How to deploy a Windows 10 VPN Profile? Meraki Client VPN (L2TP+PSK)

Brass Contributor

Has anyone configured a Windows 10 Configuration Profile successfully? Is there a way to do it for Meraki Client VPN solutions that use L2TP+PSK or do I have to use a certificate? The documentation on this issue appears a bit vague.

 

Thanks!

9 Replies

I have the same question, so will be interested to see reply.

 

This Meraki article shows how to configure a VPN profile on Windows 10...

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10

but this uses L2TP with PSK.

 

Intune Device Configuration policies support VPN settings with L2TP and a certificate (but not with a Pre-Shared Key).

If I could work out how to use an authentication certificate, then that would be the better option.

 

This MS article describes how to use EAP and output the necessary XML for Intune, but I can't seem to link this to Meraki MX firewalls...

https://docs.microsoft.com/en-us/windows/client-management/mdm/eap-configuration

 

Has anyone got the final piece of this jigsaw puzzle?

 

Thanks.

@Martin Norfolk I haven't gotten any traction with this other than finding CMAK (Connection Manager Administrator Kit), the feature/role you can install on Windows Server to create a connection and then distribute to your end users.

 

https://newhelptech.wordpress.com/2017/07/12/step-by-step-how-to-create-connection-manager-administr...

 

 

Try editing the VPN network connection settings in the old windows interface and disable IPv6 @symm_adrian 

Please let me know if you have solved this issues I have the same issues with L2TP and PreSHared kep@symm_adrian 

has anyone come up with any idea? I have a similar problem. 

@ashokdangol  I’m still looking, nothing yet from my side hopefully some can help us.

@Pernille-Eskebo @symm_adrian 

Hi Symm_Adrian,
If you are trying to connect your Win10 devices with authentication on CISCO infra e.g. WiFi, LAN or VPN or with 802.1x authentication, then it is possible using certificates. You need to deploy custom XML profiles.

@somesh_pathak we have ubiquiti router which only allow L2TP psk VPN. Can I ask if you have any idea to create EAP XML with L2tp PSK? I think we should ask for feature request. :) 

 

@ashokdangol We faced the same issue with connecting AO VPN with L2TP on AO VPN on AAD & Hybrid AAD join device and worked with MS for months and eventually concluded that L2TP will not work in these scenarios. However, we were able to achieve it using custom PS scripts. We created two adapters for the device tunnel & user tunnel. These scripts can be packaged as a win32 packages or can be transformed into XML for Intune VPN profile. You can refer to the excellent script from Richard Hicks to create your own custom XML - aovpn/ProfileXML_Device.xml at master · richardhicks/aovpn (github.com)

 

Deploy these PS manually on a test machine in the system context and then export the eap XML, which you can later import in Intune. Hope this helps.:smiling_face_with_smiling_eyes: