Jump to content
lyoder

Create/Update Windows VPN

Recommended Posts

Posted (edited)

This script will check to see if a VPN connection with the given name exists. If it does exist, it updates the VPN connection. If it does not exist, it creates a VPN connection with the given values.

Note: I believe Pulseway runs PowerShell scripts under the Local System account by default (unless you have defined PowerShell User Impersonation in the Pulseway Manager, I think). In order to expose the VPN to users, this script runs against the Global Phone Book (-AllUserConnection switch). Therefore, this script does not check for the existence of VPN profiles stored in individual user Phone Books. (If an existing user VPN profile exists, this script will create a new VPN in the Global Phone Book, as it will not be able to see the existing user VPN.)

This script was developed and tested on Windows 10, but should also work on Windows 8/8.1.

PowerShell VpnClient documentation: https://docs.microsoft.com/en-us/powershell/module/vpnclient/?view=win10-ps

################################
# VARIABLES
$Name = "VPN"
$ServerAddress = "vpn.domain.com" # IP Address or FQDN
$TunnelType = "Automatic" # Values: PPTP | L2TP | SSTP | IKEv2 | Automatic
$L2tpPsk = '[Insert PSK Here]'
$AuthenticationMethod = "MSCHAPv2" # Values: PAP | CHAP | MSCHAPv2 | EAP
$EncryptionLevel = "Optional" # Values: NoEncryption | Optional | Required | Maximum
$UseWinlogonCredential = $true
$RememberCredential = $true
$SplitTunneling = $true
$DnsSuffix = 'domain.local'
################################

# If PowerShell supports VPN configuration, apply VPN configuration
if (Get-Command 'Get-VpnConnection') {
    # If VPN exists, update VPN settings
    if (Get-VpnConnection -Name $Name -AllUserConnection -ErrorAction SilentlyContinue) {
        Set-VpnConnection -Name $Name -AllUserConnection -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -SplitTunneling $SplitTunneling -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential -Force
    }
    # Else, create VPN connection
    else {
        Add-VpnConnection -Name $Name -AllUserConnection $true -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -Force
        Set-VpnConnection -Name $Name -AllUserConnection -SplitTunneling $SplitTunneling -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential
    }
    return Get-VpnConnection -Name $Name -AllUserConnection
    exit
}
# Else, exit with failure code
else {
  	return "Client does not support VpnClient cmdlets"
	exit 1
}

 

Edited by lyoder

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By ARoode
      Does anyone have an update script for making and removing snapshots in VMware?
      I would like to use it together with Windows update scripts to search and install updates.
    • By EricS
      I've seen some old posts about this and solutions in older versions that have since been removed. However, I don't see the settings or options in this iteration as of today.
      We monitor some generic services, ie Apache, and other proprietary services that are critical to our program running. At times they hiccup or run into an issue where they fail to start or stop. At this point we would want Pulseway to not only send a notification but also attempt to restart the service(s).
      Any way to accomplish this or any roadmap on getting that feature rolled in?
    • By Your PCMD
      I am curious to know why 3rd party patch mgmt. is an additional paid feature. Before I would get notified for like Adobe Reader needed an update, know I have to pay additional to get this notification?
      What else within the features we already get will be removed to a "module" that we have to pay additional for? I only oversee around 60 endpoints, so I am not a big player, but there are issues now that are making me look and trial other RMM solutions. 
      Today I logged into my dash-panel as I do everyday M-F only to be greeted with 53 notifications for critical updates for Windows. Going into to the systems one by one, I quickly realized that something is not right. When viewing the systems, it clearly stated there were updates for Windows needed, but going to the actual systems available updates, I see "No updates found". Is Windows itself considered a 3rd party now?
      While writing this:
      20 May 2019 08:45
      1 critical update is available on computer 'REDACTED' in group 'REDACTED - Workstations'.   Available Updates
      No Updates Found
      Last Checked: 20 May 2019 08:48    
    • By PaulWTech
      Hi Everyone, As everyone knows Windows Updates are not bullet proof and they cause problems periodically with examples being flashing screens on logins for touch screen machines, lost audio abilities, files going missing and so on.  The goal of this Topic is to provide a way for all the members of this forum to report issues with KB's either that they've experienced or that have been reported elsewhere thus allowing all those participating to determine if they want to adjust their global policies to hold off on a KB or make other changes.  Your participation is greatly appreciated and I'm sure other tech's will be thankful for the information provided.
      If you need to look up a KB this link is useful:
      https://www.catalog.update.microsoft.com/Home.aspx
      Not confirmed, yet, but I believe this will show subsequent KB's related to a errant KB.
    • By LouwrensE
      Good day,
      Firstly I want to state that I am not familiar with this application and that this is the first time that I've worked with it so please go easy on me.
      So I need to setup Remote Access for one of our vendors. I created the account for him but when he tries to log in remotely it gives him an "unable to access remote server" error.
      Could someone point me in the right direction?
      With thanks
×
×
  • Create New...