From hava, 5 Years ago, written in PowerShell.
This paste is a reply to create-xaurum-vpn.ps1 from hava - view diff
Embed
  1. # PowerShell script to add a PPTP dialin VPN for Xaurum - run this script from an **elevated PowerShell** prompt.
  2. #
  3. #  - for all users: so create once for all local users
  4. #  - tries to use AD credential of the logged in user, no more re-typing the same login
  5. #  - uses a hostname so it'll be a lot easier to migrate the VPN server in the future, no reconfig on the clients  required
  6.  
  7. # First ensuring we're running elevated because this is required to succesfully create the VPN.
  8. # The script wil exit without trying to proceed if it's not possible to elevate.
  9. param([switch]$Elevated)
  10. function Check-Admin {
  11.   $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
  12.   $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
  13. }
  14. if ((Check-Admin) -eq $false)  {
  15.   if ($elevated)
  16.   {
  17.     # Could not elevate, quit
  18.   }
  19.   else {
  20.     Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
  21.   }
  22.   exit
  23. }
  24.  
  25. # If we reach this, we are running elevated.
  26. # The actual magic starts here.
  27.  
  28. # If a VPN connection exist with the same name, we will first remove the old one, so the script can proceed without throwing errors
  29. $vpnConnections = Get-VpnConnection -AllUserConnection
  30. if($vpnConnections.Name -eq "VPN Xaurum")
  31. {
  32.   Remove-VpnConnection -Name "VPN Xaurum" -AllUserConnection -Force
  33. }
  34.  
  35. # Also removing user specific VPN connection with the same name as the one we're trying to create.
  36. $vpnConnections = Get-VpnConnection
  37. if($vpnConnections.Name -eq "VPN Xaurum")
  38. {
  39.   Remove-VpnConnection -Name "VPN Xaurum" -Force
  40. }
  41.  
  42. # Adding all user VPN, requiring encryption doesn't prompt for credentials and tries currently logged in user first.
  43. Add-VpnConnection -Name "VPN Xaurum" -ServerAddress "vpn.xaurum.nl" -TunnelType Pptp -EncryptionLevel Required -AuthenticationMethod MSChapv2 -AllUserConnection -RememberCredential -PassThru -UseWinlogonCredential
  44.  
  45. # Split tunneling for a local internet breakout - this will prevent Internet traffic being tunneled.
  46. # This is more performant and keeps clear from possible config issues when terminating the internet connection on the VPN server.
  47. Set-VpnConnection "VPN Xaurum" -AllUserConnection -SplitTunneling $True
  48.  
  49. # Adding Xaurum internal prefix - may be redundant but doesnt hurt either
  50. Add-VpnConnectionRoute -ConnectionName "VPN Xaurum" -DestinationPrefix 10.0.100.0/24 -PassThru
  51.  
  52. # Adding Xaurum BE internal prefix so it will tunnel this destination regardless of the routing table provided by the VPN ServerAddress
  53. Add-VpnConnectionRoute -ConnectionName "VPN Xaurum" -DestinationPrefix 10.0.103.0/24 -PassThru
  54.