Now 'ucsf vpn status' and 'ucsf vpn routing' reports on tunnel devices (

fix #63)
HenrikBengtsson · May 16, 2024 · 8cf18dc · 8cf18dc
1 parent cd0c541
commit 8cf18dc
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 8 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -18,8 +18,9 @@ ucsf-vpn
 
  * Add `ucsf vpn routing`, which shows the current IP routing table.
    It also reports on the default non-VPN network interface on the
-   machine.  By specifying `--full`, IP numbers are annotated with
-   hostnames and `whois` information, if available.
+   machine, and any tunnel devices.  By specifying `--full`, IP
+   numbers are annotated with hostnames and `whois` information, if
+   available.
 
  * Now `ucsf vpn start` and `ucsf vpn stop` wait for the updating of
    the IP routing table (`ip route show`) to finish before returning.
@@ -28,7 +29,8 @@ ucsf-vpn
    changes to your IP routing table (per `ip route show`).
 
  * Now `ucsf vpn status` reports also on how long ago and when the
-   OpenConnect process was started, if it exists.
+   OpenConnect process was started, if it exists. It also reports on
+   any IP routing tunnel devices.
 
  * Now `ucsf vpn` gives an error if it detects an unknown `--<flag>`
    or an unknown `--<key>=<value>` option.

diff --git a/README.md b/README.md
@@ -22,6 +22,7 @@ Enter the password for your account ('alice84') on your local computer ('alice-l
 Enter your UCSF Active Directory password: <password>
 Enter 'push' (default), 'phone', 'sms', a 6 or 7 digit Duo token, or press your YubiKey: <six-digit token>
 OK: OpenConnect status: 'openconnect' process running (started 00h00m01s ago on 2024-05-13T09:05:20-07:00; PID=14549)
+OK: IP routing tunnels: [n=1] tun0
 OK: Public IP information: ip=128.218.43.42, hostname=, org=AS5653 University of California San Francisco
 OK: Connected to the VPN
 ```
@@ -44,6 +45,7 @@ To disconnect from the UCSF VPN, call:
 ```sh
 $ ucsf-vpn stop
 OK: OpenConnect status: No 'openconnect' process running
+OK: IP routing tunnels: none
 OK: Public IP information: ip=123.145.254.42, hostname=123.145.254.42.fiber.dynamic.sonic.net, org=AS46375 Sonic Telecom LLC
 OK: Not connected to the VPN
 ```
@@ -56,6 +58,7 @@ To check whether you are connected to the UCSF VPN or not, call:
 ```sh
 $ ucsf-vpn status
 OpenConnect status: 'openconnect' process running (started 08h31m27s ago on 2024-05-13T16:20:00-07:00; PID=17419)
+IP routing tunnels: [n=1] tun0
 Public IP information: ip=128.218.43.42, hostname=, org=AS5653 University of California San Francisco
 Connected to the VPN
 ```
@@ -228,7 +231,7 @@ Useful resources:
 * UCSF Managing Your Passwords:
   - https://it.ucsf.edu/services/managing-your-passwords
 
-Version: 5.7.0-9020
+Version: 5.7.0-9022
 Copyright: Henrik Bengtsson (2016-2024)
 License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 Source: https://github.com/HenrikBengtsson/ucsf-vpn

diff --git a/README.md.tmpl b/README.md.tmpl
@@ -22,6 +22,7 @@ Enter the password for your account ('alice84') on your local computer ('alice-l
 Enter your UCSF Active Directory password: <password>
 Enter 'push' (default), 'phone', 'sms', a 6 or 7 digit Duo token, or press your YubiKey: <six-digit token>
 OK: OpenConnect status: 'openconnect' process running (started 00h00m01s ago on 2024-05-13T09:05:20-07:00; PID=14549)
+OK: IP routing tunnels: [n=1] tun0
 OK: Public IP information: ip=128.218.43.42, hostname=, org=AS5653 University of California San Francisco
 OK: Connected to the VPN
 ```
@@ -44,6 +45,7 @@ To disconnect from the UCSF VPN, call:
 ```sh
 $ ucsf-vpn stop
 OK: OpenConnect status: No 'openconnect' process running
+OK: IP routing tunnels: none
 OK: Public IP information: ip=123.145.254.42, hostname=123.145.254.42.fiber.dynamic.sonic.net, org=AS46375 Sonic Telecom LLC
 OK: Not connected to the VPN
 ```
@@ -56,6 +58,7 @@ To check whether you are connected to the UCSF VPN or not, call:
 ```sh
 $ ucsf-vpn status
 OpenConnect status: 'openconnect' process running (started 08h31m27s ago on 2024-05-13T16:20:00-07:00; PID=17419)
+IP routing tunnels: [n=1] tun0
 Public IP information: ip=128.218.43.42, hostname=, org=AS5653 University of California San Francisco
 Connected to the VPN
 ```

