Cisco does a great job with their documentation but unfortunately they didn’t do so well with explaining how to configure their VPN connection for medium to large scale companies. Their documentation only explains how to configure the connection manually, so I decided to use my Powershell skills to write up something really quick. Luckily for us, this task is extremely simple with Powershell.
The following script will automatically configure your Meraki VPN connection on Windows 10:
$ServerAddress = "VPN SERVER ADDRESS" $ConnectionName = "VPN CONNECTION NAME" $PresharedKey = "YOUR PRESHARED KEY" Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -Force
This script can be deployed using GPO, your existing system management system or even added to your images with MDT or SCCM.
I hope this helps someone out!
matt
glad i found this – when i try to run the PS Script is states access denied…
matt
glad i found this – when i try to run the PS Script is states access denied…anything i can do to try and get it to run?
Jose Espitia
Did you elevate the Powershell script? If not, try running the script as an Administrator.
Let me know if that works for you!
Erik Martens
Hi Jose,
Having an issue with this on windows 10. It is setting the sign-in info as general authentication method instead of username and password and it is not allowing us to edit the connection. Any thoughts?
https://www.screencast.com/t/s3Q0XehRnPNB
Thanks!
Jose Espitia
Hi Erik, which version of Windows 10 are you using (1511, 1607, etc)?
Jose Espitia
Also have you tried connecting? It should prompt you for your username and password.
To edit the connection go to the following directory:
Control Panel\All Control Panel Items\Network Connections
John
Does this work for windows 7? I can get it to work for 10 but not 7
Jose Espitia
Hey John, unfortunately the VPN CMDLET’s are not available for Windows 7. You can possibly get away with manually configuring your VPN connection on a computer, copying the PBK file (%userprofile%\AppData\Roaming\Microsoft\Network\Connections\PBK) and then distribute the file to everyone.
Let me know if that works!
Sam
Hi
I tried this.. coping file to another PC and its not working.
Timing out on connecting to server.
Please help !!
Thanks
Paul Youngberg
Lifesaver, thanks!
Jose Espitia
I’m glad that I was able to help!
Adam
Bruh! You are awesome! Thanks so much for this.
Jose Espitia
No problem Adam!
Ron Hedtke
How can you get this to remember the username and password?
Jose Espitia
Ron, you can add the -RememberCredential parameter in the command.
Shawn
Hi,
How do you force data encryption (under security tab) to require encryption? The script seems to default to optional encryption which doesn’t allow our users to connect.
Jose Espitia
Shawn, you can try adding -EncryptionLevel Required to the command. See example below:
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -EncryptionLevel Required -ForceMichael Martin
I have been unsuccessful using Pap & Required encryption. Any tips on that?
Jose Espitia
Michael,
Try running the following script:
$ServerAddress = "VPN SERVER ADDRESS"$ConnectionName = "VPN CONNECTION NAME"
$PresharedKey = "YOUR PRESHARED KEY"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -EncryptionLevel Required -Force
RJ Jhattu
Below is error I get when trying to run the script. I am on Win10 2004.
Add-VpnConnection : The current encryption selection requires EAP or MS-CHAPv2 logon security methods. PAP and CHAP do not support Encryption settings ‘Required’ or ‘Maximum’. : The parameter is incorrect.
At line:4 char:1
+ Add-VpnConnection -Name “$ConnectionName” -ServerAddress “$ServerAddr …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (AuthenticationMethod:root/Microsoft/…S_VpnConnection) [Add-VpnConnection], CimException
+ FullyQualifiedErrorId : WIN32 87,Add-VpnConnection
Thany Sounthala
The last line will update the ras.pbk file to set the Meraki requirement to the Data Encryption to “Require encryption (disconnect if server declines)”
$ServerAddress = “VPN SERVER ADDRESS”
$ConnectionName = “VPN CONNECTION NAME”
$PresharedKey = “PRESHARED KEY”
Add-VpnConnection -Name “$ConnectionName” -ServerAddress “$ServerAddress” -TunnelType L2tp -EncryptionLevel Optional -L2tpPsk “$PresharedKey” -AuthenticationMethod Pap -Force
(Get-Content $env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk) | ForEach-Object{$_ -replace ‘DataEncryption=8′,’DataEncryption=256’} | Set-Content $env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk