33 lines
1.1 KiB
Markdown
33 lines
1.1 KiB
Markdown
# Windows IPsec configurator
|
|
|
|
Script to automate VPN connection creation on Windows.
|
|
|
|
Connection can be created globally or for the current user by using the
|
|
*allUsers* parameter, CA certificate must always be installed globally
|
|
regardless of who the connection is created for.
|
|
|
|
To be able to execute the script you have to manually run the following
|
|
commnand in PowerShell (as administrator).
|
|
|
|
```
|
|
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
|
|
```
|
|
|
|
To avoid DNS issues because of Windows 10 "smart multi-homed name resolution"
|
|
VPN connection metric should be set to the lowest one, it is done automatically
|
|
by the script but it can be done manually from:
|
|
|
|
- VPN connection > Properties > Networking > TCP/IPv4 > Properties > Advanced...
|
|
- Disable "Automatic metric" and set "Interface metric" to 1.
|
|
|
|
More info about the issue at:
|
|
|
|
- https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working
|
|
|
|
The EAP XML configuration can be generated from an existing connection using
|
|
the following commands.
|
|
|
|
```
|
|
$conn = Get-VpnConnection -Name $vpnName
|
|
$conn.EapConfigXmlStream.InnerXml
|
|
``` |