none
PowerShell v6 EapConfigXmlStream Issue in VPNClient Module RRS feed

  • Question

  • I am trying to add a VPN connection in PowerShell and figured out all the other switches, but I am new to PowerShell and can't find anything that I can understand about EapConfigXmlStream and without it in the command the command fails.

    PS C:\Windows\system32> Add-VpnConnection -Name Test-VPN -ServerAddress "URL" -TunnelType L2tp -EncryptionLevel Maximum -AuthenticationMethod MsChapv2 -SplitTunneling $True -AllUserConnection $False -L2tpPsk "Key" -RememberCredential $False -UseWinLogonCredential $False -EapConfigXmlStream  -PassThru

    Add-VpnConnection : Missing an argument for parameter 'EapConfigXmlStream'. Specify a parameter of type 'System.Xml.XmlDocument' and try again.
    At line:1 char:280
    + ... tial $False -UseWinLogonCredential $False -EapConfigXmlStream  -PassT ...
    +                                               ~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Add-VpnConnection], ParameterBindingException
        + FullyQualifiedErrorId : MissingArgument,Add-VpnConnection

    I am using MsChapv2 in the Win 10 Pro client and not using any EAP setting.

    I also tried setting it up manually in Win 10 Pro and modifying it with the following only to get:

    PS C:\Windows\system32> Set-VpnConnectionIPsecConfiguration -ConnectionName Castle_VPN -AuthenticationTransformConstants None -CipherTransformConstants AES256 -DHGroup Group14 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2 -AllUserConnection $False -PassThru True

    Set-VpnConnectionIPsecConfiguration : A positional parameter cannot be found that accepts argument 'False'.
    At line:1 char:1
    + Set-VpnConnectionIPsecConfiguration -ConnectionName Castle_VPN -Authe ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-VpnConnectionIPsecConfiguration], ParameterBindingException
        + FullyQualifiedErrorId : PositionalParameterNotFound,Set-VpnConnectionIPsecConfiguration

    I have all the hardening settings working in the client except I want to bump SHA 1 up to SHA 256, so getting this Set-VpnConnectionIPsecConfiguration to work gets me where I want to go per a security post I found. 

    Then using another command got:

    PS C:\Windows\system32> Set-VpnConnection -Name Castle_VPN -ServerAddress castlesedona.dlinkddns.com -TunnelType L2tp -EncryptionLevel Maximum -AuthenticationMethod MsChapv2 -SplitTunneling $True -AllUserConnection $False -L2tpPsk "Key" -RememberCredential $False -UseWinlogonCredential $False -EapConfigXmlStream  -IdleDisconnectSeconds 1800 -PassThru

    Set-VpnConnection : Missing an argument for parameter 'EapConfigXmlStream'. Specify a parameter of type 'System.Xml.XmlDocument' and try again.
    At line:1 char:281
    + ... tial $False -UseWinlogonCredential $False -EapConfigXmlStream  -IdleD ...
    +                                               ~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Set-VpnConnection], ParameterBindingException
        + FullyQualifiedErrorId : MissingArgument,Set-VpnConnection



    Additional Information: I added Registry entry:  HKLM\SYSTEM\CurrentControlSet\Services\RasMan\ NegotiateDH2048_AES256 Data Type:  Reg_DWORD Value:  2
    • Edited by Rafisher1 Tuesday, October 2, 2018 3:48 AM
    Tuesday, October 2, 2018 3:36 AM

Answers

  • For specific PowerShell question, you’d better ask for assistance from PowerShell forum directly,

    https://social.technet.microsoft.com/Forums/windows/en-US/home?forum=winserverpowershell

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. 

    Thanks for your understanding and cooperating.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Rafisher1 Wednesday, October 3, 2018 11:53 PM
    Wednesday, October 3, 2018 5:06 AM
    Moderator

All replies