Answer the question
In order to leave comments, you need to log in
A
A
Artcifra2019-12-04 12:11:14
Artcifra, 2019-12-04 12:11:14
How to automate VPN connection?
How it is possible to simplify connection on RDP for the user?
Briefly: on the site, the user leaves a request, he is sent access to a windows computer in order to be able to "stumble" in specialized software.
We wanted to send a *.rdp file to the user with all the settings and a password that he would have to enter. But for the safety of all this, the computers were placed behind the VPN.
Setting up a VPN is not an obvious and simple task for everyone.
It is possible to create a script (bat, powershell) that the user will also run:
- VPN connection will be registered
- save in the system
- connect VPN so that traffic goes through it
- run .rdp file to connect
- further, when RDP is connected, the password will be requested
- Interested most in the first three points is it possible?
- Will the scripts be different for win8 and win10?
- The script can take into account what a VPN has already been created and go to step three right away?
- What else can be pitfalls?
PS
In the question, I did not write that passwords will change periodically, so please do not write about the security of transferring passwords in scripts, this does not apply to the question.
4 answer(s)
@res2001
@CityCat4
@jesterOK
Create *.ps1 file and run in PowerrShell
R
res2001, 2019-12-04 @res2001
Apparently you are using Microsoft's standard VPN options?
Microsoft has such a thing CMAK helps to create VPN connection installers.
You can also create a VPN connection using a powershell script using the Add-VpnConnection applet.
Here and here they write that you can simply create connections in cmd (i.e. batch file).
Connect VPN connection using rasdial, run RDP - mstsc.
If you use openvpn, then you can get away from passwords and make VPN on keys. Distribute pre-configured openvpn build. Client keys can be banned regularly and new ones generated. Post new ones on the site.
It is better not to write the login / password for Windows in the script, but publish it on the site and also change it regularly - let the user enter them manually. Just in case, you can save the login / password for the RDP connection using the cmdkey utility.
C
CityCat4, 2019-12-04 @CityCat4
Probably, through VBS / PS it is possible to solve - through VBS, in general, a lot of things can be done, including very extraordinary ones. But I don't know - this is a long MSDN dig.
Take out the computer because of the VPN. And disconnect it from the network of the office (physically or at the vlan level - the main thing is not on the computer).
Hang RDP on a non-standard port - of course they will still find it, but it will cut off the shkolota.
Do not put anything on it, except for the software that you demonstrate and roll a backup after each user (or even better, start a virtual machine and automatically raise it from the snapshot after logoff, killing the old one)
S
Stanislav Valsinats, 2019-12-16 @jesterOK
I myself am interested in this issue - try this thing like below (only works on Win10, there the PowerShell version must be higher than 7)
$VpnName = "Тест проверка TEST"
$gateway = "8.8.8.8"
$psk = "123456"
$regp = 'HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent' #if VPN server is behind NAT, otherwise comment out this line.
#add l2tp vpn
Add-VpnConnection -Name $VpnName -ServerAddress $gateway -TunnelType L2tp -AuthenticationMethod MSChapv2 -EncryptionLevel Optional -L2tpPsk $psk -Force -AllUserConnection -RememberCredential -SplitTunneling
New-ItemProperty -Path $regp -Name AssumeUDPEncapsulationContextOnSendRule -Value 2 -PropertyType 'DWORD' -ForceCreate *.ps1 file and run in PowerrShell
Similar questions
T
B
A
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question