How To Add, Manage VPN Connection In Windows Using PowerShell

How To Add Manage VPN Connection In Windows Using PowerShellHow To Add Manage VPN Connection In Windows Using PowerShell

Both the Windows 10 and Windows 11 operating systems have only one convenient way to setting up a VPN connection, which is through the Settings app. Even if you go through the legacy Control Panel, it will redirect you to the Settings app.

Although the GUI method from the Settings app is an easy way to add and manage VPN connections, it does not allow you to configure all of the possible VPN settings. However using the Windows command line, you can manage it so much better through additional parameters and switches.

In this article, we show you how to add, manage, and edit a VPN connection using PowerShell on a Windows computer.

Commands to Manage VPN Connection using Windows PowerShell

Before we begin with adding and managing VPN connects, let’s familiarize ourselves with some basic commands, what they do, and how you can use them.

Adding a New VPN Connection from PowerShell

To add a new VPN connection to Windows, the “Add-VpnConnection” cmdlet is used. This command is used in conjecture with different parameters that let you input the connection details. Here is a list of the useful parameters and their details:

  • -Name: Name of the VPN connection
  • -ServerAddress: IP address or full name of the VPN server
  • -TunnelType: Defines the security type of the VPN tunnel. You can choose from the following options:
    • Automatic: Self-detect the tunnel type
    • IKEv2: Internet Key Exchange
    • PPTP: Point-to-Point tunneling
    • L2TP: Layer 2 Tunneling Protocol /IPsec with a certificate or a Pre-shared key
    • SSTP: Secure Socket Tunneling Protocol
  • AuthenticationMethod: Defines the authentication type. You can choose from the following options:
    • PAP
    • CHAP
    • MSChapv2
    • Eap
    • MachineCertificate
  • EncryptionLevel: Defines the encryption settings. You can choose from the following options:
    • NoEncryption
    • Optional
    • Required
    • Maximum
    • Custom
  • SplitTunneling: When enabled, traffic to destinations outside the intranet does not flow through the VPN tunnel
  • UseWinlogonCredential: Use current user account credentials to authenticate
  • AllUserConnecton: Adds VPN for all user accounts
  • RememberCredential: This does not require you to add authentication credentials every time to connect
  • PassThru: Displays a command output

The list does not end here. You will find more parameters and their details on this page.

Get VPN Connection Details using PowerShell

To retrieve details on existing VPN connections, use the “Get-VpnConnection” cmdlet. This lets you fetch details on all as well as specific VPN connections on your user account, and global VPNs (across all user accounts).

Here is a list of the useful parameters and their details that can be used with Get-VpnConnection:

Note: The Get-VpnConnection cmdlet can be used without any switches or parameters to retrieve details on all existing VPN connections.

  • -Name: To get the details of a specific VPN connection
  • -AllUserConnection: To fetch details from the global phone book.
  • -CimSession: To fetch VPN details from a remote computer

These are the most useful parameters you should know about when fetching VPN details through PowerShell. To learn more about the Get-VpnConnection cmdlet, refer to this Microsoft page.

Edit VPN Connection using PowerShell

To edit an existing/added VPN connection using PowerShell, the “Set-VpnConnection” cmdlet is used. It has the same parameters as the Add-VpnConnection cmdlet discussed above, because you can edit almost all of the VPN settings.

Using the Set-VpnConnection cmdlet along with the parameters, you can change any setting of an existing VPN profile. the syntax to do so is also similar to the Add-VpnConnection command.

Example commands have been shown further ahead in this article.

Delete VPN Profile using PowerShell

To remove/delete a VPN connection on your Windows computer using PowerShell, you need to use a different cmdlet. The “Remove-VpnConnection” can be used to delete a VPN profile directly from the command line. It can also be used to remove multiple VPN profiles together in one cmdlet.

The following list of parameters can be used with this cmdlet:

  • -Name: Name of the VPN connection to delete. Multiple names can be entered in inverted commas separated by commas.
  • -Force: Enforced the removal
  • -AllUserConnection: The VPN profile is from the global phone book.
  • -CimSession: To remove a VPN profile from a remote computer.

More parameters can be used with the Remove-VpnConnection. To learn more about them, refer to this Microsoft post.

This concludes our journey to understanding the various cmdlet to manage VPN connections on a Windows computer from PowerShell. Let us now continue to see how to use these in a real environment to better understand the command’s syntaxes.

How to Add New VPN Connection using PowerShell

Let us start at the very beginning; adding a new VPN connection from PowerShell.

When adding a VPN connection from the settings app, we need to provide the connection name, server name, VPN type, authentication method, and the details for the authentication method (username, password, etc.).

Let us see how to add a new VPN connection with the same details using the Add-VpnConnection cmdlet. Use the command below while replacing the variables (in square[] brackets) as per your specifications.

Add-VpnConnection -Name "[VPNConnectionName]" -ServerAddress "[ServerNameOrIP]” -TunnelType [VPNType] -AuthenticationMethod [AuthMethod] -RememberCredential -AllUserConnection -PassThru

In the command syntax above, the variables are given in the square brackets. You can use the given guide above about the Add-VpnConnection cmdlet to learn how to use these parameters or look at the following image to see how we used this command to create a new VPN profile:

Add a new VPN connection using PowerShell
Add a new VPN connection using PowerShell

In this example, we have created a new, global VPN profile by the name “TestVPN,” whose server address is “vpn.itechtics.com,” its type is set to “Automatic” with “PAP” authentication, is configured to remember the user credentials once entered, and is set to give an output to this command.

