How do you change a VPN connection's IP settings?

VPN
1

We are creating a VPN connection like this :

Add-VpnConnection -Name "TestVPN" -ServerAddress server.com -AllUserConnection -AuthenticationMethod MSChapv2 -DnsSuffix domain.net -EncryptionLevel Required -TunnelType Automatic -UseWinlogonCredential

Set-VpnConnection -Name "TestVPN" -AllUserConnection -AuthenticationMethod MSChapv2 -DnsSuffix domain.com -SplitTunneling 0 -UseWinlogonCredential 1

This succcessfully creates the connection. However now I need to automate changing the IPV4 parameters inside the vpn connection, for example :

989×499 16 KB

I do this all the time for NETWORK ADAPTERS using the wmi methods of WIN32_NETWORKADAPTERCONFIGURATION :

$ConnectionVPN = (Get-WmiObject Win32_NetworkAdapter -filter "Name='WAN Miniport (IKEv2)'").GetRelated('Win32_NetworkAdapterConfiguration')
$ConnectionVPN.EnableStatic("x.x.x.x", "x.x.x.x")
$ConnectionVPN.SetGateways("x.x.x.x", 1)

But this doesn’t work for a VPN connection! It returns error code 97 "Interface not configurable"

How do you change IPV4 settings for a VPN connection? Thanks a lot i’m in a bind…

**EDIT**

We found out how, turns out it’s quite simple, the connection is basically in the file :

“C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk”.

So what we ended up doing:

1-Setup the connection manually, modifying all the options to your liking

2-Simply copy the .pbk file

3-When you want to deploy, simply copying the file into “C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk”

will make the connection instantly available. Removing the file removes the connection too.

2

I usually just delete it and recreate it. Here’s the script I wrote for a client using Meraki VPN:

[CmdletBinding()] 
param(
    [Parameter()][string]$Name='Meraki VPN',
    [Parameter()][string]$ServerAddress='vpn.contoso.com',
    [Parameter()][string]$PSK='presharedkey',
    [Parameter()][string]$DnsSuffix='corp.contoso.com'
)
$NeedsReboot = $false
Add-VpnConnection -Name $Name -ServerAddress $ServerAddress -TunnelType "L2tp" -EncryptionLevel "Optional" -AuthenticationMethod PAP -L2tpPsk $PSK -RememberCredential -DnsSuffix $DnsSuffix -PassThru -Force -Confirm:$false

If((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent\' -Name 'AssumeUDPEncapsulationContextOnSendRule' -ErrorAction SilentlyContinue) -eq $null) { 
    New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent\' -Name 'AssumeUDPEncapsulationContextOnSendRule' -Value 2 -PropertyType 'DWord' 
    Write-Host 'Please reboot before attempting to connect.' -ForegroundColor Yellow
    $NeedsReboot = $true
}

$rasphone = "$env:USERPROFILE\Appdata\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk"
$interfacemetric = 'IpInterfaceMetric=0'
(Get-Content $rasphone) -replace $interfacemetric, 'IpInterfaceMetric=1' | Set-Content $rasphone

Write-Host "$Name successfully created." -ForegroundColor Green
if($NeedsReboot) {
    $DoReboot = Read-Host 'Reboot now?'
    if($DoReboot) { shutdown /r /t 0 /f }
}

If the settings get screwed up or needs changing I tell them to just delete the VPN connection and re-run the script.

3

I’m on mobile, so not really able to get too much info. We were looking into this, but ditched this idea I was looking into right before testing. Try set-dnsClientServerAddress. Like I said, I haven’t tested but that was going to be my first test for this exact situation

4

We found out how, turns out it’s quite simple, the connection is basically in the file :

“C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk”.

So what we ended up doing:

1-Setup the connection manually, modifying all the options to your liking

2-Simply copy the .pbk file

3-When you want to deploy, simply copying the file into “C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk”

will make the connection instantly available. Removing the file removes the connection too.

5

That’s good , do you know how to change the interface metric from automatic (default) to a set number ?

6

Ok thanks I’ll check that out tomorrow. Also gonna check out vpn profiles on sccm but not sure they allow this level of detail for settings.

7

That’s in the last portion of the script.

$rasphone = "$env:USERPROFILE\Appdata\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk"
$interfacemetric = 'IpInterfaceMetric=0'
(Get-Content $rasphone) -replace $interfacemetric, 'IpInterfaceMetric=1' | Set-Content $rasphone
8

Oh I didn’t notice, actually in a file…I wonder if ipv4 settings could be set in that or another file too ! Thanks