Sekers

VPN_Profile_DeviceTunnel.ps1

Apr 15th, 2020
3,768
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # NOTES
  2. # And sorry... you will have to do a find and replace as this script was created very quickly and a lot of items are hard-coded.
  3. #
  4. # Change "COMPANYNAME" to your company name.
  5. # Change your routes and traffic filter ranges (I used random ones below).
  6. # Change your server(s) list.
  7. # Change trusted network detection domain.
  8. # Make any other desired changes to $ProfileXML variable.
  9.  
  10. ###################################
  11.  
  12. # Set Version of Settings. Increase the version number to redeploy updates.
  13. $VPNVersion = "1.0"
  14.  
  15. # Check if already updated to latest version
  16. if ($null -eq (Get-ItemProperty -Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN" -Name $VPNVersion -ErrorAction SilentlyContinue))
  17. {
  18.   Write-Host "Latest Version Not Installed. Will attempt to install..."
  19. }
  20. else
  21. {
  22.   Write-Host "Latest Version Already Installed. Exiting..."
  23.   Exit
  24. }
  25.  
  26. $ProfileName = 'COMPANYNAME Device AlwaysOn VPN'
  27. $ProfileNameEscaped = $ProfileName -replace ' ', '%20'
  28.  
  29. $ProfileXML = '
  30. <VPNProfile>
  31.  <NativeProfile>
  32.    <Servers>ao.COMPANYNAME.com</Servers>
  33.    <NativeProtocolType>IKEv2</NativeProtocolType>
  34.    <Authentication>
  35.      <MachineMethod>Certificate</MachineMethod>
  36.    </Authentication>
  37.    <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
  38.    <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
  39.  </NativeProfile>
  40.  <Route>
  41.    <Address>172.16.0.0</Address>
  42.    <PrefixSize>16</PrefixSize>
  43.  </Route>
  44.  <Route>
  45.    <Address>172.17.0.0</Address>
  46.    <PrefixSize>16</PrefixSize>
  47.  </Route>
  48.  <TrafficFilter>
  49.    <RemoteAddressRanges>172.16.0.0/16,172.17.0.0/16</RemoteAddressRanges>
  50.  </TrafficFilter>
  51.  <AlwaysOn>true</AlwaysOn>
  52.  <TrustedNetworkDetection>COMPANYNAME.org</TrustedNetworkDetection>
  53.  <DeviceTunnel>true</DeviceTunnel>
  54.  <RegisterDNS>true</RegisterDNS>
  55. </VPNProfile>
  56. '
  57.  
  58. $ProfileXML = $ProfileXML -replace '<', '&lt;'
  59. $ProfileXML = $ProfileXML -replace '>', '&gt;'
  60. $ProfileXML = $ProfileXML -replace '"', '&quot;'
  61.  
  62. $nodeCSPURI = './Vendor/MSFT/VPNv2'
  63. $namespaceName = "root\cimv2\mdm\dmmap"
  64. $className = "MDM_VPNv2_01"
  65.  
  66. $session = New-CimSession
  67. try
  68. {
  69.   $deleteInstances = $session.EnumerateInstances($namespaceName, $className)
  70.   foreach ($deleteInstance in $deleteInstances)
  71.   {
  72.     $InstanceId = $deleteInstance.InstanceID
  73.     if ("$InstanceId" -eq "$ProfileNameEscaped")
  74.     {
  75.       $session.DeleteInstance($namespaceName, $deleteInstance)
  76.       $Message = "Removed $ProfileName profile $InstanceId"
  77.       Write-Host "$Message"
  78.     }
  79.     else
  80.     {
  81.       $Message = "Ignoring existing VPN profile $InstanceId"
  82.       Write-Host "$Message"
  83.     }
  84.   }
  85. }
  86. catch [Exception]
  87. {
  88.   $Message = "Unable to remove existing outdated instance(s) of $ProfileName profile: $_"
  89.   Write-Host "$Message"
  90.   exit
  91. }
  92.  
  93. try
  94. {
  95.   $newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
  96.   $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", "$nodeCSPURI", 'String', 'Key')
  97.   $newInstance.CimInstanceProperties.Add($property)
  98.   $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", "$ProfileNameEscaped", 'String', 'Key')
  99.   $newInstance.CimInstanceProperties.Add($property)
  100.   $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ProfileXML", "$ProfileXML", 'String', 'Property')
  101.   $newInstance.CimInstanceProperties.Add($property)
  102.  
  103.   $session.CreateInstance($namespaceName, $newInstance)
  104.  
  105.   # COMPANYNAME EDIT TO TRACK VERSION INSTALLS FOR DEPLOYMENT SCRIPT
  106.   if (-not (Test-Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN"))
  107.   {
  108.     New-Item -Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN" -Force
  109.   }
  110.   Set-ItemProperty -Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN" -Name $VPNVersion -Value $(Get-Date -Format "yyyy-MM-dd-HHmmss")
  111.  
  112.   $Message = "Created $ProfileName profile."
  113.   Write-Host "$Message"
  114. }
  115. catch [Exception]
  116. {
  117.   $Message = "Unable to create $ProfileName profile: $_"
  118.   Write-Host "$Message"
  119.   exit
  120. }
  121.  
  122. $Message = "Complete."
  123. Write-Host "$Message"
RAW Paste Data