Skip to content

Instantly share code, notes, and snippets.

@withakay

withakay/windows-vpn.ps1

Created December 11, 2019 16:20
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save withakay/b9c6a5e9420520de632ad1fee1a580cb to your computer and use it in GitHub Desktop.
Save withakay/b9c6a5e9420520de632ad1fee1a580cb to your computer and use it in GitHub Desktop.
Download ZIP
Windows VPN
Raw
windows-vpn.ps1
# Path for the public phonebook. Used as this is an all users connection.
# Change $env:PROGRAMDATA to $env:APPDATA if not creating an AllUserConnection.
$PbkPath = Join-Path $env:PROGRAMDATA 'Microsoft\Network\Connections\Pbk\rasphone.Pbk'
# Update these variables with the actual VPN name, address, and PSK.
$ConnectionName = 'ArrayString0',"ArrayString1", "ArracyString3","ArracyString4"
$ServerAddress = 'meraki-dynamic-ip-address-dynamic-m.com','meraki-dynamic-ip-address-dynamic-m.com','meraki-dynamic-ip-address-dynamic-m.com','meraki-dynamic-ip-address-dynamic-m.com'
$PresharedKey = 'PreSharedKeySecret'
# If no VPNs, rasphone.Pbk may not already exist
# If file does not exist, then create an empty placeholder.
# Placeholder will be overwritten when new VPN is created.
# Change $env:PROGRAMDATA to $env:APPDATA if not creating an AllUserConnection.
If ((Test-Path $PbkPath) -eq $false) {
$PbkFolder = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\pbk\"
# Check if pbk folder actually exists. If it does, create place-holder phonebook.
if ((Test-Path $PbkFolder) -eq $true){
New-Item -path $PbkFolder -name "rasphone.pbk" -ItemType "file" | Out-Null
}
# If pbk folder doesn't exist, make folder then make place-holder phonebook.
else{
$ConnectionFolder = Join-Path $env:PROGRAMDATA "Microsoft\Network\Connections\"
New-Item -path $ConnectionFolder -name "pbk" -ItemType "directory" | Out-Null
New-Item -path $PbkFolder -name "rasphone.pbk" -ItemType "file" | Out-Null
}
}
For ($i=0; $i -le 3; $i++){
#Removes any VPN Connections as specified by the names in $ConnectionName[i] above.
#Itterates through each array element to define VPN Connection, establishes split tunneling on the connection, and allows for up to 10 subnet destinations to be added.
#VALUES FOR DESTINATIONS MUST BE SET. You may need multiple destinations. It's best to add all the subnets a client could potentially use to this section.
#If you don't use a Destination delete that section from this script before running.
#Review your values in the string Arrays ConnectionName[i] and ServerAddress[i] above.
Remove-VpnConnection -AllUserConnection -Name $ConnectionName[$i] -Force -EA SilentlyContinue
Add-VpnConnection -Name $ConnectionName[$i] -ServerAddress $ServerAddress[$i] -AllUserConnection -TunnelType L2tp -L2tpPsk $PresharedKey -AuthenticationMethod Pap -EncryptionLevel Optional -Force -WA SilentlyContinue
Start-Sleep -m 100
Set-VpnConnection -Name $ConnectionName[$i] -SplitTunneling $True -AllUserConnection -WA SilentlyContinue
$Destination1 = 'X.X.X.X/8'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination1
$Destination2 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination2
$Destination3 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination3
$Destination4 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination4
$Destination5 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination5
$Destination6 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination6
$Destination7 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination7
$Destination8 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination8
$Destination9 = 'X.X.X.X/24'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination9
$Destination10 = 'X.X.X.X/16'
Start-Sleep -m 100
Add-Vpnconnectionroute -Connectionname $ConnectionName[$i] -AllUserConnection -DestinationPrefix $Destination10}
# Set RASPhone.pbk so that the Windows credential is used to authenticate to servers.
# Important when you use Meraki cloud credentials.
(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath
# Create desktop shortcut for all users using rasphone.exe
# Provides a static box for end users to type user name/password into credentials are saveable and reusable
# Avoids Windows 10 overlay problems such as showing "Connecting..." - YOU MUST TELL USERS TO CONNECT WITH DESKTOP ICON
$IconLocation = "%SystemRoot%\System32\SHELL32.dll"
$IconArrayIndex = 18
$ShortcutFile = "$env:Public\Desktop\DMA VPN.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.TargetPath = "rasphone.exe"
#$Shortcut.Arguments = "-d `"$ConnectionName[i]`""
$ShortCut.WorkingDirectory = "$env:SystemRoot\System32\"
$Shortcut.IconLocation = "$IconLocation, $IconArrayIndex"
$Shortcut.Save()
# Prevent Windows 10 problem with NAT-Traversal (often on hotspots)
# See https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
# for more details
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent"
$Name = "AssumeUDPEncapsulationContextOnSendRule"
$value = "2"
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment