Enhancement: better vpn detection

[Theoreticallyhugo]

it's difficult to figure out whether a vpn is on and what vpn we're dealing with, so i'd like do discuss the situation a little.

the problems

macos

scutil --nc list is the holy grail of figuring out what vpn is connected on macos, except that its very limited.
whilst tailscale and wireguard do show up, others like mullvad, private internet access, and openconnect do not, because only those vpns that were configured in the network settings are listed by scutil --nc list.
as of right now i have found no other command to show vpn connections on macos.

besides, being connected to tailscale will always show a vpn connection, even if you're not routing your traffic via an exit node. this could lead to confusion and accidents where users think that they're safe, whilst they aren't. this issue has been taken care of in #279.

linux

here we check the network device tun0. if it shows an IP address, we assume that you are connected via a vpn, otherwise you aren't. the issue is that not every vpn uses tun0 on linux, meaning that vpns like mullvad with their custom network device will never be detected.

possible solutions to discuss

macos

the only solution i've been able to come up with, is both untested and truly ugly.
some vpns have command line interfaces through with their connection status can be checked.
this means that we could
a) implement a custom check for every vpn we can test -> i wouldn't wanna do that
b) use an extra option and the eval statement that would allow users to inject their own code to manually check the vpn they use.
whilst i wouldn't wanna implement option a), i would for curiosity's sake at least want to try option b).

linux

so far i haven't thoroughly checked whether there are other commands to check for vpn connections, but the simplest option would be to create a list of network devices, that by default is only populated by tun0, and the users can add whatever custom network device they need. this should allow for simple checking of relevant network devices and keep the general structure of our current approach.

please let me know what you think!

[Theoreticallyhugo]

now that i'm thinking about it, we might be able to apply the linux approach to vpns to macos, with the option of adding custom network devices in a list that needs to be checked

EDIT:
we can use ifconfig to figure out which utunX device is active. i'm not sure if we can know which utunX is used by tailscale, but we could always say that if tailscale is on, we need to detect two active utunX devices for there to be an active vpn connection.

[NovaViper]

There probably should be an option to input the name of the VPN interface also. I noticed that on NixOS, the interface for tailscale is called tailscale0 and not tun0, which breaks the VPN plugin

edit: Noticed that you can actually change the interface name for tailscale (it's set to tailscale0 by default)

[ethancedwards8]

Interesting. I'm the NixOS plugin maintainer, but I hadn't tried it over there. I mainly run Arch and only use NixOS on my servers. Thanks for pointing that out. We might should add something in the docs for it (both here and there)