Client VPN Connection you can send to your users

WWWolf
Here to help

Client VPN Connection you can send to your users

I posted this solution in response to another question but figured many who this may help would never see it there.

 

NOTE: This solution does NOT require elevation of privileges (every step can be done as standard user).

 

If you are looking for a way to create a VPN connection to your MX for (Windows XP, 7, 8, 10) users who are out of the office and can't bring their systems in for you to work on, you can make a .pbk (phonebook) file that you can send via email with these steps:

* Create a blank text file on your desktop and then rename it to have a ".pbk" extension

* Open the file (you should see a message saying the phonebook is empty prompting you to add an entry)

* Click Ok

* Select "Workplace network"

* Enter the address to your VPN connection and give it a name and click Next

* Enter your login credentials (optional) and click Create

* With your new connection selected, click Properties

* Verify address on General tab then select the Security tab

* Un-check CHAP options at the bottom and select PAP under "Allow these protocols"

* Select L2TP/IPSec for the type of VPN

* Click the Advanced settings button, select the preshared key option and enter your key then click Ok

* Click Ok to close the Properties 

* Click Connect to connect to the new connection

* Enter logon credentials if you did not already do so (optionally select to save credentials) and click Connect

 

Users who use this type of connection will have to remember to connect via the .pbk file and not via their network connections dialog. (I would recommend having them save it to their desktops.)

You will still need to verify settings on the security tab. In the test that I did I had to enter the preshared key again after transferring the file to another system.

3 Replies 3
rwiesmann
A model citizen

Thanks to post it again. Would not have seen it otherwise! Gone try it!

Doug100
Here to help

Hi thanks, that is useful, may I add that the PowerShell script on this site works very well, I used to with a remote management tool to deploy, just another thought in these tough times... https://www.reddit.com/r/meraki/comments/6129mj/meraki_vpn_powershell_script/?utm_source=amp&utm_med...
WWWolf
Here to help

Great find @Doug100 

 

I don't really have time to fully test that right now but it looks like a solid solution that should work for most users. 

Unfortunately it relies on the client having the vpnclient module (https://docs.microsoft.com/en-us/powershell/module/vpnclient/?view=win10-ps) installed which I believe is limited to Windows 10 (possibly 8.1 - please correct me if I am wrong).  Of course, by now hopefully there aren't too many pre-Windows 10 systems hitting your networks but we all know many organizations are still using at least some Windows 7 systems.

Also, I do believe that script requires elevation of privileges to run so it will require you to utilize a remote management solution (not a deal-breaker but slightly more overhead than an email and phone call).

 

All said, the PowerShell option is perhaps the preferred option IF your clients are running current versions of Windows and you have a way to gain access to them.  Otherwise, the .pbk file may be an ideal solution for at least a temporary workaround. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels