Forum

Posts by bquick (bquick)

bquick
bquick
Posts: 18

I guess as an enhancement request would be for the entry creation to catch the error and alert as to inability to create this type of entry versus the half baked RDP entry that it shows.

Thanks.

5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18


The specific path in RDM:

Administration > Settings “System Setting” > New dialog box.

Applications > Type Availability > Session > VPN – Must be checked.

That solved it.

Thanks.

5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18

I am working with Alexandre Belisle on an upgrade to 2019 on the server so he likely has many of the details, if not let me know what details you want me to provide?

5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18

Unchecked all VPN add-on and did a restart now it shows no VPN entries under VPN with the filter installed.
Restarted client and installed them all back in Add-on manager and did another restart.
Now all show as installed in Add-on manager.

Same behavior when trying to create VPN entry.

5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18

All VPN client entries show the same behavior and all VPN clients show as installed in Add-on Manager.

All other entry types seem to operate properly.

Thanks.


5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18

One note: If I switch to a local datasource I can get the right entry screen to appear, make the entry, export the entry, and import the entry but clearly that is not a good solution so I believe it is likely a settings issue not a bug.
Any help is appreciated!

Thanks.

5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18

Version 2019.1.34.0 64bit
I am Administrator (from AD) and trying to create Cisco Anyconnect VPN entry.
Click "New Entry" > VPN > Cisco AnyConnect VPN Client" but the entry window that opens is MS RDP.
Both with datasource on-line and offline same results. We have existing AnyConnect entries and right clicking does not have a duplicate option.
Not sure if it is a setting or a bug or what but any help is appreciated!

Thanks.

5 mths No matter what entry type I select to create I always end up with MS RDP
bquick
bquick
Posts: 18

I had a PM about adding L2TP VPN connections and if the script was needed so I thought I would add that here.

REDACTED wrote:


Hi Brent,

I am searching on how to establish L2TP connection, or add it to RDM. Is there a way to add a connection, which is established by Windows (active VPN tunnel, so to say), by simply clicking add somewhere?

I found your PowerShell and thought of a simpler method to add VPNs to RDM. What do you think, would that be possible or it is too complex?


Are you asking, "I already have setup the L2TP VPN connection and just want to add it to RDM, can I do so without the PowerShell script?"

The answer is yes, it is already in RDM, since RDM looks at the phonebook.pbk when you add a Windows VPN entry.
I have had issues where it will not "see the connection" when editing but it does show all entries in the drop down list.
Pick the one you want and if you have already saved credentials in the connection, they may not work. I believe RDM will try and pass based on the RDM entry but cannot access the Windows saved credentials. I have not tried it to be sure so this is more a sceptical/safe note then something I am certain about.

The problem/reason for the script is that for a distributed group of users each one has to have identical entries in their person phonebook. The script insures they set them up in an identical way.

12 mths How to set a preshared key for Microsoft Windows VPN?
bquick
bquick
Posts: 18

@Izak - I dropped an updated script and some other information in the other thread so check it again if you do not see my response in it.

Thanks.

2 yrs Add support for preshared key for VPN
bquick
bquick
Posts: 18

Maurice,

I believe that you could fire off the create script since it does check for the existence of the connection name and then have it open the VPN.

See this article about "auto connect" at boot time --> https://www.magnumvpn.com/powershell_auto_connect_vpn.html

Open VPN PS commands


while ($true) { $vpnname = "YOURVPNCONNECTIONNAME" $vpnusername = "YOURUSERNAME" $vpnpassword = "YOURPASSWORD" $vpn = Get-VpnConnection | where {$_.Name -eq $vpnname} if ($vpn.ConnectionStatus -eq "Disconnected") { $cmd = $env:WINDIR + "\System32\rasdial.exe" $expression = "$cmd ""$vpnname"" $vpnusername $vpnpassword" Invoke-Expression -Command $expression } start-sleep -seconds 30 }

You would need a return code (try/catch) in case of errors and it is becoming something of a Rube Goldberg process but I will put some time to it and see if I can link the open script to the create script and get an effective process. Might also want to "remove" the VPN connection on close since as there is a user with 98 VPN connections and that really clogs up the "Network Picker" in Windows 10 since it shows all VPN connections.


Updates to the script:

1) If you need to allow splittunnel connection add "-SplitTunneling " after the "-TunnelType L2TP" and before "-L2tpPsk"


We setup most as split tunnel but sometimes Windows does not do the route part unless you add the manual ROUTE entry.

2) I had to an additional element to the script for users, who did not know what to do about the the security warning returned on the -Force parameter that eliminates requirement for encryption on the PSK
Revised script below.


