Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Requires -RunAsAdministrator
- <#
- .SYNOPSIS
- Add or remove the Algo VPN
- .DESCRIPTION
- Add or remove the Algo VPN
- See the examples for more information
- .PARAMETER Add
- Add the VPN to the local system
- .PARAMETER Remove
- Remove the VPN from the local system
- .PARAMETER GetInstalledCerts
- Retrieve Algo certs, if any, from the system certificate store
- .PARAMETER SaveCerts
- Save the Algo certs embedded in this file
- .PARAMETER OutputDirectory
- When saving the Algo certs, save to this directory
- .PARAMETER Pkcs12DecryptionPassword
- The decryption password for the user's PKCS12 certificate, sometimes called the "p12 password".
- Note that this must be passed in as a SecureString, not a regular string.
- You can create a secure string with the `Read-Host -AsSecureString` cmdlet.
- See the examples for more information.
- .EXAMPLE
- client_USER.ps1 -Add
- Adds the Algo VPN
- .EXAMPLE
- $p12pass = Read-Host -AsSecureString; client_USER.ps1 -Add -Pkcs12DecryptionPassword $p12pass
- Create a variable containing the PKCS12 decryption password, then use it when adding the VPN.
- This can be especially useful when troubleshooting, because you can use the same variable with
- multiple calls to client_USER.ps1, rather than having to type the PKCS12 password each time.
- .EXAMPLE
- client_USER.ps1 -Remove
- Removes the Algo VPN if installed.
- .EXAMPLE
- client_USER.ps1 -GetIntalledCerts
- Show the Algo VPN's installed certificates, if any.
- .EXAMPLE
- client_USER.ps1 -SaveCerts -OutputDirectory $Home\Downloads
- Save the embedded CA cert and encrypted user PKCS12 file.
- #>
- [CmdletBinding(DefaultParameterSetName="Add")] Param(
- [Parameter(ParameterSetName="Add")]
- [Switch] $Add,
- [Parameter(ParameterSetName="Add")]
- [SecureString] $Pkcs12DecryptionPassword,
- [Parameter(Mandatory, ParameterSetName="Remove")]
- [Switch] $Remove,
- [Parameter(Mandatory, ParameterSetName="GetInstalledCerts")]
- [Switch] $GetInstalledCerts,
- [Parameter(Mandatory, ParameterSetName="SaveCerts")]
- [Switch] $SaveCerts,
- [Parameter(ParameterSetName="SaveCerts")]
- [string] $OutputDirectory = "$PWD"
- )
- $ErrorActionPreference = "Stop"
- $VpnServerAddress = "111.111.111.111"
- $VpnName = "Algo VPN 111.111.111.111 IKEv2"
- $VpnUser = "vpn-user"
