Automate your Meraki Client VPN Connection

Cisco does a great job with their documentation but unfortunately they didn’t do so well with explaining how to configure their VPN connection for medium to large scale companies. Their documentation only explains how to configure the connection manually, so I decided to use my Powershell skills to write up something really quick. Luckily for us, this task is extremely simple with Powershell.

The following script will automatically configure your Meraki VPN connection on Windows 10:

$ServerAddress = "VPN SERVER ADDRESS"
$ConnectionName = "VPN CONNECTION NAME"
$PresharedKey = "YOUR PRESHARED KEY"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -Force

This script can be deployed using GPO, your existing system management system or even added to your images with MDT or SCCM.

I hope this helps someone out!

20 Comments

  1. glad i found this – when i try to run the PS Script is states access denied…

  2. glad i found this – when i try to run the PS Script is states access denied…anything i can do to try and get it to run?

    • Jose Espitia

      Did you elevate the Powershell script? If not, try running the script as an Administrator.

      Let me know if that works for you!

  3. Hi Jose,
    Having an issue with this on windows 10. It is setting the sign-in info as general authentication method instead of username and password and it is not allowing us to edit the connection. Any thoughts?

    https://www.screencast.com/t/s3Q0XehRnPNB

    Thanks!

    • Jose Espitia

      Hi Erik, which version of Windows 10 are you using (1511, 1607, etc)?

    • Jose Espitia

      Also have you tried connecting? It should prompt you for your username and password.

      To edit the connection go to the following directory:
      Control Panel\All Control Panel Items\Network Connections

  4. Does this work for windows 7? I can get it to work for 10 but not 7

    • Jose Espitia

      Hey John, unfortunately the VPN CMDLET’s are not available for Windows 7. You can possibly get away with manually configuring your VPN connection on a computer, copying the PBK file (%userprofile%\AppData\Roaming\Microsoft\Network\Connections\PBK) and then distribute the file to everyone.

      Let me know if that works!

      • Hi

        I tried this.. coping file to another PC and its not working.
        Timing out on connecting to server.

        Please help !!

        Thanks

  5. Lifesaver, thanks!

  6. Bruh! You are awesome! Thanks so much for this.

  7. How can you get this to remember the username and password?

  8. Hi,

    How do you force data encryption (under security tab) to require encryption? The script seems to default to optional encryption which doesn’t allow our users to connect.

    • Jose Espitia

      April 17, 2019 at 2:48 pm

      Shawn, you can try adding -EncryptionLevel Required to the command. See example below:
      Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -EncryptionLevel Required -Force

      • Michael Martin

        I have been unsuccessful using Pap & Required encryption. Any tips on that?

        • Jose Espitia

          April 23, 2019 at 6:39 pm

          Michael,
          Try running the following script:
          $ServerAddress = "VPN SERVER ADDRESS"
          $ConnectionName = "VPN CONNECTION NAME"
          $PresharedKey = "YOUR PRESHARED KEY"
          Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -AllUserConnection -L2tpPsk "$PresharedKey" -AuthenticationMethod Pap -EncryptionLevel Required -Force

  9. Thany Sounthala

    The last line will update the ras.pbk file to set the Meraki requirement to the Data Encryption to “Require encryption (disconnect if server declines)”

    $ServerAddress = “VPN SERVER ADDRESS”
    $ConnectionName = “VPN CONNECTION NAME”
    $PresharedKey = “PRESHARED KEY”
    Add-VpnConnection -Name “$ConnectionName” -ServerAddress “$ServerAddress” -TunnelType L2tp -EncryptionLevel Optional -L2tpPsk “$PresharedKey” -AuthenticationMethod Pap -Force
    (Get-Content $env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk) | ForEach-Object{$_ -replace ‘DataEncryption=8′,’DataEncryption=256’} | Set-Content $env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk

Leave a Reply