How to specify DNS server for a VPN Connection by PowerShell? - windows

I am fairly new to PowerShell so please forgive me if the question looks stupid.
I am trying to configure VPN Connections using PowerShell. With the help of PowerShell ISE, I have no trouble creating a VPN connection and configuring VPN specifics. However I also need to set the DNS server of this VPN to 8.8.8.8, a task of which none of the cmdlets in VpnClient module is capable. I figured that all the settings in "Networking" tab is not accessed by VpnClient module so I tried DnsClient, NetAdapter,NetTCPIP and NetConnection, but the commands in these module all need a parameter called either Name or InterfaceAlias.
I successfully changed the DNS Configuration of my Ethernet Adapter by Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 8.8.8.8,8.8.4.4. However, if I give my vpn name to -InterfaceAlias option then PowerShell gives out an error, saying it cannot find such InterfaceAlias.
I listed all interfaces on my Windows but there's no sign of any vpn connection.
All helps are appreciated, thank you!
Thanks to #DavidBrabant, it seems that it is a bug that Microsoft has not fixed since Windows Vista. I then followed one of the solutions on that kb article: using .Net Class.
The result is still the same as before: no sign of any vpn connection. My input and output look like this:
PS C:\WINDOWS\system32> [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces().NetworkInterfaceType
Wireless80211
Wireless80211
Ethernet
Loopback
Tunnel
Tunnel
I haven't tried the second resolution which is "Use the GetAdaptersAddresses API" because I don't know how. Anyone knows? Or did I miss something from the .Net framework?

Since I can't comment and/or +1 anything because of switching to new account. I want to mention that above Antonio's solution works just fine. You have to use common sense and understand things a little more. I will elaborate on Antonio's message. Understand that the people who are answering you are either coding professionals or IT professionals. So they answer in assumption you are one as well. Please do not -1 anything if you haven't tried it and don't understand it. ASK they will help you and explain more if needed.
Set-DnsClientServerAddress -InterfaceAlias Corporate -ServerAddresses 8.8.8.8
Let's break this down. So what is this saying?
Set-DnsClientServerAddress
This is assuming you're already connected to the VPN. as Antonio actually mentioned.
you have to connect to the VPN first
Ok now that we have the understanding that this command through powershell assumes we're connected to the VPN (Only 1 by the way not more than 1).
Let's tackle the rest of the command.
-InterfaceAlias Corporate
Ok so those who code undestand that -InterfaceAlias is a Parameter to the Set-DnsClientServerAddress command. Then following that parameter you have attributes. Now that attribute can either be TEXT (aka a String) or a boolean value (aka $True or $False). So in this case he is saying that his vpn is called Corporate. Now with most Windows stuff. Windows will accept strings un quoted if it's all 1 word. However if your VPN Name has a space in it then it will not accept it. you would have to encapsulate your string with quotes. for example.
-InterfaceAlias "My VPN"
So in this case you need to know what your VPN Name is. If you don't know what your VPN Name is, please go to the following location.
Control Panel -> Netwok and Sharing Center -> Change Adapter Settings (left hand side) -> net find your VPN Adapter.
Alright so the last bit.
-ServerAddresses 8.8.8.8
So this ServerAddresses property is already strictly data typed to an IP address or multiple IP addreseses. So in this case you would need to know the DNS Server you wish to request DNS resolution from and replace it (8.8.8.8 = Google outside DNS server). So for example
-ServerAddresses 10.1.10.254
Now this will set the DNS server to be 10.1.10.254 for this VPN Adapter.
Kill the VPN and then start it up again. Open a command prompt and type the following
ipconfig/all
This will show you all your current adapters. For your VPN adapter it should show your updated DNS. If you still can't resolve DNS names it possibly has to do with your Type of DNS server and you will have to probably specify a DNS suffix manually as well. See the following article for more details.
https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working
Hope this helped. Sometimes us Senior IT guys just don't have the time to type it all out for business owners and/or new to the trade IT personnel.
-Grafix

To be able to change the interface DNS of a windows VPN you have to connect to the VPN first then use the PS command
Set-DnsClientServerAddress -InterfaceAlias Corporate -ServerAddresses 8.8.8.8
I did it and after that I was able to join the windows 10 to the domain; also first you have to create the VPN using the PS command
Add-VpnConnection -Name "My VPN" -ServerAddress "x.x.x.x" -TunnelType Pptp -EncryptionLevel Required -AuthenticationMethod MSChapv2 -AllUserConnection -RememberCredential -PassThru

Related

How to specify DNS server for a VPN connection by PowerShell without first being connected to the VPN?