- $CaCertificateBase64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJxVENDQVUrZ0F3SUJBZ0lKQVBuOFg2TVI0d2ZlTUFvR0NDcUdTTTQ5QkFNQ01CWXhGREFTQmdOVkJBTU0KQ3pFMU5TNDBMalExTGpFNE1CNFhEVEU0TURVek1EQTNNekUwTkZvWERUSTRNRFV5TnpBM016RTBORm93RmpFVQpNQklHQTFVRUF3d0xNVFUxTGpRdU5EVXVNVGd3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVJmCk54VXgxaDk5WFVCSG5JRnVqdGdpcWVRMjlEUS9uajVoRlhtYjhUTFVqT2dtVWtQeU1OTkRIeHMxdDhjRGRvWjAKWHlzL2ZHbTkvSTlhZHFMSDhlV2NvNEdGTUlHQ01CMEdBMVVkRGdRV0JCUWlOUlhHSVdNMnE5VGgxaVE5cjhycwpiKzNOSHpCR0JnTlZIU01FUHpBOWdCUWlOUlhHSVdNMnE5VGgxaVE5cjhyc2IrM05INkVhcEJnd0ZqRVVNQklHCkExVUVBd3dMTVRVMUxqUXVORFV1TVRpQ0NRRDUvRitqRWVNSDNqQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWQKRHdRRUF3SUJCakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUVBMjJ0VlVVeDdpaHVieG0xc3RUYyttbnZFV2s3dwo2VEV1MGttdzJEbUZEcEFDSUc2UFg1QTRDaXV3R1U2NTRzTXZUUlZ2OTJ0cDNEeXJBRmMyTG5XZEhoNEYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ=="
- $UserPkcs12Base64 = "MIIEHwIBAzCCA+UGCSqGSIb3DQEHAaCCA9YEggPSMIIDzjCCAp8GCSqGSIb3DQEHBqCCApAwggKM
- AgEAMIIChQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI/g3tBeIK0SgCAggAgIICWDSlQLTo
- nZpHqcxunuGKWz5lDX/MjUeZvr/OPJzTfIh4l0oHh+0GECv0/1UTidQYsvKgo9v+VZHjK3sIrUj/
- eDMI3Y3TfpEOESflZFG73Ed+foQo33lBEe92CJGq65xt7k5He2pCrnn5PuiS/O+8fd5iDsoLzJwg
- LTPKs41DCARaHCMk0WvYIdaerJ9PhyQ7nxT0OBJmYj+rNQtH4xojBX6v9Ppzie+CX6HBDtE+H1/h
- Y5DBywXMtBp6fqjr+FQv0uz2UhfDTpQpZyOglrv0T8TKrUdnQtc69e96qMx3XEG4/5JY+vpcSa0b
- kgpbnbyAsFt54XamjEQPdvTjvTjtF8Gk1AMfzHjnL3D+g35/9LlGbd7XGrsJad6xnX4fBk7Dqdx2
- Y5DBywXMtBp6fqjr+FQv0uz2UhfDTpQpZyOglrv0T8TKrUdnQtc69e96qMx3XEG4/5JY+vpcSa0b
- vPXMYOWyMVUdTj8kpp/X+cj9aVQJakghjeuWK7SVSbNq+D9CqwpFg/xf44NwEhXW1j74tGVHXaVz
- sP+L8B3k8iHEOHWOt1yGd3/RT4QWrkguR+cv6VkjfZ8klnFlq4Ft5MhKmWVEUcRyOFUxKnZ8N6zj
- jtbqWUh9FXRg/3OzhOZW11WIlRbhamd5fAf7BMGbZgeSAAYZ7KjLUmaXWewp09nKOE61SwYlCSYx
- GoQ3e9TwIMecJxeNJ2hjHP9e+lWM8WDlqJg1U1gvjdectmkmh2KGK5eI31KM2rEBcekyjjmqa4yC
- QYNy5kuMp/5IvAzQCeUwllRTcon8X68aTTCCAScGCSqGSIb3DQEHAaCCARgEggEUMIIBEDCCAQwG
- CyqGSIb3DQEMCgECoIG0MIGxMBwGCiqGSIb3DQEMAQMwDgQINtyYN2NhCzICAggABIGQr0shF9LT
- MsbwG9YbqR1wOyoft7haS7DDly/mP6AcyluJI7nAObuf9I0CFjkajIusJbhmijUm/CANhYFcFwJS
- AymMTcVw1luiIcZfUObJD+jR2cmUiJ2wkblKps88kIwWoROQeuIcowOKDdA7UQiOx6wULH0ueAaa
- nisKt+wtwO8DfBY+OZoUYsnfuSB2mWQ0MUYwHwYJKoZIhvcNAQkUMRIeEAB2AHAAbgAtAG0AYQBr
- AHIwIwYJKoZIhvcNAQkVMRYEFLqDiS7oysXaLtYMF2K6sYJxO3yQMDEwITAJBgUrDgMCGgUABBRY
- OBJE6EONztNPQZ0j+20Lemr7uQQIiOZGy6nAvmwCAggA"
- if ($PsCmdlet.ParameterSetName -eq "Add" -and -not $Pkcs12DecryptionPassword) {
- $Pkcs12DecryptionPassword = Read-Host -AsSecureString -Prompt "Pkcs12DecryptionPassword"
- }
- <#
- .SYNOPSIS
- Create a temporary directory
- #>
- function New-TemporaryDirectory {
- [CmdletBinding()] Param()
- do {
- $guid = New-Guid | Select-Object -ExpandProperty Guid
- $newTempDirPath = Join-Path -Path $env:TEMP -ChildPath $guid
- } while (Test-Path -Path $newTempDirPath)
- New-Item -ItemType Directory -Path $newTempDirPath
- }
- <#
- .SYNOPSIS
- Retrieve any installed Algo VPN certificates
- #>
- function Get-InstalledAlgoVpnCertificates {
