Connect to VPN by Powershell

Question

I'd like my Windows to connect to the VPN server as soon as it loads. How can I do it using Powershell?

Answer 1

Try this works with windows 10

    $vpnName = "YOUR_VPN_NAME";
    $vpn = Get-VpnConnection -Name $vpnName;
    if($vpn.ConnectionStatus -eq "Disconnected"){
    rasdial $vpnName;
    }

Answer 2

You could try something like this:

I have not tested if it works. I have PowerShell V3 Beta installed - it may be necessary to run these commands.

Register-ScheduledJob -name ConnectVPN -ScriptBlock { & rasphone MyVpnConnection 
$trigger = New-JobTrigger -AtLogOn
Add-JobTrigger -Name ConnectVPN -Trigger $trigger
Get-ScheduledJob -Name ConnectVPN | Get-JobTrigger

Answer 3

Apart from the other answers, Windows 10 also natively supports this via a configuration called Always On. More details about always on are available at https://docs.microsoft.com/en-us/windows/access-protection/vpn/vpn-auto-trigger-profile

You can deploy either via a MDM or even using WMI/Powershell

References for Deployment

VPN 2 CSP: https://docs.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp

CSP to WMI Bridge : https://docs.microsoft.com/en-us/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider

Answer 4

The "Connect automatically" checkbox in Windows VPN settings was working well for me. But after configuring split tunneling to connect to a VM locked-down to VPN IP addresses, the VPN connection needed to be disconnected/reconnected to take effect. The problem was that rasdial /disconnect disables AutoTrigger settings. The below seems to work to re-enable auto-triggering.

Set a specific VPN profile name here or use the first one that comes back from Get-VpnConnection:

$vpnProfileName = Get-VpnConnection | select -first 1 -ExpandProperty Name

Optional example to show how to setup split tunneling:

# Enable split-tunneling to a specific address
# Name of VM restricted to VPN IP addresses
$vmName = "myserver.eastus.cloudapp.azure.com"
$ip = $(Resolve-DnsName -name $vmName  | where section -eq answer).IPAddress
Add-VpnConnectionRoute -Name $vpnProfileName -DestinationPrefix "$ip/32"

# Rasdial disconnect will turn off AutoTriggering
rasdial $vpnProfileName /disconnect

# Check VPN status
Get-VpnConnection | select Name, IsAutoTriggerEnabled, ConnectionStatus

Re-enable auto-triggering and start the VPN connection:

# Remove Disabled Profile
$disabledProfiles = [string[]](Get-ItemPropertyValue HKLM:SYSTEM\CurrentControlSet\Services\RasMan\Config -name AutoTriggerDisabledProfilesList)
$disabledProfiles = $disabledProfiles | where { $_ -ne $vpnProfileName }
Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\Services\RasMan\Config -name AutoTriggerDisabledProfilesList -Type MultiString -Value $disabledProfiles

# Remove AutoTriggeringDisabled
Remove-ItemProperty HKLM:SYSTEM\CurrentControlSet\Services\RasMan\Config -name AutoTriggeringDisabled 

# Add trigger to a process that is certain to be running. Will trigger on process launch as well as if it is already running.
# Adding trigger even it already exists seems to be necessary to get it to trigger after rasdial /disconnect
Add-VpnConnectionTriggerApplication -Name $vpnProfileName –ApplicationID "C:\Windows\explorer.exe" -ErrorAction Ignore 

# Check VPN status
Get-VpnConnection | select Name, IsAutoTriggerEnabled, ConnectionStatus