Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / PowerShell / Manage VPN Connections with PowerShell in Windows

September 20, 2022

Manage VPN Connections with PowerShell in Windows

In the Windows 10/11 GUI, only the lightweight interface for configuring VPN connections is available, which does not allow you to configure some VPN settings. You can use both the classic VPN connection settings interface in the Control Panel and the modern network configuration app in the Settings panel (the ms-settings:network-vpn URI command for quick access settings) to set up your VPN connection settings. In this post, we will take a look at how to manage VPN connections in Windows using PowerShell: how to create/change/remove a VPN connection and connect to/disconnect from a VPN server.

Add VPN connection via Setting app in Windows 10 or 11

In order to create a new VPN connection in Windows, use the Add-VpnConnection cmdlet. In the simplest case, you need to enter a connection name and VPN server address.

Add-VpnConnection -Name VPNname1 -ServerAddress "vpn.woshub.com” -PassThru

To configure custom settings for a VPN connection, use the following options (the most popular ones):

  • TunnelType –VPN tunnel type. The following types are available:
    • Automatic – Windows tries to detect a VPN tunnel type itself
    • IKEv2 — Internet Key Exchange
    • PPTP – Point to Point Tunneling Protocol
    • L2TP – Layer 2 Tunneling Protocol /IPsec with a certificate or a Pre-shared key
    • SSTP – Secure Socket Tunneling Protocol
  • L2TPPsk —pre-shared key for authentication (L2TP only). If the option is not set, a certificate is used for the L2TP authentication
  • AuthenticationMethod – an authentication type. You can use: Pap, Chap, MSChapv2, Eap, MachineCertificate
  • EncryptionLevel – encryption settings ( NoEncryption, Optional, Required, Maximum, Custom )
  • SplitTunneling – sets whether all traffic of a computer must be sent through the VPN tunnel (like Use default gateway on remote network option in the VPN adapter settings)
  • UseWinlogonCredential –use current user credentials to authenticate on a VPN server
  • AllUserConnection – allows using VPN connection for all computer users
  • RememberCredential –allows using saved VPN credentials (a user name and a password are saved in Windows Credential Manager after the first successful connection)
  • PassThru – allows displaying a command output (it is recommended to use for all commands)

Here are some examples of PowerShell commands to create different types of VPN connections.

  • L2TP/IPsec:
    Add-VpnConnection -Name "VPN_L2TP" -ServerAddress "vpn.woshub.com" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -UseWinlogonCredential -RememberCredential -AllUserConnection –PassThru
  • PPTP: Add-VpnConnection -Name "VPN_PPTP" -ServerAddress "vpn.woshub.com" TunnelType "PPTP" -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -SplitTunneling -PassThru
  • SSTP: first of all, you need to import a root CA of a VPN server to the computer certificate store and use the FQDN of the VPN server specified in the certificate (CN — Common Name, or Subject Alternative Name) as its address:
    Add-VpnConnection -Name "VPN_SSTP" -ServerAddress "vpn.woshub.com" -TunnelType "SSTP" -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -SplitTunneling -PassThru
    When using self-signed certificates, you can add multiple names (SAN) to a certificate using PowerShell.
  • IKEv2: you must first import the root CA to Windows trusted root certificate store, and import the computer certificate to the personal certificate store:
    Import-PfxCertificate -FilePath $comp_certificate -CertStoreLocation Cert:\LocalMachine\My\ -Password $password
    Import-Certificate -FilePath $ca_cert -CertStoreLocation Cert:\LocalMachine\Root\
    Add-VpnConnection -Name "VPN_IKEv2" -ServerAddress "vpn.woshub.com" -TunnelType Ikev2 -EncryptionLevel "Maximum" -AuthenticationMethod MachineCertificate -SplitTunneling $True -PassThru

Add-VpnConnection: create VPN connection with PowerShell

VPN connections available to all users (created using the AllUserConnection option) are displayed in the Network Center with System as an Owner. The user’s connection will have domain\username listed here.

list of network connections in windows

Shared VPN connections are saved to a text file: %ProgramData%\Microsoft\Network\connections\Pbk\rasphone.pbk.

rasphone.pbk file contains vpn connection settings

To change the settings of an existing VPN connection, use the Set-VpnConnection command:

Set-VpnConnection -Name "VPN_SSTP" –splittunneling $false –PassThru

If you want to change IPsec options for an existing VPN connection, use the Set-VpnConnectionIpsecConfiguration cmdlet (for IKEv2 or L2TP VPN only):

Set-VpnConnectionIPsecConfiguration -ConnectionName "VPN_IKEv2" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup Group14 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 –PassThru

You can use the VPNCredentialsHelper module to save credentials for a VPN connection.

Install the module on your computer from the PowerShell Gallery (you can also install a PowerShell module offline):

Install-Module -Name VPNCredentialsHelper

Then you will be able to save a user name and a password for your VPN connection in Windows Credential Manager:

$user = "vpn_username1"
$plainpass = "vpn_password1"
Set-VpnConnectionUsernamePassword -connectionname "VPN_SSTP" -username $user -password $plainpass

In modern Windows versions, you can dynamically add static routes to the routing table when you connect to a VPN.

Add-VpnConnectionRoute -ConnectionName "VPN" -DestinationPrefix 192.168.31.0/24 –PassThru

The route will be enabled only after a successful connection to a VPN server.

To display a list of all VPN connections available to a user:

Get-VpnConnection

To remove a VPN connection:

Remove-VpnConnection -Name "VPN_SSTP"

To connect to a VPN server using a VPN profile configured earlier:

rasdial "VPN_SSTP"

rasdial - connect vpn from command prompt

To get statuses of all VPN connections:

Get-Vpnconnection | Select Name, Connectionstatus

Get-Vpnconnection - list VPN connection statuses in Windows

Here are some useful articles to solve typical issues with VPN connections in Windows:

  • VPN error: You might need to change network settings
  • No Internet access when VPN is active
  • Can’t Connect to L2TP/IPsec Server Behind NAT-T Device
  • Windows DNS resolution via VPN connection not working

0 comment
3
Facebook Twitter Google + Pinterest
PowerShellWindows 10Windows 11
previous post
Install Windows Subsystem for Linux (WSL 2) on Windows 10/11
next post
Enable Two-Factor Authentication (2FA) in Windows with MultiOTP

Related Reading

Fix: Remote Desktop Licensing Mode is not Configured

August 24, 2023

Wi-Fi (Internet) Disconnects After Sleep or Hibernation on...

March 15, 2024

How to Install Remote Server Administration Tools (RSAT)...

March 17, 2024

How to Find the Source of Account Lockouts...

March 12, 2024

How to Delete Old User Profiles in Windows

March 15, 2024

Managing Windows Firewall Rules with PowerShell

March 11, 2024

Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)

March 17, 2024

Start Menu or Taskbar Search Not Working in...

April 22, 2025

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • Fix: Remote Desktop Licensing Mode is not Configured
  • How to Delete Old User Profiles in Windows
  • Configuring Port Forwarding in Windows
  • How to Install Remote Server Administration Tools (RSAT) on Windows
  • Start Menu or Taskbar Search Not Working in Windows 10/11
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top