@Nash Unfortunately I'll never be able to explain anything to the non-programming people here. That said I can add multiple Destinations and the VPN will route to those destinations only while everything else goes out the local internet? Is the script persistent or need run after a reboot or disconnect from the VPN? 

I don't disagree, but let me rephrase, "We don't know how to, can you do it for us?" They basically won't read the directions or just skip to it's to hard and someone from IT will end up needing to do it for them. Easier to just remote in and run it ourselves or push it with PDQ unfortunately lol. 

@Nash 

Worked like a charm, used the full creation script and pushed it with PDQ. Our Help desk crew was ecstatic lol.

I've got clients auto-deploying the VPN using group policy in Active Directory.

Just create a group policy that runs a powershell script and put it in the scope of a group that you want to auto-deploy the settings to.

Then never touch it again.

---

@PhilipDAth wrote:

I've got clients auto-deploying the VPN using group policy in Active Directory.

 

Just create a group policy that runs a powershell script and put it in the scope of a group that you want to auto-deploy the settings to.

 

Then never touch it again.

---

Deploying via GPO would be my dream, but I can't get my systems folks to do that. I only just now got somebody to start trying to do it via RMM... and that's super fun, because he's got to figure out how to make ConnectWise Automate populate the required variables. Wish me luck.

@Nash One customer is using your script as a base for their MS Intune always-on client vpn roll-out.

The systems admin there just got it going as a full zero-touch rollout to their intune managed laptops.

Including split tunneling.

Working really great 😄 

---

@Roger_Beurskens wrote:

@Nash One customer is using your script as a base for their MS Intune always-on client vpn roll-out.

 

The systems admin there just got it going as a full zero-touch rollout to their intune managed laptops.

Including split tunneling.

 

Working really great 😄 

---

Thank you!! I'm so glad it helped. 

Hi, 

Is it possible to add all office 365 addresses as the $Destination or is it internal subnets only?

How does that work?

You can place anything in the VPN including public IP's. I route my LAN IP's, but I add in the Microsoft IP's as well so they go through the VPN back to home office. Anything added to the list will be sent back over the VPN then to it's destination. Below is one of the list I've used when I was originally sent the script.

$Data = 'XXX.XXX.0.0/24','XXX.XXX.11.0/24','XXX.XXX.6.0/24'
$Voice = 'XXX.XXX.0.0/24','1XXX.XXX.11.0/24','XXX.XXX.6.0/24'
$MS = '104.146.128.0/17','13.107.128.0/22','13.107.136.0/22','13.107.18.10/31','13.107.6.152/31','13.107.64.0/18',

'131.253.33.215/32','132.245.0.0/16','150.171.32.0/22',
'150.171.40.0/22','191.234.140.0/22','204.79.197.215/32','23.103.160.0/20','40.104.0.0/15','40.108.128.0/17','40.96.0.0/13','52.104.0.0/14','52.112.0.0/14','52.96.0.0/14',
'52.120.0.0/14'

Amazing, thank you so much for coming back so quickly..

I am trying to run that script but getting a PowerShell error 

Any ideas?

Thanks so much in advance

I'd need to see how the variable is writted, but are the IP's enclosed in sing quotes like 'XXX.XXX.XXX.XXX/24'

just updated it now... Does that help?

Thanks again!

What's the Destination Prefix parameter line 1 char 94 in the error?

I managed to do it in a slightly different way

Add-VpnConnectionRoute -ConnectionName "Meraki 5000" -DestinationPrefix "10.x.x.x/24" -PassThru
Add-VpnConnectionRoute -ConnectionName "Meraki 5000" -DestinationPrefix "192.x.x.x/23" -PassThru
Add-VpnConnectionRoute -ConnectionName "Meraki 5000" -DestinationPrefix "10.x.x.x/24" -PassThru
Add-VpnConnectionRoute -ConnectionName "Meraki 5000" -DestinationPrefix "44.x.x.x/32" -PassThru

THANK YOU SO MUCH FOR YOUR HELP!

Glad to hear it worked. I know it saved me a ton of time when it was given to me.