refs #8159 User connection, metric via script, MSCHAPv2 #1

juan merged 1 commits from juan-patch-1 into master 2024-11-12 16:30:39 +00:00
1 changed files with 51 additions and 30 deletions

View File

@ -5,7 +5,7 @@ param (
# Advanced configuration
$vpnHost = "",
$vpnHost = ""
$vpnSuffix = ""
$vpnSplit = $true
$vpnNetworks = @("", "", "")
@ -44,29 +44,46 @@ if (!$hasCa) {
Echo "Creating the VPN connection."
Try {
Remove-VpnConnection `
-Name $vpnName `
-AllUserConnection $allUsers `
-Force `
-ErrorAction Stop
} Catch {
If ($_.Exception.StatusCode -eq 1) {
Throw "Connection '$vpnName' is open, close it before running the script."
} else {
try {
$args = @{
Name = $vpnName
Force = $true
ErrorAction = "Stop"
AllUserConnection = $allUsers
Remove-VpnConnection @args
} catch {
if ($_.Exception.StatusCode -eq 1) {
throw "Connection '$vpnName' is open, close it before running the script."
} elseif ($_.Exception.StatusCode -ne 6) {
Add-VpnConnection `
-Name $vpnName `
-AllUserConnection $allUsers `
-ServerAddress $vpnHost `
-TunnelType Ikev2 `
-EncryptionLevel Required `
-AuthenticationMethod Eap `
-DnsSuffix $vpnSuffix `
$args = @{
Name = $vpnName
ServerAddress = $vpnHost
TunnelType = "Ikev2"
EncryptionLevel = "Required"
AuthenticationMethod = "Eap"
DnsSuffix = $vpnSuffix
RememberCredential = $true
AllUserConnection = $allUsers
Add-VpnConnection @args
$rasphoneRelPath = "Microsoft\Network\Connections\Pbk\rasphone.pbk"
if ($allUsers) {
$rasphonePath = "$env:ProgramData\$rasphoneRelPath"
} else {
$rasphonePath = "$env:AppData\$rasphoneRelPath"
$rasphone = Get-Content $rasphonePath -Raw
$regex = "^([\s\S]*\[${vpnName}\][\s\S]*IpInterfaceMetric=)(\d+)([\s\S]*)$"
$match = [Regex]::Match($rasphone, $regex)
$rasphone = $match.Groups[1].Value + '1' + $match.Groups[3].Value
$rasphone | Set-Content $rasphonePath
New-ItemProperty `
-Path "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Parameters" `
@ -79,20 +96,24 @@ New-ItemProperty `
if ($vpnSplit) {
Echo "Enabling split tunneling."
Set-VpnConnection `
-Name $vpnName `
-AllUserConnection `
-SplitTunneling $true
$args = @{
Name = $vpnName
SplitTunneling = $true
AllUserConnection = $allUsers
Set-VpnConnection @args
Echo "Adding routes for VPN networks."
foreach ($vnNetwork in $vpnNetworks) {
Echo " - $vnNetwork"
Add-VpnConnectionRoute `
-ConnectionName $vpnName `
-AllUserConnection `
-DestinationPrefix $vnNetwork `
-RouteMetric 5
$args = @{
ConnectionName = $vpnName
DestinationPrefix = $vnNetwork
RouteMetric = 5
AllUserConnection = $allUsers
Add-VpnConnectionRoute @args