cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Install/Configure VPN For All Users

LordNikon187
Copper Contributor

‎Feb 24 2022 08:22 AM - edited ‎Feb 25 2022 06:02 PM

‎Feb 24 2022 08:22 AM - edited ‎Feb 25 2022 06:02 PM

Install/Configure VPN For All Users

I am trying to automate the setup and configuration of the Windows VPN for all users on remote worker laptops after I have configured their azure profile on the machine. The machines are all running Windows 10 Pro version 21H2. I would like it so that I can log into the azuread admin profile on the machine, run the script and be done with it to where the users can simply click "Connect" on the VPN and it connects them. However, the problem I am running into is that, when I run the script, the VPN is installed on all user profiles, but the connection only works on the admin account. When trying to connect on a user profile, I am prompted with a window asking for username and password. Which is strange because it is being passed through by the script for the admin profile, but not the user profile. The VPN is through Meraki client VPN so I can't use any other type of auth method. The script I am running is below:

 

set-executionpolicy remotesigned

Import-Module PowerShellGet

Install-Module -Name VPNCredentialsHelper

$name = "VPN NAME"
$address = "VPN ADDRESS"
$username = "VPN USERNAME"
$plainpassword = "VPN PASSWORD"

Add-VpnConnection -Name $name -ServerAddress $address -TunnelType L2tp -AuthenticationMethod PAP -L2tpPsk "PRESHARED KEY" -Force:$true -AllUserConnection -RememberCredential:$true -SplitTunneling:$false

Set-VpnConnectionUsernamePassword -connectionname $name -username $username -password $plainpassword -domain ''

 

 

Labels:
7,293 Views
0 Likes
7 Replies
Reply
7 Replies
Harm_Veenstra

‎Feb 24 2022 09:22 AM

‎Feb 24 2022 09:22 AM

Re: Install/Configure VPN For All Users

turns out you just need to set
CacheCredentials=1
in the pbk file
"%AppData%\Microsoft\Network\Connections\Pbk\rasphone.pbk"

https://github.com/paulstancer/VPNCredentialsHelper/issues/1

Perhaps this is the case for you? You can't add the VPN connection as the user itself?
0 Likes
Reply
LordNikon187

‎Feb 24 2022 09:48 AM

‎Feb 24 2022 09:48 AM

Re: Install/Configure VPN For All Users

@Harm_Veenstra That might work, but if I can't change that value via the script then it defeats the purpose of automating everything. And no, the script doesn't pass the credentials through if you run it on the non admin profile. Even if it did though, I don't want my techs to have to switch back and forth between the admin profile and the non-admin profile. I want them to simply run everything from the admin profile and be done with it. 

0 Likes
Reply
Harm_Veenstra

‎Feb 24 2022 11:09 AM

‎Feb 24 2022 11:09 AM

Re: Install/Configure VPN For All Users

@LordNikon187 When you start rasphone.exe as admin and choose Connect, the radio-button is Me Only after using the script. Not sure how to change that in the rasphone.pbk settings by using PowerShell, the setting I mentioned was already there by default.

Harm_Veenstra_0-1645727086442.png

 

0 Likes
Reply
LordNikon187

‎Feb 24 2022 04:11 PM

‎Feb 24 2022 04:11 PM

Re: Install/Configure VPN For All Users

@Harm_Veenstra Yep, and like I said in my update to the post, after running the script, on the non admin profile, if I run a batch that calls on rasphone and also supplies the username and password, I receive an error saying the connection isn't listed in the global address book, which doesn't make any sense, because in the network settings, the connection is there and configured properly minus having to input the credentials on the first connection attempt. Even after doing so, the global address book still isn't updated with the connection so rasphone is essential broken after running my script as well. 

 

Likely what will need to happen unless someone else chimes in, is to figure out how to incorporate a line or two into my script that appends the entries in the global address book and adds the connection details for all users after it's created.

0 Likes
Reply
Harm_Veenstra

‎Feb 25 2022 12:24 AM

‎Feb 25 2022 12:24 AM

Re: Install/Configure VPN For All Users

Other possible solution would be to use Windows Authentication, your computers are Azure AD joined? You could, if you have Azure AD Domain Services, link your Meraki to that and than the users could use their Windows Credentials for logging in
0 Likes
Reply
LordNikon187

‎Feb 25 2022 09:37 AM

‎Feb 25 2022 09:37 AM

Re: Install/Configure VPN For All Users

That would work for sure, but I do not want my users responsible for starting the VPN. I need it to connect for them without any need for their input or them even knowing it's connected.
0 Likes
Reply
Harm_Veenstra

‎Feb 25 2022 09:42 AM

‎Feb 25 2022 09:42 AM

Re: Install/Configure VPN For All Users

Then you want a always on vpn.. But regarding authentication, it's single sign-on then
0 Likes
Reply