# Run from elevated PowerShell session
# May need to run commented line below and answer 'A' OR 'Y'
# set-executionpolicy -executionpolicy unrestricted
$wshell = New-Object -ComObject Wscript.Shell
$ServerAddress = 'IP or FQDN'
$ConnectionName = 'String Name'
$PresharedKey = 'String PSK'
$Exists = Get-VpnConnection -Name $ConnectionName -ErrorAction SilentlyContinue -ErrorVariable ProcessError;

If ($ProcessError) {
$wshell.Popup($ConnectionName + ' - Does Not Exists',0,'Creating',0x0)
$Exists = $False
}
If ($Exists -eq $False){
$ServerAddress = $ServerAddress
$PresharedKey = $PresharedKey
Add-VpnConnection -RememberCredential -Name $ConnectionName -ServerAddress $ServerAddress -TunnelType L2tp -L2tpPsk $PresharedKey -AuthenticationMethod Pap -Force
$wshell.Popup('Warning message about encryption level expected.',0,'Done',0x0)
} Else {
$wshell.Popup($ConnectionName + ' - VPN Connection Already Exists',0,'Done',0x0)
}
Exit


3) Finally, if someone want more information on the Add-VpnConnection command here is the MS page --> https://docs.microsoft.com/en-us/powershell/module/vpnclient/add-vpnconnection?view=win10-ps

Thank you.

2 yrs How to set a preshared key for Microsoft Windows VPN?
bquick
bquick
Posts: 18

Marc-Andre - I was not asking about Wayk Now ability to replace GoToAssist, that is for me to determine but I was trying to understand how to setup and connect to a Wayk Now running in unattended mode.

I have the email response to the support request as well.

Summary:
1) Install unattended mode using Admin/RDP group member account.
2) Record ID for client.
3) Open Wayk Now client and enter recorded ID to connect.

No way to add to RDM a Wayk Now unattended connection at this time?

Thanks

2 yrs Wayk Now and RDM integration for unattended access or something else to manage/connect?
bquick
bquick
Posts: 18

Looking to see if Wayk Now can replace GoToAssist for unattended access and possibly remote live support, but need to know how to manage unattended clients - is it RDM or another interface Wayk Den?

Thanks.

2 yrs Wayk Now and RDM integration for unattended access or something else to manage/connect?
bquick
bquick
Posts: 18

To close the loop on this, the PSK seems to be a magical "Windows" value that cannot be contained in the PBK file. If the user(s) creates the identical VPN entry on their PC (aided by PowerShell script) then you can set RDM to use the "default phonebook" which is per user. Then, since the connection is named the same and the PSK was added by PowerShell the normal credential inheritance rules work. Somewhat of a Rube Goldberg means to solve the problem but workable. I believe the documentation is going to be updated to note that multi-user deployments will need these or similar additional steps.

Thanks David for the help.

For those with Meraki Client VPN's here is the PowerShell I use to create the local VPN. The user does not need to run it via Windows or put in credentials (presuming RDM is providing) before using in RDM.

Note code wraps after {"Optional" -} so need to make single line or put "`" backtick to show continuation.

$ServerAddress = "IP/FQDN"
$ConnectionName = "NAME"
$PresharedKey = "SUPER SECURE STRING"
Add-VpnConnection -RememberCredential -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -EncryptionLevel "Optional" -AuthenticationMethod Pap -Force -SplitTunneling -AllUserConnection -L2tpPsk "$PresharedKey"

3 yrs Add support for preshared key for VPN
bquick
bquick
Posts: 18

This support document seems to indicate that it does but my test disagrees.

https://help.remotedesktopmanager.com/#_ga=2.53528872.1447728215.1499884013-1118398213.1485962029

3 yrs Add support for preshared key for VPN
bquick
bquick
Posts: 18

Old thread but important. Meraki MX firewalls do not use a VPN client but use L2TP with PSK so this problem is going to be a bigger issue moving forward if it has not been solved.

Thanks David.

3 yrs Add support for preshared key for VPN
bquick
bquick
Posts: 18

I cannot really see the use (for me) without the ability to connect to machines off LAN or VPN.

I presume you will need a gateway server to handshake the connection or similar.

I look forward to then.

4 yrs Connection to remote systems?
bquick
bquick
Posts: 18

I did not have the credentials checked on export. I was able to do a proper export and import. Now it is a matter of working with the group/role security settings. We expect three classes of uses (exclude admin) full consultants who can do most anything but delete. Limited consultants who can use most connections but not edit or view credentials. And contractors who can use only assigned connections and see very little detail.
Roles seems to be the right level of detail for this while groups seems to be a way of working with users separate from the roles but it is not clear. I have a security groups and roles but assigning someone to either or both doesn't seem to change the user's rights in the server console display. Will do separate forum post if I cannot resolve.

Thanks

4 yrs Push personal vault in to DS instance?
bquick
bquick
Posts: 18

Been a solo user for a few years and have convinced boss to take a look. I have setup the server, SQL, SSL, AD integration, and security groups. I exported and imported selected entries, but the credential information (details) got dropped. The entries are there but the username, domain, passwords are not. I did not have security groups setup in local but do have in DS. Not sure if they were there when I did first import. So to sum it up, what can I do to push my personal repository with full details but selected entries into the DS for use by others?

Thanks

4 yrs Push personal vault in to DS instance?