Jump to content
Pulseway 9.12 is Out!

Create/Update Windows VPN

lyoder

By lyoder
in PowerShell

 Share

Recommended Posts

lyoder

lyoder

Posted
Posted (edited)

This script will check to see if a VPN connection with the given name exists. If it does exist, it updates the VPN connection. If it does not exist, it creates a VPN connection with the given values.

Note: I believe Pulseway runs PowerShell scripts under the Local System account by default (unless you have defined PowerShell User Impersonation in the Pulseway Manager, I think). In order to expose the VPN to users, this script runs against the Global Phone Book (-AllUserConnection switch). Therefore, this script does not check for the existence of VPN profiles stored in individual user Phone Books. (If an existing user VPN profile exists, this script will create a new VPN in the Global Phone Book, as it will not be able to see the existing user VPN.)

This script was developed and tested on Windows 10, but should also work on Windows 8/8.1.

PowerShell VpnClient documentation: https://docs.microsoft.com/en-us/powershell/module/vpnclient/?view=win10-ps 

################################
# VARIABLES
$Name = "VPN"
$ServerAddress = "vpn.domain.com" # IP Address or FQDN
$TunnelType = "Automatic" # Values: PPTP | L2TP | SSTP | IKEv2 | Automatic
$L2tpPsk = '[Insert PSK Here]'
$AuthenticationMethod = "MSCHAPv2" # Values: PAP | CHAP | MSCHAPv2 | EAP
$EncryptionLevel = "Optional" # Values: NoEncryption | Optional | Required | Maximum
$UseWinlogonCredential = $true
$RememberCredential = $true
$SplitTunneling = $true
$DnsSuffix = 'domain.local'
################################

# If PowerShell supports VPN configuration, apply VPN configuration
if (Get-Command 'Get-VpnConnection') {
    # If VPN exists, update VPN settings
    if (Get-VpnConnection -Name $Name -AllUserConnection -ErrorAction SilentlyContinue) {
        Set-VpnConnection -Name $Name -AllUserConnection -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -SplitTunneling $SplitTunneling -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential -Force
    }
    # Else, create VPN connection
    else {
        Add-VpnConnection -Name $Name -AllUserConnection $true -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -Force
        Set-VpnConnection -Name $Name -AllUserConnection -SplitTunneling $SplitTunneling -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential
    }
    return Get-VpnConnection -Name $Name -AllUserConnection
    exit
}
# Else, exit with failure code
else {
  	return "Client does not support VpnClient cmdlets"
	exit 1
}

 

Edited by lyoder
  • 9 months later...
Biswa

Biswa

Posted
Posted

It will create/update in Global phone book. But if a user has already created manually, then it won't work. Because, 

Get-VpnConnection -Name $Name -AllUserConnection

will give no result. it will try to add a vpn which will through the error like VPN with same name already exists

  • 7 months later...
jcoffi

jcoffi

Posted
Posted
On 12/20/2019 at 2:08 AM, Biswa said:

It will create/update in Global phone book. But if a user has already created manually, then it won't work. Because, 


Get-VpnConnection -Name $Name -AllUserConnection

will give no result. it will try to add a vpn which will through the error like VPN with same name already exists

This is by design. In order for a VPN connection to be used by all users, it must be at a level where all users can access it. So the VPN runs as system. This is why you can't see it's connection listed in Windows as the user. To run Powershell as system, you can modify the command line or check it out here

 

Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList '/k C:\SysinternalsSuite\PsExec.exe -i -s powershell.exe'
eDecisions

eDecisions

Posted
Posted

How about adding some logic, if exist use vpnname-1 , vpnname-2 vpnname--3 ect..... who knows the user maybe tried setting up or heck even the other admin and messed it up and you want to have a working vpn connection. Just a thought.

  • 7 months later...
John Schultz

John Schultz

Posted
Posted

Is there anyway to create unique User Name and Password pair combinations and store them in the VPN entry?

For example, the: 

@(
Add-VpnConnection 
    -Name $vpnConnectionName 
    -ServerList $vpnServerList 
    -TunnelType $tunnelType 
    -AuthenticationMethod $authenticationMethod 
    -AllUserConnection $false 
    -EncryptionLevel $encryptionLevel
    -RememberCredential $true 
    -Force $true

    -AuthUserName $userName
    -AuthPassword $authPassword
)

 

Or at least a way to modify the existing VPNClient module (perhaps c#.NET) in windows 10, etc...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...