ PASS
VPN Server Access:          βœ“ PASS
DNS Resolution:             βœ“ PASS

Overall Score: 8/8 (100%)
🟒 VPN Status: CONNECTED AND WORKING

πŸ“‹ Test Categories

The script performs 8 comprehensive tests:

Test Description What It Validates
Network Interface Detection Scans for active VPN adapters Physical VPN connection
CLI Status Check Cisco AnyConnect CLI integration Official connection status
VPN Services Windows service monitoring VPN software running
VPN Processes Process detection VPN client active
Routing Analysis Network route validation Traffic routing setup
Internet Connectivity External host ping tests Basic internet access
VPN Server Access Internal server connectivity VPN tunnel functionality
DNS Resolution Domain name resolution DNS through VPN

πŸŽ›οΈ Parameters

Core Parameters

Parameter Type Default Description
-VpnServer String "carvmxdev3" Internal server to test VPN access
-Ports Int[] 80,443,22 Ports to test on VPN server
-TestHost String "8.8.8.8" External host for internet connectivity
-TimeoutSeconds Int 10 Network operation timeout
-Nagios Switch false Output in Nagios format
-SkipVpnServerTest Switch false Skip VPN server connectivity test
-Detailed Switch false Show detailed diagnostic information

Usage Examples

# Test web server
.\vpn_connection_tester.ps1 -VpnServer "intranet.company.com" -Ports 80,443

# Test database server  
.\vpn_connection_tester.ps1 -VpnServer "sql-server" -Ports 1433,1434

# Test multiple services
.\vpn_connection_tester.ps1 -VpnServer "app-server" -Ports 80,443,1433,3389,22

# Skip VPN server test
.\vpn_connection_tester.ps1 -SkipVpnServerTest

# Detailed diagnostics
.\vpn_connection_tester.ps1 -Detailed -VpnServer "fileserver" -Ports 445,139

πŸ” VPN Detection Methods

Cisco AnyConnect Integration

The script specifically targets Cisco AnyConnect with:

  • CLI Integration: Executes vpncli.exe state for official status
  • Interface Detection: Identifies AnyConnect virtual adapters
  • Service Monitoring: Tracks Cisco AnyConnect services
  • Process Detection: Monitors AnyConnect processes

Searched CLI Paths:

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpncli.exe

VPN Tunnel Validation

The script ensures traffic actually uses the VPN tunnel:

  1. Interface Identification: Detects active VPN network adapter
  2. Private IP Validation: Confirms target server is in private ranges (RFC 1918)
  3. Route Verification: Validates routing through VPN interface
  4. DNS Resolution: Tests VPN DNS functionality
  5. Connection Tracking: Measures actual response times through tunnel

πŸ“Š Nagios Integration

Performance Data

The script provides rich performance metrics:

# Nagios output example
OK - VPN server 'carvmxdev3' accessible (45ms) | response_time=45ms;server=carvmxdev3;vpn_server_response_time=45ms

Metrics Included:

  • response_time: VPN server average response time (primary metric)
  • server: Name of tested VPN server
  • vpn_server_response_time: Specific server timing
  • total_script_time: Complete test duration

Exit Codes

Code Status Condition Tests Passed
0 OK VPN working properly 7-8 tests
1 WARNING Partial connectivity 5-6 tests
2 CRITICAL VPN issues/disconnected 0-4 tests
3 UNKNOWN Script error N/A

Nagios Configuration

Commands Definition

define command {
    command_name    check_vpn_server
    command_line    powershell.exe -ExecutionPolicy Bypass -File "C:\\scripts\\vpn_connection_tester.ps1" -Nagios -VpnServer $ARG1$ -Ports $ARG2$
}

Service Definition

define service {
    use                     generic-service
    host_name               vpn-client
    service_description     VPN Server Access - Database
    check_command           check_vpn_server!db-server!1433,5432
    max_check_attempts      3
    normal_check_interval   5
    retry_check_interval    2
}

πŸ› οΈ Installation

Prerequisites

  • Windows 10/11 or Windows Server 2016+
  • PowerShell 5.1+ (built into Windows)
  • Network adapter access (for interface detection)
  • Cisco AnyConnect (for CLI integration)

Installation Steps

  1. Download the script:

    # Download directly
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/GabrielFarfan/VPN-Connection-Tester/main/vpn_connection_tester.ps1" -OutFile "vpn_connection_tester.ps1"

# Or clone the repository
git clone https://github.com/GabrielFarfan/VPN-Connection-Tester.git

  2. Set execution policy (if needed):

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

  3. Test the installation:

    .\vpn_connection_tester.ps1 -VpnServer "your-server" -Ports 80,443

Scheduled Task Setup

For automated monitoring, create a scheduled task:

# Create scheduled task for regular VPN monitoring
$Action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\Scripts\vpn_connection_tester.ps1 -Nagios -VpnServer myserver -Ports 80,443"
$Trigger = New-ScheduledTaskTrigger -RepetitionInterval (New-TimeSpan -Minutes 5) -Once -At (Get-Date)
$Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries
Register-ScheduledTask -TaskName "VPN Monitor" -Action $Action -Trigger $Trigger -Settings $Settings

🎯 Use Cases

Development Teams

# Test development server access
.\vpn_connection_tester.ps1 -VpnServer "dev-server" -Ports 80,443,3000,8080

Database Administrators

# Monitor database connectivity
.\vpn_connection_tester.ps1 -VpnServer "db-prod" -Ports 1433,5432,3306 -Nagios

System Administrators

# Infrastructure monitoring
.\vpn_connection_tester.ps1 -VpnServer "domain-controller" -Ports 389,636,3268

Remote Workers

# Daily connectivity check
.\vpn_connection_tester.ps1 -VpnServer "fileserver" -Ports 445,139 -Detailed

πŸ”§ Troubleshooting

Common Issues

"No VPN interfaces detected"

  • Ensure VPN client is installed and connected
  • Check if interface names match detection patterns
  • Run with -Detailed for interface listing

"VPN server not accessible"

  • Verify server name/IP is correct
  • Check if server is behind VPN (private IP range)
  • Confirm firewall allows the tested ports

"DNS resolution failed"

  • VPN DNS may not be configured properly
  • Try using IP address instead of hostname
  • Check VPN client DNS settings

PowerShell execution policy errors

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Debug Mode

For detailed troubleshooting:

.\vpn_connection_tester.ps1 -Detailed -VpnServer "problematic-server" -Ports 80,443

πŸ“ˆ Performance Considerations

  • Script execution time: Typically 5-15 seconds
  • Network timeout: Configurable (default 10 seconds)
  • VPN server response time: Measured in milliseconds
  • Memory usage: Minimal (<10MB)
  • CPU usage: Low impact

🀝 Contributing

Contributions are welcome! Please feel free to submit pull requests or open issues.

Development Setup

# Clone the repository
git clone https://github.com/GabrielFarfan/VPN-Connection-Tester.git
cd VPN-Connection-Tester

# Test your changes
.\vpn_connection_tester.ps1 -Detailed

Testing Checklist

  • Test with Cisco AnyConnect connected/disconnected
  • Verify Nagios output format
  • Test with various server types (web, database, file)
  • Check cross-platform compatibility
  • Validate performance data accuracy

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ™ Acknowledgments

  • Cisco AnyConnect team for CLI tools
  • PowerShell community for networking modules
  • Nagios project for monitoring standards
  • Contributors and testers

πŸ“ž Support

Made with ❀️ for reliable VPN monitoring

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages