98 lines
2.2 KiB
PowerShell
98 lines
2.2 KiB
PowerShell
# Basic configuration
|
|
|
|
$vpnName = "Verdnatura"
|
|
$vpnHost = "vpn.verdnatura.es"
|
|
$vpnSuffix = "verdnatura.es"
|
|
|
|
# Advanced configuration
|
|
|
|
$vpnSplit = $true
|
|
$vpnNetworks = @("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")
|
|
$vpnCaUrl = "https://cdn.verdnatura.es/public/verdnatura.der"
|
|
$caHash = "028a316a3072f402c10fd7699cb061c93cc5cb15"
|
|
|
|
# Scripting
|
|
|
|
$restorePowerShellPolicy = $false
|
|
$ErrorActionPreference = "Inquire"
|
|
|
|
$hasCa = Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq $caHash}
|
|
|
|
if (!$hasCa) {
|
|
Echo "Downloading and installing CA certificate."
|
|
|
|
$caFile = "$env:TEMP\$caHash.der"
|
|
|
|
Invoke-WebRequest $vpnCaUrl `
|
|
-OutFile $caFile
|
|
|
|
Import-Certificate `
|
|
-FilePath $caFile `
|
|
-CertStoreLocation Cert:\LocalMachine\Root `
|
|
| Out-Null
|
|
|
|
Remove-Item $caFile
|
|
}
|
|
|
|
Echo "Creating the VPN connection."
|
|
|
|
Try {
|
|
Remove-VpnConnection `
|
|
-Name $vpnName `
|
|
-AllUserConnection `
|
|
-Force `
|
|
-ErrorAction Stop
|
|
} Catch {
|
|
If ($_.Exception.StatusCode -eq 1) {
|
|
Throw "Connection '$vpnName' is open, close it before running the script."
|
|
}
|
|
}
|
|
|
|
Add-VpnConnection `
|
|
-Name $vpnName `
|
|
-AllUserConnection `
|
|
-ServerAddress $vpnHost `
|
|
-TunnelType Ikev2 `
|
|
-EncryptionLevel Required `
|
|
-AuthenticationMethod MSChapv2 `
|
|
-DnsSuffix $vpnSuffix `
|
|
-RememberCredential
|
|
|
|
New-ItemProperty `
|
|
-Path "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Parameters" `
|
|
-Name "NegotiateDH2048_AES256" `
|
|
-PropertyType DWord `
|
|
-Value 1 `
|
|
-ErrorAction SilentlyContinue `
|
|
| Out-Null
|
|
|
|
if ($vpnSplit) {
|
|
Echo "Enabling split tunneling."
|
|
|
|
Set-VpnConnection `
|
|
-Name $vpnName `
|
|
-AllUserConnection `
|
|
-SplitTunneling $true
|
|
|
|
Echo "Adding routes for VPN networks."
|
|
|
|
foreach ($vnNetwork in $vpnNetworks) {
|
|
Echo " - $vnNetwork"
|
|
Add-VpnConnectionRoute `
|
|
-ConnectionName $vpnName `
|
|
-AllUserConnection `
|
|
-DestinationPrefix $vnNetwork `
|
|
-RouteMetric 5
|
|
}
|
|
}
|
|
|
|
if ($restorePowerShellPolicy) {
|
|
Echo "Restoring PowerShell default policy."
|
|
|
|
Set-ExecutionPolicy `
|
|
-ExecutionPolicy Undefined `
|
|
-Scope LocalMachine
|
|
}
|
|
|
|
Echo "Connection created successfully."
|