Basic Windows L2TP VPN Worklet

This is a very basic method of setting up an L2TP VPN using a worklet.

Change the values: vpnName, serverAddress, yourPsk, authMethod

Evaluation Code:

Get-VpnConnection -Name "vpnName"

Remediation Code:

Add-VpnConnection -AllUserConnection -Name "vpnName" -ServerAddress "serverAddress" -TunnelType L2tp -EncryptionLevel Optional -L2tpPsk "yourPsk" -AuthenticationMethod authMethod -Force
1 Like

What needs added to the Evaluation Code so that the worklet doesn’t run if there is already a VPN connection?

Hey @bfrey!

Try the following:

    #############################################
    # VPN Connection - Evaluation
    $vpnName = "vpnName"
    #############################################

    try {
        # Check for connection existence
        if(-not(Get-VpnConnection -allUserConnection|Where-Object -Property Name -eq $vpnName)){
            exit 1
        } else {
            exit 0
        }
    }
    catch [Exception]{
        write-output "$_.Exception.Message"
        exit 1
    }

and remediation:

#############################################
# VPN Connection - Remediation
$vpnName              = "vpnName"
$serverAddress        = "x.x.x.x"
$tunnelType           = "L2tp"
$encryptionLevel      = "Optional"
$L2tpPsk              = "yourPsk"
$AuthenticationMethod = "authMethod"
#############################################

try {
    #                  Params               Variables
    Add-VpnConnection -AllUserConnection                          `
                      -Name                 $vpnName              `
                      -ServerAddress        $serverAddress        `
                      -TunnelType           $tunnelType           `
                      -EncryptionLevel      $encryptionLevel      `
                      -L2tpPsk              $L2tpPsk              `
                      -AuthenticationMethod $AuthenticationMethod `
                      -Force
}
catch [Exception]{
  write-output "$_.Exception.Message"
  exit 1
}

try {
    # Check for connection existence
    if(-not(Get-VpnConnection -allUserConnection|Where-Object -Property Name -eq $vpnName)){
        exit 1
    } else {
        exit 0
    }
}
catch [Exception]{
    write-output "$_.Exception.Message"
    exit 1
}
2 Likes

Thank you for helping with this one!

1 Like

No problem!