Technical Blog of Francis Setash

Meraki VPN Deployment Part 2

Posted on — Oct 28, 2015

Well, humble pie time. But this is good stuff here. Turns out I missed one little teeny tiny flag in the Add-VpnConnection cmdlet. Oops. But this is good!

With PowerShell 4.0 you can deploy a fully functional Meraki VPN Client profile. AND you can setup split tunneling. Granted; you cant push all the VPN subnets from the Meraki side; but this works and works pretty well. _Meraki guys - _take note because this is way better than your documentation. So, first and foremost, let’s see about JUST adding a VPN Profile that’s compatible with Meraki gear in a single line:

Add-VpnConnection -L2tpPsk 'KEY' -name 'ConnectionName' -ServerAddress 'Endpoint IP or Host' -AllUserConnection -AuthenticationMethod Pap -TunnelType L2tp -Force

Cool. Easy. It was the L2tpPsk parameter that I’d missed. Darn it. Now lets talk about split tunneling. So, per the Meraki documentation:

Let’s see here:

Well, lets see here.. what else can we get done in PowerShell 4.0+?

Enter: **Add-VpnConnectionRoute **

Hm; well that’s something. But how does this compare to the route commands in the Meraki documentation? I wonder…

route What? So using the Add-VpnConnectionRoute does not add the route to the route table.

That’s strange. I wonder what happens when I connect to the VPN connection.. routes YES! But… it’s not listed as a persistent route. Does it survive a reboot? (Hint: Yes it does). So thats a whole lot of writing for basically two lines of PowerShell. I’m putting together a more-full script that’ll parse an XML file full of subnets and VPN paramters, which will be posted here once it’s firmed up! Until then, to deploy Meraki with split-tunneling via PowerShell 4.0+

Add-VpnConnection -L2tpPsk 'KEY' -name 'ConnectionName' -ServerAddress 'Endpoint IP or Host' -AllUserConnection -AuthenticationMethod Pap -TunnelType L2tp -SplitTunneling -Force
Add-VpnConnectionRoute -AllUserConnection -ConnectionName 'ConnectionName' -DestinationPrefix</pre>