npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@wellau/sslvpn

v0.2.0

Published

Wellau SSL VPN desktop maintenance tools for OpenConnect, tray status, and guarded reconnects.

Downloads

514

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sd4494093sd4494093

Keywords

Readme

Wellau SSL VPN Maintenance

This package owns the local Wellau SSL VPN maintenance surface for Windows, macOS, and Linux. The cross-platform contract is the CLI surface; the tray GUI remains Linux-only.

Goals:

  • Install the OpenConnect GUI integration for NetworkManager on Linux.
  • Provide a visible manual status/reconnect entry point.
  • Keep Wellau private-route health checks repeatable.
  • Avoid hiding VPN state behind a background-only openconnect process.

Quick Start

npm install -g @wellau/sslvpn

Create the local credential file:

wellau-vpn-connect-env --write-example-env

Fill:

WELLAU_VPN_GATEWAY=vpn.wellau.com
WELLAU_VPN_USERNAME=wellau-ops-admin

Then add WELLAU_VPN_PASSWORD locally in that file.

Linux desktop optional setup:

bash "$(npm root -g)/@wellau/sslvpn/scripts/install-ubuntu.sh"
bash "$(npm root -g)/@wellau/sslvpn/scripts/configure-networkmanager.sh"
bash "$(npm root -g)/@wellau/sslvpn/scripts/install-desktop-entry.sh"
bash "$(npm root -g)/@wellau/sslvpn/scripts/install-autostart.sh"
bash "$(npm root -g)/@wellau/sslvpn/scripts/install-user-health-timer.sh"
bash "$(npm root -g)/@wellau/sslvpn/scripts/disable-networkmanager-tun0-management.sh"

Cross-platform status check:

wellau-vpn-status --fresh

Live authentication check without reconnecting the tunnel:

wellau-vpn-connect-env --auth-only

Linux tray launcher:

wellau-vpn-gui

Start or restart the tray in the current desktop session:

wellau-vpn-start-tray

Or open the NetworkManager editor directly:

nm-connection-editor

Canonical VPN Profile

  • Name: Wellau SSL VPN
  • Gateway: vpn.wellau.com
  • Protocol: AnyConnect / OpenConnect
  • Authentication order: account password only
  • Local credential file:
    • Linux/macOS: ~/.config/wellau-sslvpn/.env
    • Windows: %APPDATA%\wellau-sslvpn\.env

The expected connected state is:

  • tun0 exists
  • 172.31.0.0/16 routes through tun0
  • 172.32.0.0/16 routes through tun0
  • internal-k8s-wellauhksub2apiad-5a69e59c8d-263820691.ap-east-1.elb.amazonaws.com responds on /admin over HTTP; ICMP is reported as diagnostic because the target is an AWS ALB.
  • http://172.32.4.201:8317/v1/models returns an expected L1 401 auth challenge, proving CPA shard 001 is online.
  • Optional L2 API key probe returns 200 when WELLAU_CPA_SHARD_001_API_KEY or ~/.config/wellau-sslvpn/cpa-shard-001-api-key is configured.
  • OpenConnect should use DTLS when UDP 443 is available. The server advertises X-DTLS-Port: 443; the client should report DTLS connected. Set OPENCONNECT_DISABLE_DTLS=1 only as a temporary fallback for networks that block UDP 443.

Local Credentials

The package uses the user config directory for local-only VPN credential lookup. The tracked .env.example documents the fields; the real .env stays local-only. WELLAU_VPN_USERNAME is used by the NetworkManager profile and OpenConnect command. WELLAU_VPN_PASSWORD is stored only for local operator lookup and is never printed by the scripts.

The npm package must never contain live credentials. prepack and prepublishOnly run a secret gate that fails if the tarball would include .env, runtime env files, API key files, auth tokens, private keys, or non-empty VPN secret values.

If NetworkManager reports No agents were available for this request, use Connect from .env (terminal) in the tray or run wellau-vpn-connect-env. That path reads .env, authenticates with OpenConnect using the account password only, and starts one background VPN process without enabling the legacy supervisor.

Use Reconnect from .env when the tray reports control=ok data=fail: it forces a reconnect by stopping the existing OpenConnect pid before authentication, then starts a fresh tunnel from the installed clone's .env.

Platform Support

  • Windows: wellau-vpn-status, wellau-vpn-connect-env, wellau-vpn-watchdog, wellau-vpn-legacy-reconnect
  • macOS: wellau-vpn-status, wellau-vpn-connect-env, wellau-vpn-watchdog, wellau-vpn-legacy-reconnect
  • Linux: all CLI commands above plus wellau-vpn-gui and wellau-vpn-start-tray

GUI Capabilities

  • Tray status icon: online/degraded state updated every 60 seconds.
  • Refresh status: runs the full Wellau private-route health check.
  • ICMP ping checks for HK jumpserver, US GW, and CPA shard 001 VIP. HK admin ALB is checked by TCP/HTTP, not ICMP.
  • Connect from .env, Disconnect .env tunnel, Reconnect from .env: controls the local OpenConnect tunnel from the installed clone's .env; reconnect is forced and replaces the old pid before authentication.
  • Connect from .env (terminal): one-shot OpenConnect connection using local .env credentials when NetworkManager has no secret agent.
  • Legacy terminal reconnect: opens the interactive sudo openconnect vpn.wellau.com fallback.
  • Open status window: shows process, tun0, route, TCP, and CPA probe evidence.

Watchdog

wellau-vpn-health.timer runs wellau-vpn-watchdog once per minute. It is not the old reconnect loop: it reconnects immediately when control=fail because OpenConnect, tun0, or split routes are missing, and it reconnects after consecutive control=ok data=fail status checks for CSTP data-plane blackouts. Watchdog uses fresh status checks, records a long cooldown only after a successful reconnect, and uses a short failed-attempt cooldown so one failed authentication/connect attempt does not block recovery for ten minutes.

The preferred transport is DTLS over UDP 443. Keeping all tunnel traffic on TCP CSTP can amplify packet loss into head-of-line blocking, which matches the observed 20-30 second ICMP RTT bursts. The connector therefore defaults to DTLS and leaves OPENCONNECT_DISABLE_DTLS=1 as an explicit fallback.

Commands

wellau-vpn-status
wellau-vpn-status --fresh
wellau-vpn-gui
WELLAU_VPN_STOP_OLD_BEFORE_AUTH=1 wellau-vpn-connect-env
wellau-vpn-legacy-reconnect

Files Installed Locally

  • ~/.local/bin/wellau-vpn-status
  • ~/.local/bin/wellau-vpn-gui
  • ~/.local/bin/wellau-vpn-connect-env
  • ~/.local/bin/wellau-vpn-watchdog
  • ~/.local/bin/wellau-vpn-legacy-reconnect
  • ~/.local/share/applications/wellau-sslvpn.desktop
  • ~/.config/autostart/wellau-sslvpn-tray.desktop
  • ~/.config/systemd/user/wellau-vpn-health.service
  • ~/.config/systemd/user/wellau-vpn-health.timer
  • ~/.config/wellau-sslvpn/runtime.env
  • ~/.config/wellau-sslvpn/.env