search

paulstancer / VPNCredentialsHelper

This repository contains the code used to build the Powershell helper module: VPNCredentialsHelper that can be used to set the username and password of a VPN connection without having to manually enter them through the prompt.
16 stars 5 forks source link

cannot connect automatically, need manual "save credentials" #1

Open igpit opened 4 years ago

igpit commented 4 years ago

using Set-VpnConnectionUsernamePassword username and password can be added to a created VPN connection fine. but trying to connect it clicking connect, a dialog pops up asking to enter credentials though. when using rasdial you get error 703.

Screenshot_2

if you look at the advanced vpn settings, you see that username/password have been set correctly:

Screenshot_3

editing reveals that the checkbox for "save credentials" is not active by default.

Screenshot_1

once you manually check that and save, you can connect (also with rasdial) fine,

the VPN was created as 

Add-VpnConnection -Name $vpnName -ServerAddress $vpnServer -TunnelType IKEv2 -EncryptionLevel Required -AuthenticationMethod EAP -SplitTunneling -DnsSuffix $dnsSuffix

Set-VpnConnectionIPsecConfiguration -ConnectionName $vpnName -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup PFS2048 -PassThru -force

Add-VpnConnectionRoute -ConnectionName $vpnName -DestinationPrefix 192.168.0.0/16 -PassThru

Add-VpnConnectionTriggerDnsConfiguration -ConnectionName $vpnName -DnsSuffix $dnsSuffix -DnsIPAddress $dnsServer -PassThru

Set-VpnConnectionTriggerDnsConfiguration -ConnectionName $vpnName -DnsSuffixSearchList $dnsSearchSuffix -PassThru -Force

Set-VpnConnectionUsernamePassword -connectionname $vpnName -username $vpnUser -password $vpnPass -domain ''
igpit commented 4 years ago

turns out you just need to set CacheCredentials=1 in the pbk file "%AppData%\Microsoft\Network\Connections\Pbk\rasphone.pbk"

Skywriter-MD commented 2 years ago

@igpit are you manually going into the pbk file and adding the cachecredentials=1 ? Or did you include that in your script? If so , how?

tcartwright commented 1 year ago

I wrote a script to mod this settings and others. Here it is for anyone else. Hope it helps.

#Requires -RunAsAdministrator
#Requires -Module PsIni 

$vpns = (Get-VpnConnection | Where-Object { $_.ServerAddress -match "XXX.XXX.XXX.(XXX|YYY)" })
if ($vpns.Count -eq 0) {
    Write-Warning "NO MATCHING VPNS FOUND"
}

Import-Module PsIni -Scope AllUsers 

$fileName = "$($env:APPDATA)\Microsoft\Network\Connections\Pbk\rasphone.pbk"
$ini = Get-IniContent $fileName 
$settings = New-Object System.Collections.ArrayList

foreach ($vpn in $vpns) {
    $vpnName = $vpn.Name
    Write-Host "MODIFYING VPN: [$vpnName]" -ForegroundColor Yellow

    $settings.Add((ChangeIniSetting -sectionName $vpnName -section $ini[$vpnName] -keyName "AlwaysOnCapable" -value 1)) | Out-Null

    $settings.Add((ChangeIniSetting -sectionName $vpnName -section $ini[$vpnName] -keyName "IpInterfaceMetric" -value 2)) | Out-Null

    $settings.Add((ChangeIniSetting -sectionName $vpnName -section $ini[$vpnName] -keyName "IdleDisconnectSeconds" -value ([Timespan]::FromHours(4).TotalSeconds))) | Out-Null

    $settings.Add((ChangeIniSetting -sectionName $vpnName -section $ini[$vpnName] -keyName "CacheCredentials" -value 1)) | Out-Null
}

$settings | Format-Table

if ($settings | Where-Object { $_.Changed } ) {
    Write-Host "Saving $fileName" -ForegroundColor Yellow
    $ini | Out-IniFile -FilePath "$fileName" -Force -Encoding ASCII 
} else {
    Write-Host "No settings changed, skipping save." -ForegroundColor Yellow
}