refs #8159 Change authentication method to MSCHAPv2

windows-vpn.ps1

@@ -10,32 +10,6 @@ $vpnSplit = $true
 $vpnNetworks = @("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")
 $vpnCaUrl = "https://cdn.verdnatura.es/public/verdnatura.der"
 $caHash = "028a316a3072f402c10fd7699cb061c93cc5cb15"
-$eapConfig =
-@"
-<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-    <EapMethod>
-        <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type>
-        <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
-        <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
-        <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId>
-    </EapMethod>
-    <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-        <EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1">
-            <ServerValidation>
-                <ServerNames></ServerNames>
-                <TrustedRootCAHash>2 8a 31 6a 30 72 f4 2 c1 f d7 69 9c b0 61 c9 3c c5 cb 15</TrustedRootCAHash>
-                <DisablePrompt>false</DisablePrompt>
-            </ServerValidation>
-            <Phase2Authentication>
-                <PAPAuthentication/>
-            </Phase2Authentication>
-            <Phase1Identity>
-                <IdentityPrivacy>false</IdentityPrivacy>
-            </Phase1Identity>
-        </EapTtls>
-    </Config>
-</EapHostConfig>
-"@
 
 # Scripting
 
@@ -74,17 +48,13 @@ Try {
     }
 }
 
-$eapXml = New-Object -TypeName System.Xml.XmlDocument
-$eapXml.LoadXml($eapConfig)
-
 Add-VpnConnection `
     -Name $vpnName `
     -AllUserConnection `
     -ServerAddress $vpnHost `
     -TunnelType Ikev2 `
     -EncryptionLevel Required `
-    -AuthenticationMethod Eap `
-    -EapConfigXmlStream $eapXml `
+    -AuthenticationMethod MSChapv2 `
     -DnsSuffix $vpnSuffix `
     -RememberCredential