administration, powershell, security, vpn,

VPN Connection and Device Authentication

agowa338 agowa338 Feb 25, 2016 · 1 min read
Share this

Automatically establish a VPN connection if a specific application is launched. So your users cannot forget to launch it first and will not call you therefor ;-)

 Add-VpnConnection -Name VPN
  -ServerAddress -AuthenticationMethod MSChapv2 -DnsSuffix -EncryptionLevel Optional -IdleDisconnectSeconds 0 -TunnelType Pptp
  -UseWinlogonCredential Add-VpnConnectionTriggerApplication -ApplicationID
  %windir%\system32\mstsc.exe -ConnectionName VPN -Force
  Add-VpnConnectionTriggerTrustedNetwork -ConnectionName VPN -DnsSuffix -Force 

The Example uses pptp seriously you should not use pptp today. Encryption should be set to Required as a bare minimum, Maximum is recommended. The username and password used for authentication are those of the actually logged on user "UseWinlogonCredential". If you try to implement a Machine based authentication instead of a user one, you have to use IkeV2 (TunnelType) with MachineCertificate (AuthenticationMethod) and also the option "AllUserConnection" should be checked. May you also want to add "LogonUI.exe" as a trigger application, so your logon scripts can run (if the user has internet connection at this point, many network cards need some time to wake up, keep this in mind)

Written by agowa338