Skip navigation

Finding a VPN Connection's IP Address


I want a script that can tell me the IP address of a VPN connection on a VPN client. Do you have any ideas about how to do this?

Determining the IP address of an established VPN connection can be useful when you want to know whether a particular VPN tunnel is established. For example, if split tunneling is enabled, you might use this IP address to add entries to your routing table. (See for more information about split tunneling.)

As you might already know, the Windows Management Instrumentation (WMI) Win32_NetworkAdapter and Win32_NetworkAdapterConfiguration classes provide a host of properties and methods that deal with the system's network adapters and associated configurations. However, neither class has a dedicated WMI property that determines whether an adapter is a VPN adapter.

I've found that connected Microsoft VPN adapters have a description beginning with WAN Miniport in the Win32_NetworkAdapter class. (Other vendors' proprietary VPN clients will likely have a different description.) However, this class doesn't include the IPEnabled or IPAddress properties that we need to narrow our search—those properties are in the Win32_NetworkAdapterConfiguration class. To work around this problem, we can use the Win32_NetworkAdapterSetting associator class (WMI associator classes connect two associated classes) to retrieve the relevant properties.

We need a solution that first uses the Win32_NetworkAdapterConfiguration class to retrieve the collection of IP-enabled network adapters, then, for each instance in this collection, retrieves the associated Win32_NetworkAdapter instance, and finally, returns the first IP address in the Win32_NetworkAdapterConfiguration instance's IPAddress property if the Win32_NetworkAdapter instance's Description property starts with WAN Miniport. GetVPNIP.vbs, which Listing 3 shows, implements these steps in VBScript. GetVPNIP.js, which Listing 4 shows, is the corresponding JScript implementation.

At callout A in Listing 3 and Listing 4, the script executes a WMI query that returns a collection of IP-enabled Win32_NetworkAdapterConfiguration instances. Next, the script iterates each instance in the collection. The code at callout B in Listing 3 and Listing 4 uses WMI's AssociatorsOf() method to retrieve the Win32_NetworkAdapter object that's associated with the Win32_NetworkAdapterConfiguration object via the Win32_NetworkAdapterSetting class. (See atnc_basic.mspx for information about how the two classes are associated.) The AssociatorsOf() method returns a collection of Win32_NetworkAdapterSetting instances, which the script iterates with another For Next loop. If the associated Win32_Adapter object's Description property starts with WAN Miniport, the script echoes the first IP address in the Win32_ NetworkAdapterConfiguration object. (The IPAddress property is an array, and the script echoes only the first item of that array.)

As I said, this information likely applies only to Microsoft VPN adapters; other vendors might approach VPNs differently. For example,-Cisco System's VPN client installs its own adapter, so you would need to modify the scripts in Listing 3 and Listing 4 to match the properties that the Cisco adapter uses.

Bill Stewart (bill.stewart@frenchmortuary .com) is the systems and network administrator for French Mortuary in Albuquerque, New Mexico.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.