The simple fix is to change the encryption setting after the profile defined it as ‘Optional’
An example;
Add-VpnConnection -Name “VPN Name” -ServerAddress “remote..” -TunnelType "L2tp" -EncryptionLevel "Optional"
Then change values in the pbk file in use;
$rasphone = "$env:USERPROFILE\Appdata\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $rasphone) -replace 'DataEncryption=8', 'DataEncryption=256' | Set-Content $rasphone
You need to check your file, but for now Microsoft sets the value to DataEncryption=8 if there is no visible encryption.
MS dont know about the IPSEC solution in Meraki.
Check your value by replace line 2 with this one; Get-Content $rasphone
We've combined some of the scripts referenced in the tread, summarized under, it rolls out an VPN profile to logged-in user, tested Okey in Intune.
The trick is in short, set Dataencrypion to Optinal and then change the pbk file
*****
#Cloudflex AS
# VPN with PAP over IPSEC for Meraki VPN
[CmdletBinding()]
param(
[Parameter()][string]$Name='VPN Name',
[Parameter()][string]$ServerAddress='remote.domain.com',
[Parameter()][string]$PSK='The secret',
[Parameter()][string]$DnsSuffix='remote.domain.com'
)
$NeedsReboot = $false
Add-VpnConnection -Name $Name -ServerAddress $ServerAddress -TunnelType "L2tp" -EncryptionLevel "Optional" -AuthenticationMethod PAP -L2tpPsk $PSK -RememberCredential -DnsSuffix $DnsSuffix -PassThru -Force -Confirm:$false
If((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent\' -Name 'AssumeUDPEncapsulationContextOnSendRule' -ErrorAction SilentlyContinue) -eq $null) {
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent\' -Name 'AssumeUDPEncapsulationContextOnSendRule' -Value 2 -PropertyType 'DWord'
Write-Host 'Please reboot before attempting to connect.' -ForegroundColor Yellow
$NeedsReboot = $true
}
$rasphone = "$env:USERPROFILE\Appdata\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $rasphone) -replace 'IpInterfaceMetric=0', 'IpInterfaceMetric=1' | Set-Content $rasphone
$rasphone = "$env:USERPROFILE\Appdata\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $rasphone) -replace 'DataEncryption=8', 'DataEncryption=256' | Set-Content $rasphone