![]() ![]() The only interesting thing of interest is how I’m converting the VPN GUID from the phonebook file into the Binary format required – which is done with the function Convert-HexToByte show above – that took me a little longer than I’m willing to admit! Value = ](Convert-HexToByte -HexString $VPNGUID)Īgain, most of this code is quite simple – all we are doing is entering some data into the registry. If (!(Test-Path $RequiredFolder -ErrorAction Silentl圜ontinue)) Write-Host " $logMessage" -ForegroundColor Yellow $rasManKeyPath = "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config" $requiredFolder = "C:\Users\$($er)\AppData\Local\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState" $currentUser = (Get-CimInstance -ClassName WIn32_Process -Filter 'Name="explorer.exe"' | Invoke-CimMethod -MethodName GetOwner) Open the *.pbk file in your favourite editor (that’s VSCode for everyone right?) and let’s move onto the code. %localappdata%\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState\rasphone.pbk The *.PBK file is stored within the Azure VPN client folder structure in your local app data folder shown below – It’s always the same path which makes all of this very easy to automate! Once we have that *.PBK file generated, we can capture the contents, and then deploy it out to other devices via Intune (or Configuration Manager) using a very simple PowerShell script. What this manual step does is creates the *.PBK file that the VPN client uses to “dial the connection”. ![]() Once you’ve downloaded the Azure P2S config files, the next step is to manually import the config into the Azure VPN client (technically there is a way to do this using CLI parameters, however it’s frustratingly broken at the moment – I’ll talk about that another time!). ![]() Now, the end user can technically go in once the connection is deployed and set it themselves, but there has to be a more reliable way of doing this on behalf of the user – if it can be done via Intune for the native client, surely there has to be a way to enforce the setting? The answer, as always, is a resounding “of course!”.īefore we begin, the first thing we need to do is convert the config files I was given by my network team into a format that we can silently push out. The only problem? There is no way to force the “connect automatically” setting in the native VPN client, thus the client’s major requirement was not met. This VPN client is designed to compliment the native VPN client and adds support for MFA as well as allowing connections from the native VPN interface. The next suggestion was to leverage the Azure VPN Client from the Microsoft store. The problem, as it turned out is the native VPN client has a limit of 25 route rules per connection – something that *shouldn’t* normally be a problem, but was insurmountable in this scenario. If we use this, we can utilize the native VPN policies within Intune which let us define everything we need – including setting the connection to automatically connect. My first suggestion was to simply use the built-in VPN client that comes with Windows 10. The requirements were quite simple – They were building out an Azure Point-To-Site VPN solution and needed me to come up with a way to deliver the connection to the end user devices. One of my clients recently came to me asking for assistance to set up a new VPN solution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |