1
00:00:02,540 --> 00:00:04,440
All right, let's proceed to the demonstration.

2
00:00:04,440 --> 00:00:08,390
And we'll deploy user and device tunnels using PowerShell.

3
00:00:08,390 --> 00:00:13,970
So to deploy Always On VPN client configuration settings using PowerShell,

4
00:00:13,970 --> 00:00:15,640
we need two things.

5
00:00:15,640 --> 00:00:18,670
The first is PowerShell, obviously,

6
00:00:18,670 --> 00:00:23,690
and you should have the AOVPN tools PowerShell module installed to do this.

7
00:00:23,690 --> 00:00:28,530
There is a PowerShell script on the Microsoft website that supports this.

8
00:00:28,530 --> 00:00:31,010
I would discourage you from using that.

9
00:00:31,010 --> 00:00:32,310
It's not very good.

10
00:00:32,310 --> 00:00:35,240
It doesn't follow implementation best practices.

11
00:00:35,240 --> 00:00:38,900
Also, it is not nearly as robust as my script,

12
00:00:38,900 --> 00:00:40,620
which I'll show you here in just a second.

13
00:00:40,620 --> 00:00:44,980
And my script is actually a part, it's a function in my PowerShell module,

14
00:00:44,980 --> 00:00:48,950
so we'll take a look at that.

15
00:00:48,950 --> 00:00:52,550
And specifically,

16
00:00:52,550 --> 00:00:55,030
the name of the module or the function that we're looking

17
00:00:55,030 --> 00:00:58,320
for in our module is New‑AovpnConnection.

18
00:00:58,320 --> 00:01:02,390
This function is used to install the XML configuration file,

19
00:01:02,390 --> 00:01:05,000
and it does so in a much more effective and efficient

20
00:01:05,000 --> 00:01:07,140
manner than the Microsoft tools.

21
00:01:07,140 --> 00:01:11,420
So, we also need this XML configuration file.

22
00:01:11,420 --> 00:01:13,310
Now, I've already created one here,

23
00:01:13,310 --> 00:01:16,920
so I'm going to take a look at that in Notepad.

24
00:01:16,920 --> 00:01:23,480
And this XML configuration file, I realize it might look a little bit daunting.

25
00:01:23,480 --> 00:01:26,140
It's actually fairly straightforward.

26
00:01:26,140 --> 00:01:29,920
You can actually find and you don't have to create this

27
00:01:29,920 --> 00:01:31,640
entire thing from scratch yourself.

28
00:01:31,640 --> 00:01:33,740
You can actually, if you go to my GitHub,

29
00:01:33,740 --> 00:01:36,640
so if you go to github.com/richardhicks,

30
00:01:36,640 --> 00:01:38,800
look in the aovpn repository.

31
00:01:38,800 --> 00:01:40,640
If you scroll down here in the middle,

32
00:01:40,640 --> 00:01:44,840
you will see there are a couple of sample files for XML files.

33
00:01:44,840 --> 00:01:48,020
So there's a ProfileXML for device and user.

34
00:01:48,020 --> 00:01:50,350
I would suggest you take a look at these,

35
00:01:50,350 --> 00:01:51,120
download them,

36
00:01:51,120 --> 00:01:55,130
and use them as a starting place because a lot of this has

37
00:01:55,130 --> 00:01:59,700
the settings explained and defines what the values are or

38
00:01:59,700 --> 00:02:00,730
what potential values are.

39
00:02:00,730 --> 00:02:02,520
We have some samples in here and so forth,

40
00:02:02,520 --> 00:02:05,820
and you can see what this content should look like.

41
00:02:05,820 --> 00:02:08,850
Now this file is a template, it is a starting point.

42
00:02:08,850 --> 00:02:10,370
You'll have to, of course,

43
00:02:10,370 --> 00:02:13,870
make some settings changes and adjustments to it as well.

44
00:02:13,870 --> 00:02:18,540
And by the way, if you have questions about what the supported values are,

45
00:02:18,540 --> 00:02:24,140
I would encourage you to take a look at the VPNv2 CSP reference.

46
00:02:24,140 --> 00:02:27,610
This is a reference document on the Microsoft website that

47
00:02:27,610 --> 00:02:30,760
outlines all of the information that's supported there and the

48
00:02:30,760 --> 00:02:33,230
correct syntax and format and whatnot.

49
00:02:33,230 --> 00:02:36,140
And you can find this by going to your favorite search

50
00:02:36,140 --> 00:02:40,760
engine and just typing in vpnv2csp, no spaces.

51
00:02:40,760 --> 00:02:45,480
It'll usually take you to this link here on the Microsoft website.

52
00:02:45,480 --> 00:02:51,610
And here if you scroll down, you'll see that this is the schema outline.

53
00:02:51,610 --> 00:02:56,180
So this is the order or the levels in which these

54
00:02:56,180 --> 00:02:59,390
specific settings would be defined.

55
00:02:59,390 --> 00:03:02,770
They can be moved around, but they have to be in this hierarchy.

56
00:03:02,770 --> 00:03:06,280
But if we scroll down farther, you'll see,

57
00:03:06,280 --> 00:03:07,890
for example,

58
00:03:07,890 --> 00:03:13,570
this is the setting for how the routes are configured and so

59
00:03:13,570 --> 00:03:16,480
what are the values supported here and whatnot.

60
00:03:16,480 --> 00:03:20,250
You'll also find things like, oh, there's an exclusion route.

61
00:03:20,250 --> 00:03:21,190
How does that work?

62
00:03:21,190 --> 00:03:25,700
What version of Windows is it supported and so forth.

63
00:03:25,700 --> 00:03:27,420
So there's lot of information here.

64
00:03:27,420 --> 00:03:29,470
This is a fantastic resource,

65
00:03:29,470 --> 00:03:33,010
and it's one that you'll probably be using quite a bit.

66
00:03:33,010 --> 00:03:38,130
But once you have this configured, we'll go and enter all of our information.

67
00:03:38,130 --> 00:03:40,970
And by the way, you'll see that there's a ton of information here,

68
00:03:40,970 --> 00:03:45,570
but this particular block of code here, everything in the EapHostConfig,

69
00:03:45,570 --> 00:03:49,940
and let me scroll down and show you everything here.

70
00:03:49,940 --> 00:03:54,820
Everything in this particular section is actually defined in our

71
00:03:54,820 --> 00:03:58,470
EapConfig XML that we exported in the previous lesson.

72
00:03:58,470 --> 00:04:03,390
If you recall, we ran the PowerShell command get EAP configuration.

73
00:04:03,390 --> 00:04:07,020
We saved that out to a file here on the desktop.

74
00:04:07,020 --> 00:04:11,180
And now what I've done is I've taken that information, and in the last lesson

75
00:04:11,180 --> 00:04:15,880
we pasted that into Intune. Here we're going to paste it into our XML

76
00:04:15,880 --> 00:04:20,070
configuration file between the Eap Configuration section.

77
00:04:20,070 --> 00:04:23,070
So when you download my template, this will be missing,

78
00:04:23,070 --> 00:04:26,940
and then all you have to do is just paste your information in there.

79
00:04:26,940 --> 00:04:30,680
But bottom line here is you can see I've set this to AlwaysOn is true.

80
00:04:30,680 --> 00:04:33,330
I've added my DnsSuffix.

81
00:04:33,330 --> 00:04:36,890
I've added my TrustedNetworkDetection information,

82
00:04:36,890 --> 00:04:40,590
my VPN servers and my ProtocolType and so forth.

83
00:04:40,590 --> 00:04:45,500
Down towards the bottom, you'll see that I have split tunneling enabled,

84
00:04:45,500 --> 00:04:47,610
I have disabled my ClassBasedDefaultRoute,

85
00:04:47,610 --> 00:04:49,930
which is the default recommendation.

86
00:04:49,930 --> 00:04:52,220
And I've added some routes to the tunnel.

87
00:04:52,220 --> 00:04:53,160
And here, of course,

88
00:04:53,160 --> 00:04:57,480
you can see that IPv6 is supported in the XML unlike it was in

89
00:04:57,480 --> 00:04:59,560
Intune because of that bug that I showed you.

90
00:04:59,560 --> 00:05:02,150
So if you're planning to use IPv6 then you'll,

91
00:05:02,150 --> 00:05:08,140
of course, need to provision Always On VPN using the XML route.

92
00:05:08,140 --> 00:05:10,240
So anyway, so getting back to our PowerShell.

93
00:05:10,240 --> 00:05:13,840
So now that once we have this configuration file saved,

94
00:05:13,840 --> 00:05:15,080
the profile XML,

95
00:05:15,080 --> 00:05:18,850
we're going to go ahead and install it using my PowerShell command here.

96
00:05:18,850 --> 00:05:25,570
So I'm going to run New‑AovpnConnection. I'm going to specify the

97
00:05:25,570 --> 00:05:33,540
xmlFilePath parameter and enter the path to the file.

98
00:05:33,540 --> 00:05:39,040
And then if you want, you can use the ProfileName switch and provide your

99
00:05:39,040 --> 00:05:42,840
own unique profile name, so that's how it appears in the Windows UI. By

100
00:05:42,840 --> 00:05:47,450
default, this function just creates a connection called Always On VPN, so

101
00:05:47,450 --> 00:05:48,670
I'm going to leave it at that.

102
00:05:48,670 --> 00:05:51,490
So at this point, I'm going to go ahead and hit Enter and let this

103
00:05:51,490 --> 00:05:55,310
run. And if everything goes according to plan and we don't have any

104
00:05:55,310 --> 00:05:57,860
problems with our XML configuration file,

105
00:05:57,860 --> 00:06:02,400
we should have a successful VPN creation. And since

106
00:06:02,400 --> 00:06:05,690
this client is in the field right now, it's outside the network,

107
00:06:05,690 --> 00:06:13,000
we should actually see that connection already established, and sure enough, Always On VPN Connected.