Meraki VPN L2TP with Preshared key via Intune
Hey everyone, I'm trying to deploy Meraki VPN L2TP with Preshared key via Intune. I have previously tried to deploy the rasphone.pbk file using PS Script to "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk". The file was deployed successfully but Preshared key is not being copied. The next method I used was to create a VPN profile using PS script. I used the script below but EncryptionLevel Optional is being returned as error. # Add the VPN connection Add-VpnConnection ` -Name "MY VPN" ` -ServerAddress "myvpn.com" ` -TunnelType L2tp ` -L2tpPsk "myPSK" ` -AuthenticationMethod Pap ` -EncryptionLevel Optional ` -Force ` -AllUserConnection $True # Path to the rasphone.pbk file for all user connections $pbkPath = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk" # Ensure the file exists if (Test-Path -Path $pbkPath) { # Read the contents of the file $pbkContent = Get-Content -Path $pbkPath -Raw # Modify the contents to enforce PAP (128) and require username and password $pbkContent = $pbkContent -replace "(?msi)^(\[$([regex]::Escape("MY VPN"))\].*?^Authentication=).*$", '${1}128' # Write the modified contents back to the file $pbkContent | Set-Content -Path $pbkPath } else { Write-Error "The rasphone.pbk file does not exist at the specified path: $pbkPath" } Error: WARNING: The currently selected encryption level requires EAP or MS-CHAPv2 logon security methods. Data encryption will not occur for Pap or Chap. The requirements are to use PAP and rasphone.pbk should be created under "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk" and preshared key should be copied. So that I can connect to VPN settings via taskbar bottom right by entering username and password. Can someone assist to modify the script or provide any alternate solution?
Looking for assistance with NPS cert based Wifi for Macs and PCs
So we have a somewhat unique situation that I am trying to figure out any solution that works.. We are currently using Meraki hardware for our wireless system and we have a directive from management to work to integrate out various systems so that we can deploy a company-wide wireless network(s) that used cert based authentication instead of the current username/password that times out every couple weeks. For further context, we have windows based servers with a local AD domain synced to Office 365. We are also using one of our DCs as a CA, but it is not being used for anything. We have several NPS servers setup and we can get our windows, domain joined machines to work fairly well on the Meraki System. The problem comes in with our Mac users. Our AD domain was setup moons ago when using a .int TLD for the domain name along with other best practice issues that would be too disruptive to properly fix. As of now, we can't get our Mac machines to properly authenticate or trust the Wi-Fi networks when we use the NPS profiles/certs. We did recently get invested in a PKI system through digicert that we are currently using for our Client VPN and have been trying to use auto-enrolled certs from that, but similarly to no avail. The final nail in the coffin is that we are under a budget crunch, so investing in something like JumpCloud or some other online hosted RADIUS service is not happening anytime soon. I have looked at the documentation for Setting up 802.1x and we can do user authentication fairly well, but we have been instructed to get machine/certificate based authentication working. Long story short, what I am hoping to find is an article or video or something that discusses setting up windows NPS to interact with Meraki SSIDs so that both domain joined PCs and non-domain joined Macs can use one or more SSIDs to do cert based authentication.