Always On VPN Part 2 – Trigger Scripts

Always On VPN Part 2 – Trigger Scripts

23 March 2023 Windows 0

In this section, I will describe the scripts that will be used to run as Task Scheduler tasks. The solution is based on two PowerShell scripts:

  1. Connect-DeviceTunnel.ps1: This script is responsible for establishing the Device Tunnel connection.
  2. Connect-UserTunnel.ps1: This script is responsible for establishing the User Tunnel connection.

The scripts should be triggered with a delay of a few seconds, in this case, it is set to 5 seconds. This allows you to avoid issues with triggering the scripts using the Task Scheduler, which I will explain in more detail in the next part of the post.

Both scripts contain three variables:

  1. $SITEnet: This variable stores the name of the network in branch offices. Once this value is detected, the tunnel will not be established.
  2. $DeviceTunnel: This variable stores the status of the Device Tunnel connection.
  3. $UserTunnel: This variable stores the status of the User Tunnel connection.

Based on the above variables, the script for the Device Tunnel performs the following actions:

  1. If the Device Tunnel status is already connected, the script does nothing and exits.
  2. If the User Tunnel status is connected, the script does nothing and exits.
  3. If the network name is different than the one defined (indicating that you are outside the company branch), the script executes the command to establish the Device Tunnel.

Similarly, based on the same variables, the script for the User Tunnel works as follows:

  1. If the User Tunnel status is already connected, the script does nothing and exits.
  2. If the Device Tunnel status is connected, the script executes the command to establish the User Tunnel.
  3. If the network name is different than the one defined (indicating that you are outside the company’s branch), the script executes the command to establish the User Tunnel.

The configuration assumes that only one tunnel is established at a time. Thus:

  1. Before the user logs in, the Device Tunnel is established.
  2. After the user logs in, the User Tunnel is established, and the Device Tunnel is disconnected.

Device Tunnel Script

timeout 5
$SITEnet = Get-NetConnectionProfile | select name | ForEach-Object {$_.name}
$DeviceTunnel = Get-VpnConnection -AllUserConnection -Name "Always On VPN (Device Tunnel)" | select ConnectionStatus | ForEach-Object {$_.ConnectionStatus}
$UserTunnel = Get-VpnConnection -AllUserConnection -Name "Always On VPN (User Tunnel)" | select ConnectionStatus | ForEach-Object {$_.ConnectionStatus}


if ($DeviceTunnel -eq 'Connected') {
exit
}
else {
}

if ($UserTunnel -eq 'Connected') {
exit
}
else {
}

if ($SITEnet -eq 'ad.site.pl') {
}
else {
timeout 5
rasdial "Always On VPN (Device Tunnel)"
timeout 5
}

User Tunnel Script

$SITEnet = Get-NetConnectionProfile | select name | ForEach-Object {$_.name}
$DeviceTunnel = Get-VpnConnection -AllUserConnection -Name "Always On VPN (Device Tunnel)" | select ConnectionStatus | ForEach-Object {$_.ConnectionStatus}
$UserTunnel = Get-VpnConnection -AllUserConnection -Name "Always On VPN (User Tunnel)" | select ConnectionStatus | ForEach-Object {$_.ConnectionStatus}

if ($UserTunnel -eq 'Connected') {
exit
}
else {
}

if ($DeviceTunnel -eq 'Connected') {
timeout 5
rasdial "Always On VPN (User Tunnel)" 
exit
}
else {
}

if ($SITEnet -eq 'ad.site.pl') {
}
else {
timeout 5
rasdial "Always On VPN (User Tunnel)" 
timeout 5
}

In the next post I will show how to use the created files for automation based on the Task Scheduler.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

©  2023 Admin Center. Built using WordPress and OnePage Express Theme.