Jump to content

Create/Update Windows VPN

Recommended Posts

This script will check to see if a VPN connection with the given name exists. If it does exist, it updates the VPN connection. If it does not exist, it creates a VPN connection with the given values.

Note: I believe Pulseway runs PowerShell scripts under the Local System account by default (unless you have defined PowerShell User Impersonation in the Pulseway Manager, I think). In order to expose the VPN to users, this script runs against the Global Phone Book (-AllUserConnection switch). Therefore, this script does not check for the existence of VPN profiles stored in individual user Phone Books. (If an existing user VPN profile exists, this script will create a new VPN in the Global Phone Book, as it will not be able to see the existing user VPN.)

This script was developed and tested on Windows 10, but should also work on Windows 8/8.1.

PowerShell VpnClient documentation: https://docs.microsoft.com/en-us/powershell/module/vpnclient/?view=win10-ps

$Name = "VPN"
$ServerAddress = "vpn.domain.com" # IP Address or FQDN
$TunnelType = "Automatic" # Values: PPTP | L2TP | SSTP | IKEv2 | Automatic
$L2tpPsk = '[Insert PSK Here]'
$AuthenticationMethod = "MSCHAPv2" # Values: PAP | CHAP | MSCHAPv2 | EAP
$EncryptionLevel = "Optional" # Values: NoEncryption | Optional | Required | Maximum
$UseWinlogonCredential = $true
$RememberCredential = $true
$SplitTunneling = $true
$DnsSuffix = 'domain.local'

# If PowerShell supports VPN configuration, apply VPN configuration
if (Get-Command 'Get-VpnConnection') {
    # If VPN exists, update VPN settings
    if (Get-VpnConnection -Name $Name -AllUserConnection -ErrorAction SilentlyContinue) {
        Set-VpnConnection -Name $Name -AllUserConnection -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -SplitTunneling $SplitTunneling -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential -Force
    # Else, create VPN connection
    else {
        Add-VpnConnection -Name $Name -AllUserConnection $true -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -Force
        Set-VpnConnection -Name $Name -AllUserConnection -SplitTunneling $SplitTunneling -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential
    return Get-VpnConnection -Name $Name -AllUserConnection
# Else, exit with failure code
else {
  	return "Client does not support VpnClient cmdlets"
	exit 1


Edited by lyoder
Link to post
Share on other sites
  • 9 months later...

It will create/update in Global phone book. But if a user has already created manually, then it won't work. Because,

Get-VpnConnection -Name $Name -AllUserConnection

will give no result. it will try to add a vpn which will through the error like VPN with same name already exists

Link to post
Share on other sites
  • 7 months later...
On 12/20/2019 at 2:08 AM, Biswa said:

It will create/update in Global phone book. But if a user has already created manually, then it won't work. Because,

Get-VpnConnection -Name $Name -AllUserConnection

will give no result. it will try to add a vpn which will through the error like VPN with same name already exists

This is by design. In order for a VPN connection to be used by all users, it must be at a level where all users can access it. So the VPN runs as system. This is why you can't see it's connection listed in Windows as the user. To run Powershell as system, you can modify the command line or check it out here


Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList '/k C:\SysinternalsSuite\PsExec.exe -i -s powershell.exe'
Link to post
Share on other sites
  • 7 months later...

Is there anyway to create unique User Name and Password pair combinations and store them in the VPN entry?

For example, the:

    -Name $vpnConnectionName 
    -ServerList $vpnServerList 
    -TunnelType $tunnelType 
    -AuthenticationMethod $authenticationMethod 
    -AllUserConnection $false 
    -EncryptionLevel $encryptionLevel
    -RememberCredential $true 
    -Force $true

    -AuthUserName $userName
    -AuthPassword $authPassword


Or at least a way to modify the existing VPNClient module (perhaps c#.NET) in windows 10, etc...

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Similar Content

    • By OnsiteITservices
      Using USB external hard drive as backup devices and each drive can be recognized if manually added to the notifications/storage screen but I need to know if there is a way to set this to be automatic when the drive is replaced either daily or weekly.  Also, where would this be set globally for are servers being monitored. Currently have 8.6.8.
      Thank you,
      Todd Kollars
      Onsite IT Services
    • By Canadian Dental Services
      Hi all,
      I recently did a clean upgrade to Windows 10 on 2 WKSTs previously running Windows 7 with Pulseway installed.  I am now at a loss as to how to re-add these units to my Pulseway instance.
      I see they are still showing up in the “Deployment Successful” tab under “Discovery & Deployment”.
      Is there a way to re-add these units without manually installing the Pulseway app on these WKSTs?
    • By RingTailedLemur7
      Hello, I have a question about the Pulseway app. When the pc is on all of the commands work great and are perfect for managing the pc. But I am attempting to turn on my pc when I am away from my home and then be able to fully control it like I was there. The issue is how the wake up command from sleep or from powered down will not work even when on my home network. How can I fix this. Also a side question, is there a way I would be able to see a live view of the screen or does it only allow screenshots of the screen. Thanks
    • By DQuiram
      We reinstalled Pulseway on a re-imaged system and after the install we noticed issues. In the patch mgmt section, the status was "assign failed" in red. We rebooted the system and then the service was not starting. We checked the service, it was set to start automatically and in the event log it was generating this error: "Service cannot be started.  The handle is invalid"  We removed the system from Pulseway, uninstalled, and reinstalled. Service is starting normally, but still getting the same issue of the patch policy failing to assign. I tried moving the system to another group that did not have a patch policy at all and got the same result. 
    • By Brant
      I've implemented a script that retrieves and stores the Windows Build Version number to a custom field in the system overview.   It works fine on MOST systems.  However, there are a small number systems that are unable to run the script.  The error message displayed includes: Start-Process : This command cannot be run due to the error: The system cannot find the file specified.
      I used the "Insert Output Variable Code" in the script and verified that it includes the inserted text "Start-Process -FilePath "$env:PWY_HOME\CLI.exe" -ArgumentList ("setVariable  .....".
      For some reason, a few systems do not seem to have the environment variable PWY_HOME set.
      It appears that these systems are using the Enable PowerShell User Impersonation option under Pulseway Manger > Settings > Runtime.
      What is the easiest way to make sure that all of my systems have the PWY_HOME variable set so that any future scripts will not fail because of a missing environment variable?
  • Create New...