diff --git a/bin/ucsf-vpn b/bin/ucsf-vpn
@@ -135,7 +135,7 @@
 ### * UCSF Managing Your Passwords:
 ###   - https://it.ucsf.edu/services/managing-your-passwords
 ###
-### Version: 5.7.0-9021
+### Version: 5.7.0-9022
 ### Copyright: Henrik Bengtsson (2016-2024)
 ### License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 ### Source: https://github.com/HenrikBengtsson/ucsf-vpn
@@ -354,6 +354,13 @@ function routing_details() {
     fi
 
     echo "Default non-VPN network interface: $(ip_route_novpn_interface)"
+    mapfile -t info < <(ip route show | grep -E "\btun[[:digit:]]?\b" | cut -d ' ' -f 3 | sort -u)
+    if [[ ${#info[@]} -gt 0 ]]; then
+        echo "Tunnel interfaces: [n=${#info[@]}] ${info[*]}"
+    else
+        echo "Tunnel interfaces: none"
+    fi
+
     mapfile -t ip_route < <(ip route show)
     echo "IP routing table (${#ip_route[@]} entries):"
     for kk in "${!ip_route[@]}"; do
@@ -434,6 +441,7 @@ function ip_route_novpn_interface() {
     ip route show | grep -E "^default " | grep -vF " tun" | cut -d ' ' -f 5
 }
 
+
 function wait_for_ip_route_tunnel() {
     local -i max_iter
     mdebug "Wait for tunnel to appear in IP routing table"
@@ -463,6 +471,7 @@ function wait_for_ip_route() {
 function status() {
     local assert mcmd msg ok
     local -i pid
+    local -a info
     local -a msgs
     local -a methods
     local -a connected
@@ -507,13 +516,25 @@ function status() {
                 msg="'openconnect' process running (started ${age} ago on ${timestamp}; PID=${pid})"
             fi
             msgs+=("OpenConnect status: $msg")
+        elif [[ $method == iproute ]]; then
+            mapfile -t info < <(ip route show | grep -E "\btun[[:digit:]]?\b" | cut -d ' ' -f 3 | sort -u)
+            if [[ ${#info[@]} -gt 0 ]]; then
+                connected+=(true)
+                msg="yes (n=${#info[@]} ${info[*]})"
+            else
+                connected+=(false)
+                msg="none"
+            fi
+            msgs+=("IP routing tunnels: ${msg}")
         elif [[ $method == ipinfo ]]; then
             if is_connected; then
                 connected+=(true)
             else
                 connected+=(false)
             fi
             msgs+=("Public IP information: $(public_info)")
+        else
+            merror "Unknown --validate value: $method"
         fi
         mdebug "- connected: [n=${#connected[@]}] ${connected[*]}"
         mdebug "- msgs: [n=${#msgs[@]}] ${msgs[*]}"
@@ -1780,9 +1801,7 @@ fi
 ## Validate 'validate'
 if [[ $method == "openconnect" ]]; then
     if [[ -z $validate ]]; then
-        validate=${UCSF_VPN_VALIDATE:-pid,ipinfo}
-    elif [[ ! $validate =~ ^(ipinfo|pid|pid,ipinfo)$ ]]; then
-        merror "Unknown --validate value: '$validate'"
+        validate=${UCSF_VPN_VALIDATE:-pid,iproute,ipinfo}
     fi
 elif [[ $method == "pulse" ]]; then
     if [[ -z $validate ]]; then