- [CmdletBinding()] Param()
- Get-ChildItem -LiteralPath Cert:\LocalMachine\Root |
- Where-Object {
- $_.Subject -match "^CN=${VpnServerAddress}$" -and $_.Issuer -match "^CN=${VpnServerAddress}$"
- }
- Get-ChildItem -LiteralPath Cert:\LocalMachine\My |
- Where-Object {
- $_.Subject -match "^CN=${VpnUser}$" -and $_.Issuer -match "^CN=${VpnServerAddress}$"
- }
- }
- function Save-AlgoVpnCertificates {
- [CmdletBinding()] Param(
- [String] $OutputDirectory = $PWD
- )
- $caCertPath = Join-Path -Path $OutputDirectory -ChildPath "cacert.pem"
- $userP12Path = Join-Path -Path $OutputDirectory -ChildPath "$VpnUser.p12"
- # NOTE: We cannot use ConvertFrom-Base64 here because it is not designed for binary data
- [IO.File]::WriteAllBytes(
- $caCertPath,
- [Convert]::FromBase64String($CaCertificateBase64))
- [IO.File]::WriteAllBytes(
- $userP12Path,
- [Convert]::FromBase64String($UserPkcs12Base64))
- return New-Object -TypeName PSObject -Property @{
- CaPem = $caCertPath
- UserPkcs12 = $userP12Path
- }
- }
- function Add-AlgoVPN {
- [Cmdletbinding()] Param()
- $workDir = New-TemporaryDirectory
- try {
- $certs = Save-AlgoVpnCertificates -OutputDirectory $workDir
- $importPfxCertParams = @{
- Password = $Pkcs12DecryptionPassword
- FilePath = $certs.UserPkcs12
- CertStoreLocation = "Cert:\LocalMachine\My"
- }
- Import-PfxCertificate @importPfxCertParams
- $importCertParams = @{
- FilePath = $certs.CaPem
- CertStoreLocation = "Cert:\LocalMachine\Root"
- }
- Import-Certificate @importCertParams
- } finally {
- Remove-Item -Recurse -Force -LiteralPath $workDir
- }
- $addVpnParams = @{
- Name = $VpnName
- ServerAddress = $VpnServerAddress
- TunnelType = "IKEv2"
- AuthenticationMethod = "MachineCertificate"
- EncryptionLevel = "Required"
- }
- Add-VpnConnection @addVpnParams
- $setVpnParams = @{
- ConnectionName = $VpnName
- AuthenticationTransformConstants = "GCMAES128"
- CipherTransformConstants = "GCMAES128"
- EncryptionMethod = "AES128"
- IntegrityCheckMethod = "SHA384"
- DHGroup = "ECP256"
- PfsGroup = "ECP256"
- Force = $true
- }
- Set-VpnConnectionIPsecConfiguration @setVpnParams
- }
- function Remove-AlgoVPN {
- [CmdletBinding()] Param()
- Get-InstalledAlgoVpnCertificates | Remove-Item -Force
- Remove-VpnConnection -Name $VpnName -Force
- }
- switch ($PsCmdlet.ParameterSetName) {
- "Add" { Add-AlgoVPN }
- "Remove" { Remove-AlgoVPN }
- "GetInstalledCerts" { Get-InstalledAlgoVpnCertificates }
- "SaveCerts" {
- $certs = Save-AlgoVpnCertificates -OutputDirectory $OutputDirectory
- Get-Item -LiteralPath $certs.UserPkcs12, $certs.CaPem
- }
- default { throw "Unknown parameter set: '$($PsCmdlet.ParameterSetName)'" }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement