27

I'd like my Windows to connect to the VPN server as soon as it loads. How can I do it using Powershell?

Ann
  • 475
  • 1
  • 5
  • 14

4 Answers4

25

Try this works with windows 10

    $vpnName = "YOUR_VPN_NAME";
    $vpn = Get-VpnConnection -Name $vpnName;
    if($vpn.ConnectionStatus -eq "Disconnected"){
    rasdial $vpnName;
    }
Karlster
  • 250
  • 3
  • 6
  • 5
    This does technically work, but rasdial requires you enter the username and password in this format: rasdial $vpnName $Username $password....Even if the password is saved, it requires you to have those parameters in plaintext. If you want to take advantage of saved passwords use rasphone, steps outlined here: https://stackoverflow.com/questions/14180472/how-to-save-password-in-rasdial – ZaxLofful May 09 '19 at 18:34
  • Be aware: if you have setup a VPN from Azure - like a P2S - then this is not possible. You would have to setup the configuration on windows manually with the information you get from Azure. The following guide can help: https://dougrathbone.com/blog/2013/11/27/deconstructing-the-azure-point-to-site-vpn-for-command-line-usage – Alexander Falk Nov 12 '19 at 10:08
  • So it's not possible to connect a VPN with PowerShell? For `rasdial` is `rasdial.exe` and just another executable, not a powershell cmdlet at all. I'd expect win10 to have some cmdlet for that... but no? – hypersw Mar 19 '20 at 23:30
1

You could try something like this:

I have not tested if it works. I have PowerShell V3 Beta installed - it may be necessary to run these commands. 

Register-ScheduledJob -name ConnectVPN -ScriptBlock { & rasphone MyVpnConnection 
$trigger = New-JobTrigger -AtLogOn
Add-JobTrigger -Name ConnectVPN -Trigger $trigger
Get-ScheduledJob -Name ConnectVPN | Get-JobTrigger
Bill the Lizard
  • 398,270
  • 210
  • 566
  • 880
Günter Zöchbauer
  • 623,577
  • 216
  • 2,003
  • 1,567
  • 14
    I found much easier way) I created .bat file with just one phrase "rasdial myVPN", where myVPN - is the name of my VPN connection, which I created earlier. Then I put this .bat to the StartUp folder. – Ann May 16 '12 at 15:08
  • 2
    @Ann: You should formulate your comment into an answer! This would increase the visibility a lot! – D.R. Dec 09 '15 at 20:39
1

Apart from the other answers, Windows 10 also natively supports this via a configuration called Always On. More details about always on are available at https://learn.microsoft.com/en-us/windows/access-protection/vpn/vpn-auto-trigger-profile

You can deploy either via a MDM or even using WMI/Powershell

References for Deployment

VPN 2 CSP: https://learn.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp

CSP to WMI Bridge : https://learn.microsoft.com/en-us/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider

Aman Arneja - MSFT
  • 415
  • 3
  • 12
  • Always on works only until the computer goes to sleep. When it comes back you have to reconnect manually. I think that is the main reason of this discussion. – Artoo Mar 23 '23 at 10:06
1

The "Connect automatically" checkbox in Windows VPN settings was working well for me. But after configuring split tunneling to connect to a VM locked-down to VPN IP addresses, the VPN connection needed to be disconnected/reconnected to take effect. The problem was that rasdial /disconnect disables AutoTrigger settings. The below seems to work to re-enable auto-triggering.

Set a specific VPN profile name here or use the first one that comes back from Get-VpnConnection:

$vpnProfileName = Get-VpnConnection | select -first 1 -ExpandProperty Name

Optional example to show how to setup split tunneling:

# Enable split-tunneling to a specific address
# Name of VM restricted to VPN IP addresses
$vmName = "myserver.eastus.cloudapp.azure.com"
$ip = $(Resolve-DnsName -name $vmName  | where section -eq answer).IPAddress
Add-VpnConnectionRoute -Name $vpnProfileName -DestinationPrefix "$ip/32"

# Rasdial disconnect will turn off AutoTriggering
rasdial $vpnProfileName /disconnect

# Check VPN status
Get-VpnConnection | select Name, IsAutoTriggerEnabled, ConnectionStatus

Re-enable auto-triggering and start the VPN connection:

# Remove Disabled Profile
$disabledProfiles = [string[]](Get-ItemPropertyValue HKLM:SYSTEM\CurrentControlSet\Services\RasMan\Config -name AutoTriggerDisabledProfilesList)
$disabledProfiles = $disabledProfiles | where { $_ -ne $vpnProfileName }
Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\Services\RasMan\Config -name AutoTriggerDisabledProfilesList -Type MultiString -Value $disabledProfiles

# Remove AutoTriggeringDisabled
Remove-ItemProperty HKLM:SYSTEM\CurrentControlSet\Services\RasMan\Config -name AutoTriggeringDisabled 

# Add trigger to a process that is certain to be running. Will trigger on process launch as well as if it is already running.
# Adding trigger even it already exists seems to be necessary to get it to trigger after rasdial /disconnect
Add-VpnConnectionTriggerApplication -Name $vpnProfileName –ApplicationID "C:\Windows\explorer.exe" -ErrorAction Ignore 

# Check VPN status
Get-VpnConnection | select Name, IsAutoTriggerEnabled, ConnectionStatus
KrisG
  • 119
  • 5