Although the GUI method from the Settings app is an easy way to add and manage VPN connections, it does not allow you to configure all of the possible VPN settings. However using the Windows command line, you can manage it so much better through additional parameters and switches. In this article, we show you how to add, manage, and edit a VPN connection using PowerShell on a Windows computer.
Commands to Manage VPN Connection using Windows PowerShell
Before we begin with adding and managing VPN connects, let’s familiarize ourselves with some basic commands, what they do, and how you can use them.
Adding a New VPN Connection from PowerShell
To add a new VPN connection to Windows, the “Add-VpnConnection” cmdlet is used. This command is used in conjecture with different parameters that let you input the connection details. Here is a list of the useful parameters and their details:
-Name: Name of the VPN connection -ServerAddress: IP address or full name of the VPN server -TunnelType: Defines the security type of the VPN tunnel. You can choose from the following options: Automatic: Self-detect the tunnel type IKEv2: Internet Key Exchange PPTP: Point-to-Point tunneling L2TP: Layer 2 Tunneling Protocol /IPsec with a certificate or a Pre-shared key SSTP: Secure Socket Tunneling Protocol AuthenticationMethod: Defines the authentication type. You can choose from the following options: PAP CHAP MSChapv2 Eap MachineCertificate EncryptionLevel: Defines the encryption settings. You can choose from the following options: NoEncryption Optional Required Maximum Custom SplitTunneling: When enabled, traffic to destinations outside the intranet does not flow through the VPN tunnel UseWinlogonCredential: Use current user account credentials to authenticate AllUserConnecton: Adds VPN for all user accounts RememberCredential: This does not require you to add authentication credentials every time to connect PassThru: Displays a command output
The list does not end here. You will find more parameters and their details on this page.
Get VPN Connection Details using PowerShell
To retrieve details on existing VPN connections, use the “Get-VpnConnection” cmdlet. This lets you fetch details on all as well as specific VPN connections on your user account, and global VPNs (across all user accounts). Here is a list of the useful parameters and their details that can be used with Get-VpnConnection: Note: The Get-VpnConnection cmdlet can be used without any switches or parameters to retrieve details on all existing VPN connections.
-Name: To get the details of a specific VPN connection -AllUserConnection: To fetch details from the global phone book. -CimSession: To fetch VPN details from a remote computer
These are the most useful parameters you should know about when fetching VPN details through PowerShell. To learn more about the Get-VpnConnection cmdlet, refer to this Microsoft page.
Edit VPN Connection using PowerShell
To edit an existing/added VPN connection using PowerShell, the “Set-VpnConnection” cmdlet is used. It has the same parameters as the Add-VpnConnection cmdlet discussed above, because you can edit almost all of the VPN settings. Using the Set-VpnConnection cmdlet along with the parameters, you can change any setting of an existing VPN profile. the syntax to do so is also similar to the Add-VpnConnection command. Example commands have been shown further ahead in this article.
Delete VPN Profile using PowerShell
To remove/delete a VPN connection on your Windows computer using PowerShell, you need to use a different cmdlet. The “Remove-VpnConnection” can be used to delete a VPN profile directly from the command line. It can also be used to remove multiple VPN profiles together in one cmdlet. The following list of parameters can be used with this cmdlet:
-Name: Name of the VPN connection to delete. Multiple names can be entered in inverted commas separated by commas. -Force: Enforced the removal -AllUserConnection: The VPN profile is from the global phone book. -CimSession: To remove a VPN profile from a remote computer.
More parameters can be used with the Remove-VpnConnection. To learn more about them, refer to this Microsoft post. This concludes our journey to understanding the various cmdlet to manage VPN connections on a Windows computer from PowerShell. Let us now continue to see how to use these in a real environment to better understand the command’s syntaxes.
