Jump to content
lyoder

Create/Update Windows VPN

Recommended Posts

This script will check to see if a VPN connection with the given name exists. If it does exist, it updates the VPN connection. If it does not exist, it creates a VPN connection with the given values.

Note: I believe Pulseway runs PowerShell scripts under the Local System account by default (unless you have defined PowerShell User Impersonation in the Pulseway Manager, I think). In order to expose the VPN to users, this script runs against the Global Phone Book (-AllUserConnection switch). Therefore, this script does not check for the existence of VPN profiles stored in individual user Phone Books. (If an existing user VPN profile exists, this script will create a new VPN in the Global Phone Book, as it will not be able to see the existing user VPN.)

This script was developed and tested on Windows 10, but should also work on Windows 8/8.1.

PowerShell VpnClient documentation: https://docs.microsoft.com/en-us/powershell/module/vpnclient/?view=win10-ps

################################
# VARIABLES
$Name = "VPN"
$ServerAddress = "vpn.domain.com" # IP Address or FQDN
$TunnelType = "Automatic" # Values: PPTP | L2TP | SSTP | IKEv2 | Automatic
$L2tpPsk = '[Insert PSK Here]'
$AuthenticationMethod = "MSCHAPv2" # Values: PAP | CHAP | MSCHAPv2 | EAP
$EncryptionLevel = "Optional" # Values: NoEncryption | Optional | Required | Maximum
$UseWinlogonCredential = $true
$RememberCredential = $true
$SplitTunneling = $true
$DnsSuffix = 'domain.local'
################################

# If PowerShell supports VPN configuration, apply VPN configuration
if (Get-Command 'Get-VpnConnection') {
    # If VPN exists, update VPN settings
    if (Get-VpnConnection -Name $Name -AllUserConnection -ErrorAction SilentlyContinue) {
        Set-VpnConnection -Name $Name -AllUserConnection -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -SplitTunneling $SplitTunneling -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential -Force
    }
    # Else, create VPN connection
    else {
        Add-VpnConnection -Name $Name -AllUserConnection $true -ServerAddress $ServerAddress -TunnelType $TunnelType -EncryptionLevel $EncryptionLevel -AuthenticationMethod $AuthenticationMethod -DnsSuffix $DnsSuffix -L2tpPsk $L2tpPsk -Force
        Set-VpnConnection -Name $Name -AllUserConnection -SplitTunneling $SplitTunneling -UseWinlogonCredential $UseWinlogonCredential -RememberCredential $RememberCredential
    }
    return Get-VpnConnection -Name $Name -AllUserConnection
    exit
}
# Else, exit with failure code
else {
  	return "Client does not support VpnClient cmdlets"
	exit 1
}

 

Edited by lyoder

Share this post


Link to post
Share on other sites

It will create/update in Global phone book. But if a user has already created manually, then it won't work. Because,

Get-VpnConnection -Name $Name -AllUserConnection

will give no result. it will try to add a vpn which will through the error like VPN with same name already exists

Share this post


Link to post
Share on other sites
On 12/20/2019 at 2:08 AM, Biswa said:

It will create/update in Global phone book. But if a user has already created manually, then it won't work. Because,


Get-VpnConnection -Name $Name -AllUserConnection

will give no result. it will try to add a vpn which will through the error like VPN with same name already exists

This is by design. In order for a VPN connection to be used by all users, it must be at a level where all users can access it. So the VPN runs as system. This is why you can't see it's connection listed in Windows as the user. To run Powershell as system, you can modify the command line or check it out here

 

Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList '/k C:\SysinternalsSuite\PsExec.exe -i -s powershell.exe'

Share this post


Link to post
Share on other sites

How about adding some logic, if exist use vpnname-1 , vpnname-2 vpnname--3 ect..... who knows the user maybe tried setting up or heck even the other admin and messed it up and you want to have a working vpn connection. Just a thought.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By SpartanGolf6
      I use Pulseway to monitor my finicky Dell Inspiron 15 7000 Gaming Laptop and I noticed my laptop has thousands upon thousands of logs in Event Logs. I specifically need the 'Application Event Logs', 'Security' and 'System' event logs saved, ideally as a .CSV file. I don't know much PowerShell/Bash/VBScript, so I was hoping someone knows how to do this.
    • By Joe Savage
      Hi there,
      Just wondering if this is an option. I attempted to do the following with batch, but didn't work due to the %appdata% value resolving to somewhere in C:\Windows.
      mkdir %appdata%\Microsoft\Teams\Backgrounds\Uploads copy "\\SERVER\SHARE\Teams Backup Images\*.jpg" %appdata%\Microsoft\Teams\Backgrounds\Uploads /y  
      Any ideas?
      Cheers,
      Joe
    • By Joe Savage
      Hi there,
      This might be a bit of a long shot - but I have an end client who's interested in deploying custom Teams issues with Pulseway (as there aren't many users in-office for obvious reasons).
      I've attempted to deploy this by pushing a batch script, to copy the backgrounds from a shared location. The backgrounds folder in question is located in the user's roaming appdata (%appdata%\Microsoft\Teams\Backgrounds\Uploads). For this reason I wasn't able to use %username% correctly in my batch script, as the script is being run by some Pulseway service, rather than as the local user account.
       
