Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Posted already about this, but it seems to have disappeared!
- I created an XML file using your post, but the one I created doesn't appear to have included any certificate information within it. (Detail appended)
- The XML file included in the Azure Portal VPN Client download does have a <CaCert> tag but this does not seem to have been included in the output XML.
- This was the exact Powershell I ran (all information sanitised):-
- #
- # This was created using information found here - https://msfreaks.wordpress.com/2020/02/17/deploying-a-windows-10-vpn-profile-from-intune-for-azure-vpn-gateway-basic-sku/
- #
- $Name = "xxx-vNet"
- $Server = "azuregateway-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-xxxxxxxxxxxx.vpn.azure.com"
- $DnsSuffix = "xxx.local"
- $OutputFile = "$($env:TEMP)\VPNv2_Profile.xml"
- $RouteConfig = @("<Route><Address>192.168.10.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.20.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.30.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.40.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.50.0</Address><PrefixSize>24</PrefixSize></Route>")
- @("<VPNProfile>
- <ProfileName>$($Name.ToLower())profile</ProfileName>
- <!-- the dns suffix to use for the vpn adapter -->
- <DnsSuffix>$DnsSuffix</DnsSuffix>
- <NativeProfile>
- <!-- the azure vpn gateway address goes here -->
- <Servers>$Server</Servers>
- <!-- for azure vpn gateway basic sku this must be Automatic -->
- <NativeProtocolType>SSTP</NativeProtocolType>
- <Authentication>
- <!-- this must be eap and a valid eap configuration must be supplied -->
- <UserMethod>Eap</UserMethod>
- <Eap>
- <Configuration>
- <!-- sabm eap configuration taken from template profile -->
- $((Get-VpnConnection -Name $Name).EapConfigXmlStream.InnerXml)
- </Configuration>
- </Eap>
- </Authentication>
- <!-- activate splittunnel configuration -->
- <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
- <!-- disable class based default route -->
- <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
- </NativeProfile>
- <RememberCredentials>true</RememberCredentials>
- <!-- add route config for this connection -->
- $RouteConfig
- </VPNProfile>") | Out-File -FilePath $OutputFile
- XML File downloaded from Azure Portal - VPNSettings.xml:-
- <?xml version="1.0"?>
- <VpnProfile xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <VpnServer>azuregateway-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-xxxxxxxxxxxx.vpn.azure.com</VpnServer>
- <VpnType>SSTP,IkeV2</VpnType>
- <CaCert>MIErzCCApexxxx=...........................................=xxxxOh3nSnKS3nsnEIM</CaCert>
- <Routes>192.168.10.0/24,192.168.20.0/24,192.168.40.0/24,192.168.30.0/24,192.168.50.0/24</Routes>
- <Auth>EAPTLS</Auth>
- <VnetName>xxx-vNet</VnetName>
- <VnetId>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</VnetId>
- <ServerCertRootCn>DigiCert Global Root CA</ServerCertRootCn>
- <ServerCertIssuerCn>DigiCert Global Root CA</ServerCertIssuerCn>
- <VpnClientAddressPool>10.20.0.0/24</VpnClientAddressPool>
- <AadIssuer />
- <AadTenant />
- <AadAudience />
- </VpnProfile>
- XML File created by the script - VPNv2_Profile.xml:-
- <VPNProfile>
- <ProfileName>xxx-vnetprofile</ProfileName>
- <!-- the dns suffix to use for the vpn adapter -->
- <DnsSuffix>xxx.local</DnsSuffix>
- <NativeProfile>
- <!-- the azure vpn gateway address goes here -->
- <Servers>azuregateway-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-xxxxxxxxxxxx.vpn.azure.com</Servers>
- <!-- for azure vpn gateway basic sku this must be Automatic -->
- <NativeProtocolType>SSTP</NativeProtocolType>
- <Authentication>
- <!-- this must be eap and a valid eap configuration must be supplied -->
- <UserMethod>Eap</UserMethod>
- <Eap>
- <Configuration>
- <!-- sabm eap configuration taken from template profile -->
- <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSelection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><DifferentUsername>false</DifferentUsername><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName></EapType></Eap></Config></EapHostConfig>
- </Configuration>
- </Eap>
- </Authentication>
- <!-- activate splittunnel configuration -->
- <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
- <!-- disable class based default route -->
- <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
- </NativeProfile>
- <RememberCredentials>true</RememberCredentials>
- <!-- add route config for this connection -->
- <Route><Address>192.168.10.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.20.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.30.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.40.0</Address><PrefixSize>24</PrefixSize></Route>
- <Route><Address>192.168.50.0</Address><PrefixSize>24</PrefixSize></Route>
- </VPNProfile>
Add Comment
Please, Sign In to add comment