How to Add New VPN Connection using PowerShell
Let us start at the very beginning; adding a new VPN connection from PowerShell. When adding a VPN connection from the settings app, we need to provide the connection name, server name, VPN type, authentication method, and the details for the authentication method (username, password, etc.). Let us see how to add a new VPN connection with the same details using the Add-VpnConnection cmdlet. Use the command below while replacing the variables (in square[] brackets) as per your specifications. In the command syntax above, the variables are given in the square brackets. You can use the given guide above about the Add-VpnConnection cmdlet to learn how to use these parameters or look at the following image to see how we used this command to create a new VPN profile: In this example, we have created a new, global VPN profile by the name “TestVPN,” whose server address is “vpn.itechtics.com,” its type is set to “Automatic” with “PAP” authentication, is configured to remember the user credentials once entered, and is set to give an output to this command. Here is another example of adding a new L2TP VPN profile to the computer: In this example, we have created an L2TP VPN profile with mandatory encryption, and the MSChapv2 authentication method. This VPN will be authenticated using the user account credentials. You can now play around with the parameters and add new VPN profiles of different authentication and encryption types using a single command in PowerShell. Use the guide given above for Add-VpnConnection to learn about the different parameters.
How to Connect, Dial VPN Connection using PowerShell
Once you have added a new VPN connection and set the required details, you can now connect to it too, using just the Command Line Interface. Connecting to an added VPN connection is easy. Use the following command syntax to connect to a VPN: The system will now attempt to connect to the provided VPN server. When the connection will be established, you will be asked for the credentials (if connecting for the first time). Enter the credentials and continue to enjoy the VPN connection.
How to Get VPN Details using PowerShell
If you are looking to retrieve VPN details using PowerShell, that can also be done. To get the details for all VPN connections added to your user account, run the following cmdlet: To get the details on all global VPN connections, use this command instead: To fetch the details on a specific VPN profile in the current user account, use the -Name parameter, as in this command: To get the details on a specific global VPN profile, you need to use both -Name and -AllUserConnection parameters: You can also get the details on multiple VPN profiles using the following command syntax. Remember to include or remove the -AllUserConnection parameter if the VPN connections are global or user-specific:
How to Modify VPN Connection in PowerShell
Just as adding new VPN connections to your PC, you can also change their details from PowerShell. However, to modify any part of an existing VPN profile, you need to use the Set-VpnConnection command. As mentioned earlier, this command uses similar parameters to the Add-VpnConnection cmdlet, so that you can modify almost everything in an existing VPN profile. Here are a few examples to make changes to a VPN connection from Windows PowerShell: Note: Remember to use the -AllUserConnection parameter where the VPN connection is global.
Change the server name of an existing global VPN connection and show the output: Set-VpnConnection -Name “[VPNConnectionName]” -ServerAddress “[NewVPNServerAddressOrIP]” -AllUserConnection -PassThru Change VPN server from PowerShell Change the L2TP VPN connection type to IKEv2 and show the output: Set-VpnConnection -Name “[VPNConnectionName]” -TunnelType IKEv2 -Force -AuthenticationMethod “Eap” -AllUserConnection –PassThru Change global VPN encryption type and authentication method
As you can see from the examples above, the syntax of the commands to modify existing VPN profiles is very much similar to adding new ones. You only need to method the parameters and the variables that you wish to overwrite.
How to Remove, Delete VPN Connection using PowerShell
To delete or remove a CPN connection from your computer using PowerShell, you must use the Remove-VpnConnection cmdlet. This cmdlet can be used with different parameters to remove single or multiple VPN profiles from your computer. Here are a few examples of deleting VPN profiles using PowerShell:
Use this cmdlet to delete a single, user-specific VPN profile from PowerShell: Remove-VpnConnection -Name “[VPNConnectionName]” -Force -PassThru Delete a user-specific VPN profile using PowerShell Use the following cmdlet to delete multiple global VPN profiles Remove-VpnConnection -Name “[VPNConnectionName1]” , “[VPNConnectionName2]” , “[VPNConnectionName1]” -Force -PassThru -AllUserConnection Remove multiple global VPN profiles from PowerShell
Conclusion
This article shows different methods to create/add, edit, fetch, and remove VPN connection profiles from your Windows computer. Contrary to using the Settings app, managing your VPN connections using PowerShell is a breeze – most of the operations can be completed with a single command. If you are a sysadmin who occasionally has to deal with Virtual Private Networks, then this guide post will come in handy to manage them as needed.
