I've done a quick search and it seems this question has yet to be truly answered. I need to deploy the Meraki Client VPN solution. Our current configuration is with the PSK but if there's a better method for authenticating the user/machine (certificate?) I'm all ears.
I need to outline a clear plan before doing so but even Microsoft's documentation on CMAK doesn't indicate a field to define the PSK. I didn't read thoroughly enough. It looks like they do talk about the PSK but it isn't recommended. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd...
How is everyone else deploying this solution?
Forgot to mention I have all Windows 10 endpoints.
Thanks!
You can use Active Directory validation or, if you have system manager licences, Systems Manager Sentry VPN security validation.
Windows GPO can be used to push out a VPN template, but not a PSK. The only way to deploy this at scale and not lose your mind is to use certificates.
Once an auto-enrolling certificate template exists in AD, a separate GPO would be used to auto-enroll your users using that certificate template. That user certificate would then be referenced in the VPN profile.
CMAK is the most comprehensive, but the most painfull to initially setup.
Powershell is half way in between. Quick to setup, and you can just run the script on Windows 10 machines.
http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html
I tend to use Powershell.
Just wanted to reference to this "UserVoice" idea which is that Intune should support configuring VPN w. L2TP-PSK / PAP;
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/41712955-enhanced-l2tp-configu...
Please upvote that if you are using Intune and want to easier be able to manage MerakiVPN.