Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / PowerShell / Manage VPN Connections with PowerShell in Windows

September 20, 2022 PowerShellWindows 10Windows 11

Manage VPN Connections with PowerShell in Windows

In the Windows 10/11 GUI, only the lightweight interface for configuring VPN connections is available, which does not allow you to configure some VPN settings. You can use both the classic VPN connection settings interface in the Control Panel and the modern network configuration app in the Settings panel (the ms-settings:network-vpn URI command for quick access settings) to set up your VPN connection settings. In this post, we will take a look at how to manage VPN connections in Windows using PowerShell: how to create/change/remove a VPN connection and connect to/disconnect from a VPN server.

Add VPN connection via Setting app in Windows 10 or 11

In order to create a new VPN connection in Windows, use the Add-VpnConnection cmdlet. In the simplest case, you need to enter a connection name and VPN server address.

Add-VpnConnection -Name VPNname1 -ServerAddress "vpn.woshub.com” -PassThru

To configure custom settings for a VPN connection, use the following options (the most popular ones):

  • TunnelType –VPN tunnel type. The following types are available:
    • Automatic – Windows tries to detect a VPN tunnel type itself
    • IKEv2 — Internet Key Exchange
    • PPTP – Point to Point Tunneling Protocol
    • L2TP – Layer 2 Tunneling Protocol /IPsec with a certificate or a Pre-shared key
    • SSTP – Secure Socket Tunneling Protocol
  • L2TPPsk —pre-shared key for authentication (L2TP only). If the option is not set, a certificate is used for the L2TP authentication
  • AuthenticationMethod – an authentication type. You can use: Pap, Chap, MSChapv2, Eap, MachineCertificate
  • EncryptionLevel – encryption settings ( NoEncryption, Optional, Required, Maximum, Custom )
  • SplitTunneling – sets whether all traffic of a computer must be sent through the VPN tunnel (like Use default gateway on remote network option in the VPN adapter settings)
  • UseWinlogonCredential –use current user credentials to authenticate on a VPN server
  • AllUserConnection – allows using VPN connection for all computer users
  • RememberCredential –allows using saved VPN credentials (a user name and a password are saved in Windows Credential Manager after the first successful connection)
  • PassThru – allows displaying a command output (it is recommended to use for all commands)

Here are some examples of PowerShell commands to create different types of VPN connections.

  • L2TP/IPsec:
    Add-VpnConnection -Name "VPN_L2TP" -ServerAddress "vpn.woshub.com" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -UseWinlogonCredential -RememberCredential -AllUserConnection –PassThru
  • PPTP: Add-VpnConnection -Name "VPN_PPTP" -ServerAddress "vpn.woshub.com" TunnelType "PPTP" -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -SplitTunneling -PassThru
  • SSTP: first of all, you need to import a root CA of a VPN server to the computer certificate store and use the FQDN of the VPN server specified in the certificate (CN — Common Name, or Subject Alternative Name) as its address:
    Add-VpnConnection -Name "VPN_SSTP" -ServerAddress "vpn.woshub.com" -TunnelType "SSTP" -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -SplitTunneling -PassThru
    When using self-signed certificates, you can add multiple names (SAN) to a certificate using PowerShell.
  • IKEv2: you must first import the root CA to Windows trusted root certificate store, and import the computer certificate to the personal certificate store:
    Import-PfxCertificate -FilePath $comp_certificate -CertStoreLocation Cert:\LocalMachine\My\ -Password $password
    Import-Certificate -FilePath $ca_cert -CertStoreLocation Cert:\LocalMachine\Root\
    Add-VpnConnection -Name "VPN_IKEv2" -ServerAddress "vpn.woshub.com" -TunnelType Ikev2 -EncryptionLevel "Maximum" -AuthenticationMethod MachineCertificate -SplitTunneling $True -PassThru

Add-VpnConnection: create VPN connection with PowerShell

VPN connections available to all users (created using the AllUserConnection option) are displayed in the Network Center with System as an Owner. The user’s connection will have domain\username listed here.

list of network connections in windows

Shared VPN connections are saved to a text file: %ProgramData%\Microsoft\Network\connections\Pbk\rasphone.pbk.

rasphone.pbk file contains vpn connection settings

To change the settings of an existing VPN connection, use the Set-VpnConnection command:

Set-VpnConnection -Name "VPN_SSTP" –splittunneling $false –PassThru

If you want to change IPsec options for an existing VPN connection, use the Set-VpnConnectionIpsecConfiguration cmdlet (for IKEv2 or L2TP VPN only):

Set-VpnConnectionIPsecConfiguration -ConnectionName "VPN_IKEv2" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup Group14 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 –PassThru

You can use the VPNCredentialsHelper module to save credentials for a VPN connection.

Install the module on your computer from the PowerShell Gallery (you can also install a PowerShell module offline):

Install-Module -Name VPNCredentialsHelper

Then you will be able to save a user name and a password for your VPN connection in Windows Credential Manager:

$user = "vpn_username1"
$plainpass = "vpn_password1"
Set-VpnConnectionUsernamePassword -connectionname "VPN_SSTP" -username $user -password $plainpass

In modern Windows versions, you can dynamically add static routes to the routing table when you connect to a VPN.

Add-VpnConnectionRoute -ConnectionName "VPN" -DestinationPrefix 192.168.31.0/24 –PassThru

The route will be enabled only after a successful connection to a VPN server.

To display a list of all VPN connections available to a user:

Get-VpnConnection

To remove a VPN connection:

Remove-VpnConnection -Name "VPN_SSTP"

To connect to a VPN server using a VPN profile configured earlier:

rasdial "VPN_SSTP"

rasdial - connect vpn from command prompt

To get statuses of all VPN connections:

Get-Vpnconnection | Select Name, Connectionstatus

Get-Vpnconnection - list VPN connection statuses in Windows

Here are some useful articles to solve typical issues with VPN connections in Windows:

  • VPN error: You might need to change network settings
  • No Internet access when VPN is active
  • Can’t Connect to L2TP/IPsec Server Behind NAT-T Device
  • Windows DNS resolution via VPN connection not working

0 comment
2
Facebook Twitter Google + Pinterest
previous post
Install Windows Subsystem for Linux (WSL 2) on Windows 10/11
next post
Enable Two-Factor Authentication (2FA) in Windows with MultiOTP

Related Reading

Configure User’s Folder Redirection with Group Policy

February 3, 2023

Disable Built-in PDF Viewer in Microsoft Edge

February 3, 2023

Join a Windows Computer to an Active Directory...

February 2, 2023

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configure User’s Folder Redirection with Group Policy

    February 3, 2023
  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Configuring Port Forwarding in Windows
  • Installing RSAT Administration Tools on Windows 10 and 11
  • Manage Windows Updates with PSWindowsUpdate PowerShell Module
  • Start Menu or Taskbar Search Not Working in Windows 10/11
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • How to Hide Installed Programs in Windows 10 and 11?
  • Adding Drivers into VMWare ESXi Installation Image
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top