How to use PowerShell for a IPSec VPN IKEv2 connection?

Question

To test an IPSec connection, I've used a client implementation StrongSwan with Ubuntu 16 without UI.

Is it possible to use only PowerShell to create and test the VPN connection?

Available assets:

public VPN endpoint i.e. IP
user name
password
PSK (private shared key)

Piotr Piotr · Accepted Answer · 2020-09-17T10:41:36

This script is for cert-auth but you can modify:

# Set these to the correct values
$server_address = "vpn.example.com"
$connection_name = "VPN Connection"
$certificate_path = "certificate.p12"
$ca_cert_path = "strongswanCert.pem"
$password = ConvertTo-SecureString -String "P12 passphrase" -AsPlainText -Force

# Import machine cert
Import-PfxCertificate -FilePath $certificate_path -CertStoreLocation Cert:\LocalMachine\My\ -Password $password

# Import CA root
Import-Certificate -FilePath $ca_cert_path -CertStoreLocation Cert:\LocalMachine\Root\

# Add VPN connection IKEv2 with machine cert
Add-VpnConnection -Name $connection_name -ServerAddress $server_address -TunnelType Ikev2 -EncryptionLevel Required -AuthenticationMethod MachineCertificate -AllUserConnection

# Add IPv6 default route (::/0 does not work)
Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix ::/1
Add-VpnConnectionRoute -ConnectionName $connection_name -DestinationPrefix 8000::/1

How to use PowerShell for a IPSec VPN IKEv2 connection?

1 Answers