      Please let me know if you've any ideas and have a great day.
       
      Cheers,
      Joe
    • By Sean Faria
      Hi,
      I am trying to install GCPW (Google Credential Provider for Windows).
      I am running into issue where with it:
      <# This script downloads Google Credential Provider for Windows from https://tools.google.com/dlpage/gcpw/, then installs and configures it. Windows administrator access is required to use the script. #> <# Set the following key to the domains you want to allow users to sign in from. For example: $domainsAllowedToLogin = "acme1.com,acme2.com" #> $domainsAllowedToLogin = "" Add-Type -AssemblyName System.Drawing Add-Type -AssemblyName PresentationFramework <# Check if one or more domains are set #> if ($domainsAllowedToLogin.Equals('')) { $msgResult = [System.Windows.MessageBox]::Show('The list of domains cannot be empty! Please edit this script.', 'GCPW', 'OK', 'Error') exit 5 } function Is-Admin() { $admin = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match 'S-1-5-32-544') return $admin } <# Check if the current user is an admin and exit if they aren't. #> if (-not (Is-Admin)) { $result = [System.Windows.MessageBox]::Show('Please run as administrator!', 'GCPW', 'OK', 'Error') exit 5 } <# Choose the GCPW file to download. 32-bit and 64-bit versions have different names #> $gcpwFileName = 'gcpwstandaloneenterprise.msi' if ([Environment]::Is64BitOperatingSystem) { $gcpwFileName = 'gcpwstandaloneenterprise64.msi' } <# Download the GCPW installer. #> $gcpwUrlPrefix = 'https://dl.google.com/credentialprovider/' $gcpwUri = $gcpwUrlPrefix + $gcpwFileName Write-Host 'Downloading GCPW from' $gcpwUri Invoke-WebRequest -Uri $gcpwUri -OutFile $gcpwFileName <# Run the GCPW installer and wait for the installation to finish #> $arguments = "/i "$gcpwFileName"" $installProcess = (Start-Process msiexec.exe -ArgumentList $arguments -PassThru -Wait) <# Check if installation was successful #> if ($installProcess.ExitCode -ne 0) { $result = [System.Windows.MessageBox]::Show('Installation failed!', 'GCPW', 'OK', 'Error') exit $installProcess.ExitCode } else { $result = [System.Windows.MessageBox]::Show('Installation completed successfully!', 'GCPW', 'OK', 'Info') } <# Set the required registry key with the allowed domains #> $registryPath = 'HKEY_LOCAL_MACHINE\Software\Google\GCPW' $name = 'domains_allowed_to_login' [microsoft.win32.registry]::SetValue($registryPath, $name, $domainsAllowedToLogin) $domains = Get-ItemPropertyValue HKLM:\Software\Google\GCPW -Name $name if ($domains -eq $domainsAllowedToLogin) { $msgResult = [System.Windows.MessageBox]::Show('Configuration completed successfully!', 'GCPW', 'OK', 'Info') } else { $msgResult = [System.Windows.MessageBox]::Show('Could not write to registry. Configuration was not completed.', 'GCPW', 'OK', 'Error') }
       
      I have tried the following:
      1. Run from batch file -- error "run as admin" but admin parameter was added
      2. Run from PowerShell --  error "leaves the script running forever"
      3. Pushed file to user and ran it (1) PowerShell -- error "needs run as admin" but admin parameter was added (2) batch -- error "script non-responsive"
    • By kappnet
      Hi,
      I am looking for a script that can trigger a 3rd party patch policy ad-hoc outside the policy schedule.
      It´s going to be used to start the installation process of software on newly registered machines in a "Computer registered" workflow.
      If there is anyone with another take on that I´m all ears.

      Best regards

      Mike

       
       
×
×
  • Create New...