Solved: Re: Client VPN split tunneling? - Page 2

jon13 · ‎03-27-2018

Hello,

Is it possible for a Client VPN user to use split tunneling with their connection to a MX device?

Thanks, Jon

jon13 · ‎04-30-2018

PhilipDAth,

Thanks for the link. I'm using the VPN setup script and it is working great.

Questions:

1) If I use Meraki cloud authentication do I need the -DNSSuffix "[insert domain name]"? What is this for?

2) Meraki's documentation says to select "Require encryption (disconnect if server declines). Your script uses

-EncryptionLevel Optional. If I change it to -EncryptionLevel Required, I get an error saying / The current encryption selection requires EAP or MS-CHAPv2 logon security methods. PAP and CHAP do not support
Encryption settings 'Required' or 'Maximum'. : The parameter is incorrect.

Should I be worried about using the Optional encryption level?

Thanks, Jon1

Philip D'Ath · ‎04-30-2018

>If I use Meraki cloud authentication do I need the -DNSSuffix "[insert domain name]"? What is this for?

If you go "ping host", windows will append the DNS suffix to the host name to form a FQDN. If you are using Active Directory and want to be able to access hosts using just their name then you'll need this. Otherwise you wont need it.

>2) Meraki's documentation says to select "Require encryption

An IPSec VPN is bought up first, and then L2TP runs over it. Everything is encrypted, regardless of the option chosen.

jon13 · ‎05-15-2018

The PowerShell script is working on Windows 10 machines. Win 7 doesn't recognize the add-vpnconnection command. Do I need to add a module to PowerShell? I am running as Administrator. Or is there a different script for Win 7 machines?

Thanks, jon1

Philip D'Ath · ‎05-15-2018

You might need to update the version of Powershell you are using - or the OS. 🙂

Shaun Michelson · ‎03-10-2020

This is fantastic, thanks so much.

kijush.maharjan · ‎05-07-2020

So, every time we need to have new routes, we need to run a new script. This seems not possible for end-users who are not much technically sound.

is there any development that the routes be pushed from meraki??

Philip D'Ath · ‎05-07-2020

>So, every time we need to have new routes, we need to run a new script.

Yes. Hence why many people deploy this via group policy. Then you can update all the user machines easily.

joey.debra · ‎05-11-2020

You should use the powershell command Add-VpnConnectionRoute.

If you add a bunch of VpnConnectionRoutes to an already defined VpnConnection those routes will only be added when the VPN is dialed.

RONO1 · ‎05-15-2020

The script from ifm.net.nz is a great way to set up a split tunnel. I have tested it manually and it works but when I try to use the script I get the error “Unable to remove existing outdated instance(s)........ Any suggestions?

Philip D'Ath · ‎05-15-2020

Have you already for a VPN connection with the same name as you are trying to create?

Are you running it from an Administrative PowerShell?

RONO1 · ‎05-16-2020

I did create one manually with the same name but have deleted it to run the script.

Yes, I am running it from an administrative PowerShell?