# PowerShell script to add a PPTP dialin VPN for Connexeon - run this script from an **elevated PowerShell** prompt. # # - for all users: so create once for all local users # - tries to use AD credential of the logged in user, no more re-typing the same login # - uses a hostname so it'll be a lot easier to migrate the VPN server in the future, no reconfig on the clients required # First ensuring we're running elevated because this is required to succesfully create the VPN. # The script wil exit without trying to proceed if it's not possible to elevate. param([switch]$Elevated) function Check-Admin { $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) } if ((Check-Admin) -eq $false) { if ($elevated) { # Could not elevate, quit } else { Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition)) } exit } # If we reach this, we are running elevated. # The actual magic starts here. # If a VPN connection exist with the same name, we will first remove the old one, so the script can proceed without throwing errors $vpnConnections = Get-VpnConnection -AllUserConnection if($vpnConnections.Name -eq "VPN Connexeon") { Remove-VpnConnection -Name "VPN Connexeon" -AllUserConnection -Force } # Also removing user specific VPN connection with the same name as the one we're trying to create. $vpnConnections = Get-VpnConnection if($vpnConnections.Name -eq "VPN Connexeon") { Remove-VpnConnection -Name "VPN Connexeon" -Force } # Adding all user VPN, requiring encryption doesn't prompt for credentials and tries currently logged in user first. Add-VpnConnection -Name "VPN Connexeon" -ServerAddress "vpn.connexeon.com" -TunnelType Pptp -EncryptionLevel Required -AuthenticationMethod MSChapv2 -AllUserConnection -RememberCredential -PassThru -UseWinlogonCredential # Split tunneling for a local internet breakout - this will prevent Internet traffic being tunneled. # This is more performant and keeps clear from possible config issues when terminating the internet connection on the VPN server. Set-VpnConnection "VPN Connexeon" -AllUserConnection -SplitTunneling $True # Adding internal prefixes to be tunneled Add-VpnConnectionRoute -ConnectionName "VPN Connexeon" -DestinationPrefix 10.0.0.0/12 -PassThru Add-VpnConnectionRoute -ConnectionName "VPN Connexeon" -DestinationPrefix 10.111.0.0/16 -PassThru Add-VpnConnectionRoute -ConnectionName "VPN Connexeon" -DestinationPrefix 10.50.0.0/16 -PassThru