Help with pre-logon IKEv2 VPN

Hello everyone, I am having a lot of trouble getting the pre-logon function to work. I am following the guide from watchguard support center here:

https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bopASAQ

I've taken the pre-configured powershell script from the firebox, which works perfectly, but as soon as I try to add -AllUserConnection to allow VPN connection on the login screen I get this error:

"The configuration cannot be applied to the global user VPN connection VPN Name. : The system
could not find the phone book entry for this connection."

I've manually moved the phone book entries like suggested in this post on spiceworks:

https://community.spiceworks.com/topic/2284129-windows-10-2004-l2tp-vpn-the-system-could-not-find-the-phone-book-entry

I've tried running the shell as admin, logging in as admin then running the script, I've tried manually running each command in the script myself. I've tried creating the VPN then trying to add -AllUserConnection afterwards but I just keep getting the same error.

I'll paste in the powershell script here incase I'm missing something but again it works perfectly until I just add -AllUserConnection.

Any suggestions would be greatly appreciated!

function PrintError ($message) {
Write-Host $message -ForegroundColor Red -BackgroundColor Black
}

function SetIPSecConfiguration () {
Set-VpnConnectionIPsecConfiguration -ConnectionName 'VPN Name' -AuthenticationTransformConstants 'SHA196' -CipherTransformConstants 'AES256' -DHGroup 'Group14' -EncryptionMethod 'AES256' -IntegrityCheckMethod 'SHA256' -PfsGroup 'None' -Force
}

function AddVPNConnection () {
try {
Add-VpnConnection -Name 'VPN Name' -ServerAddress 'x.x.x.x' -TunnelType 'IKEv2' -EncryptionLevel 'Required' -AuthenticationMethod Eap -RememberCredential -AllUserConnection -Force
SetIPSecConfiguration
Write-Host "Created the 'VPN Name' VPN connection"
} catch {
PrintError "Error in creating the 'VPN Name' VPN connection!"
PrintError $_.Exception.Message
}
}

function UpdateVPNConnection () {
try {
Set-VpnConnection -Name 'VPN Name' -ServerAddress 'x.x.x.x' -TunnelType 'IKEv2' -EncryptionLevel 'Required' -AuthenticationMethod Eap -AllUserConnection -Force -WarningAction SilentlyContinue
SetIPSecConfiguration
Write-Host "Updated the 'VPN Name' VPN connection"
} catch {
PrintError "Error in updating the 'VPN Name' VPN connection!"
PrintError $_.Exception.Message
}
}

$vpn = Get-VpnConnection -Name 'VPN Name' -ErrorAction SilentlyContinue
if ($vpn -and ($vpn.Name -eq 'VPN Name')) {
PrintError "A VPN connection with the name 'VPN Name' is already configured on your system."
$message = "Do you want to update the existing 'VPN Name' VPN connection?"
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Updates the 'VPN Name' VPN connection."
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Exit without updating."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
$result = $host.ui.PromptForChoice('', $message, $options, 0)
switch ($result) {
0 {UpdateVPNConnection}
1 {PrintError "The existing ‘VPN Name’ VPN connection was not updated. Remove or rename the existing VPN connection and run the script again."}
}
} else {
AddVPNConnection
}
exit

Comments

Sign In to comment.