forked from imabdk/PowerShell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Set-VPNStrategy.ps1
105 lines (86 loc) · 3.44 KB
/
Set-VPNStrategy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<#
.SYNOPSIS
This script reads the current AlwaysOn VPN strategy and changes it to the set value if required.
.DESCRIPTION
This script reads the current AlwaysOn VPN strategy and changes it to the set value if required.
This is to cater for situation where Windows 10 automatically changes the VPN strategy to something undesirable.
Intune currently only supports setting the connection type to either IKEv2, L2TP, PPT or automatic.
If you want a different strategy, you will need to use a script like this.
.PARAMETER strategyNumber
Specify the desired VPN strategy by number. The options are:
5 = Only SSTP is attempted
6 = SSTP is attempted first
7 = Only IKEv2 is attempted
8 = IKEv2 is attempted first
14 = IKEv2 is attempted followed by SSTP
.NOTES
Filename: Set-VPNStrategy.ps1
Version: 1.0
Author: Martin Bengtsson
Blog: www.imab.dk
Twitter: @mwbengtsson
#>
[cmdletbinding()]
param(
[Parameter(Mandatory=$true)]
[ValidateSet("5","6","7","8","14")]
[string]$strategyNumber
)
function Get-VPNStrategy() {
switch ($strategyNumber) {
5 {$strategyDesc = "Only SSTP is attempted"}
6 {$strategyDesc = "SSTP is attempted first"}
7 {$strategyDesc = "Only IKEv2 is attempted"}
8 {$strategyDesc = "IKEv2 is attempted first"}
14 {$strategyDesc = "IKEv2 is attempted followed by SSTP"}
}
$rasphonePath = "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk"
if (Test-Path $rasphonePath) {
try {
$currentStrategy = (Get-Content $rasphonePath) -like "VpnStrategy=*"
}
catch { }
}
else {
Write-Verbose -Verbose -Message "The path for rasphone.pbk does not exist"
}
Write-Output $currentStrategy
}
function Set-VPNStrategy() {
switch ($strategyNumber) {
5 {$strategyDesc = "Only SSTP is attempted"}
6 {$strategyDesc = "SSTP is attempted first"}
7 {$strategyDesc = "Only IKEv2 is attempted"}
8 {$strategyDesc = "IKEv2 is attempted first"}
14 {$strategyDesc = "IKEv2 is attempted followed by SSTP"}
}
$rasphonePath = "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk"
$currentStrategy = Get-VPNStrategy
$newStrategy = "VpnStrategy=$strategyNumber"
if ($currentStrategy) {
if ($currentStrategy -ne $newStrategy) {
try {
(Get-Content $rasphonePath).Replace($currentStrategy,$newStrategy) | Set-Content $rasphonePath
Write-Verbose -Verbose -Message "VPN strategy is now configured to: $newStrategy"
Write-Verbose -Verbose -Message "The VPN strategy description is: $strategyDesc"
}
catch {
Write-Verbose -Verbose -Message "Failed to apply new VPN strategy"
}
}
elseif ($currentStrategy -eq $newStrategy) {
Write-Verbose -Verbose -Message "VPN strategy is already properly configured to: $currentStrategy"
Write-Verbose -Verbose -Message "The VPN strategy description is: $strategyDesc"
}
}
}
try {
Write-Verbose -Verbose -Message "Script is running"
Set-VPNStrategy
}
catch {
Write-Verbose -Verbose -Message "Something went wrong during running of the script"
}
finally {
Write-Verbose -Verbose -Message "Script is done running"
}