Here is another example of adding a new L2TP VPN profile to the computer:

Add-VpnConnection -Name "[VPNConnectionName]" -ServerAddress "[ServerNameOrIP]" -TunnelType [VPNType] -Force -EncryptionLevel "[LevelOfEncryption]" -AuthenticationMethod "MSChapv2" -UseWinlogonCredential -RememberCredential -AllUserConnection –PassThru
Add a new L2TP VPN connection using PowerShell
Add a new L2TP VPN connection using PowerShell

In this example, we have created an L2TP VPN profile with mandatory encryption, and the MSChapv2 authentication method. This VPN will be authenticated using the user account credentials.

You can now play around with the parameters and add new VPN profiles of different authentication and encryption types using a single command in PowerShell. Use the guide given above for Add-VpnConnection to learn about the different parameters.

How to Connect, Dial VPN Connection using PowerShell

Once you have added a new VPN connection and set the required details, you can now connect to it too, using just the Command Line Interface.

Connecting to an added VPN connection is easy. Use the following command syntax to connect to a VPN:

rasdial "[VPNConnectionName]"

The system will now attempt to connect to the provided VPN server. When the connection will be established, you will be asked for the credentials (if connecting for the first time). Enter the credentials and continue to enjoy the VPN connection.

How to Get VPN Details using PowerShell

If you are looking to retrieve VPN details using PowerShell, that can also be done. To get the details for all VPN connections added to your user account, run the following cmdlet:

Get-VpnConnection
Get details on all VPN connections on current user using PowerShell
Get details on all VPN connections on current user using PowerShell

To get the details on all global VPN connections, use this command instead:

Get-VpnConnection -AllUserConnection
Get details on all global VPN connections
Get details on all global VPN connections

To fetch the details on a specific VPN profile in the current user account, use the -Name parameter, as in this command:

Get-VpnConnection -Name "[VPNConnectionName]"
Get details on specific VPN profile of current user in PowerShell
Get details on specific VPN profile of current user in PowerShell

To get the details on a specific global VPN profile, you need to use both -Name and -AllUserConnection parameters:

Get-VpnConnection -Name "[VPNConnectionName]" -AllUserConnection
Get details on speific global VPN profile in PowerShell
Get details on speific global VPN profile in PowerShell

You can also get the details on multiple VPN profiles using the following command syntax. Remember to include or remove the -AllUserConnection parameter if the VPN connections are global or user-specific:

Get-VpnConnection -Name "[VPNConnectionName1]" , "[VPNConnectionName2]" , "[VPNConnectionName3]" -AllUserConnection
Get details on multiple global VPN connections using PowerShell
Get details on multiple global VPN connections using PowerShell

How to Modify VPN Connection in PowerShell

Just as adding new VPN connections to your PC, you can also change their details from PowerShell. However, to modify any part of an existing VPN profile, you need to use the Set-VpnConnection command.

As mentioned earlier, this command uses similar parameters to the Add-VpnConnection cmdlet, so that you can modify almost everything in an existing VPN profile. Here are a few examples to make changes to a VPN connection from Windows PowerShell:

Note: Remember to use the -AllUserConnection parameter where the VPN connection is global.

  • Change the server name of an existing global VPN connection and show the output:

    Set-VpnConnection -Name "[VPNConnectionName]" -ServerAddress "[NewVPNServerAddressOrIP]" -AllUserConnection -PassThru
    Change VPN server from PowerShell
    Change VPN server from PowerShell
  • Change the L2TP VPN connection type to IKEv2 and show the output:

    Set-VpnConnection -Name "[VPNConnectionName]" -TunnelType IKEv2 -Force -AuthenticationMethod "Eap" -AllUserConnection –PassThru
    Change global VPN encryption type and authentication method
    Change global VPN encryption type and authentication method

As you can see from the examples above, the syntax of the commands to modify existing VPN profiles is very much similar to adding new ones. You only need to method the parameters and the variables that you wish to overwrite.

How to Remove, Delete VPN Connection using PowerShell

To delete or remove a CPN connection from your computer using PowerShell, you must use the Remove-VpnConnection cmdlet. This cmdlet can be used with different parameters to remove single or multiple VPN profiles from your computer.

Here are a few examples of deleting VPN profiles using PowerShell:

  • Use this cmdlet to delete a single, user-specific VPN profile from PowerShell:

    Remove-VpnConnection -Name "[VPNConnectionName]" -Force -PassThru
    Delete a user specific VPN profile using PowerShell
    Delete a user-specific VPN profile using PowerShell
  • Use the following cmdlet to delete multiple global VPN profiles

    Remove-VpnConnection -Name "[VPNConnectionName1]" , "[VPNConnectionName2]" , "[VPNConnectionName1]" -Force -PassThru -AllUserConnection
    Remove multiple global VPN profiles from PowerShell
    Remove multiple global VPN profiles from PowerShell

Conclusion

This article shows different methods to create/add, edit, fetch, and remove VPN connection profiles from your Windows computer. Contrary to using the Settings app, managing your VPN connections using PowerShell is a breeze – most of the operations can be completed with a single command.

If you are a sysadmin who occasionally has to deal with Virtual Private Networks, then this guide post will come in handy to manage them as needed.

If you liked this post, Share it on:
Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information