windows-vpn/README.md

Windows IPsec configurator

Script to automate VPN connection creation on Windows.

Connection can be created globally or for the current user by using the allUsers parameter, CA certificate must always be installed globally regardless of who the connection is created for.

To be able to execute the script you have to manually run the following commnand in PowerShell (as administrator).

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

To avoid DNS issues because of Windows 10 "smart multi-homed name resolution" VPN connection metric should be set to the lowest one, it is done automatically by the script but it can be done manually from:

• VPN connection > Properties > Networking > TCP/IPv4 > Properties > Advanced...
• Disable "Automatic metric" and set "Interface metric" to 1.

More info about the issue at:

• https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working

The EAP XML configuration can be generated from an existing connection using the following commands.

$conn = Get-VpnConnection -Name $vpnName
$conn.EapConfigXmlStream.InnerXml