I am a newbie at PowerShell but wouldn't ask without spending a ton of time looking online first.
Is there any possible way of specifying ipv4 DNS Server (and alternate) without being connected to the VPN first?
I am installing VPN profile for a business which I can do manually but there is close to 180 users which I am trying to implement through a PowerShell script in Endpoint Configuration Manager. I am obviously trying to work smarter, not harder.
I already have the Add-VpnConnection script down which works great but I still have to manually change the Primary and Alternate DNS for ipv4.
In addition, I would like to turn off ipv6 for this VPN but that coincides with this originally problem I am running across.
Any help or ideas down the right path would be much appreciated!

Can not join to active directory

I installed ws2016 server as a domain controller on virtualbox using internal network .
Everything was successfully installed about active directory and i created domain name as 'stark.local'
Also i created another ws2016 on virtualbox using internal network and I want to join new virtual machine to my domain controller.
Can ping dns server(which is my domain controller) and also Firewall off, no anti-virus installed.
However when i try to join dc it gives below error;
what i realized that i can not make nslookup to my dns server ip.
Even if on domain controller can not nslookup its self.
ipconfig of Domain Controller
ipconfig of node1;
I had no hair now and need your help.
Finally solved!
The problem was using internal network. I changed to host-only network and it worked.
AC DC
Using public IP addresses will always get you in trouble, try changing them to something like:
192.168.1.10 & 192.168.1.20
(Please read entire answer before modifying)
Also, i would recommend checking this link on the official microsoft forum. I know it's from windows 7, but i think the main problem you have is with the DNS configuration and it's very well explained there.
I'll summarise the link above here:
#Meinolf Weber's answer
If domain machines contain public DNS servers as 200.88.127.23 and 196.3.81.5 you will always have trouble.
Remove them on ALL domain machines and run ipconfig /flushdns and ipconfig /registerdns and reboot clients and domain member servers and restart the netlogon service on DCs instead reboot.
For internet access please configure the FORWARDERS in the DNS server properties in the DNS management console with the public DNS servers.
Explanation:
You can't join a machine to the domain using public IP because it is trying to locate your domain to the public IP which has not information of the private build domain.
Use only local IP in the clients NIC.
Hope it helps, if not please give more detailed information of the issue as well as the DNS configuration (screenshot or whatever you can).
EDIT 1: also check "time settings" on both machines, i know it might seem silly, but that sometimes gives DNS and DC issues. Check IPv6, could be another probable cause of the issues you're having (Go to the network and sharing center, modify the properties of the NIC and unselect TCP/IPv6).
I'd check first IPv6, that'll save you work if it's only that.
EDIT 2: again, i would recommend changing the IPs (if possible) to another network, as long as the 169.254.x.x is used (assigned) when there's no DHCP server, but as you say they can ping to each other, it may not be necessary the problem.
I can see there's no router in the network but, a Windows Server should be providing DHCP, otherwise things like DNS suffix don't work.
So check that:
- You have the DNS role installed and configured to support AD.
SOLVED on answer below
The explanation i would give for this is that "secure communication" is an often requirement, thing that internal network doesn't provide.

Windows 10, Set-NetConnectionProfile with Index changes all Networks

In Windows 10 64bit I use the command Set-NetConnection Profile -InterfaceIndex 30 -NetworkCategory Private in the Powershell and it changes all network connections which had the same profile as the interface with index 30.
My Question: Why does this command change all networks?
They are all virtual networks, but I tried the same on another PC with two physical adapters and the same thing happens.
networks before change
the command I am entering
networks after change : i.stack.imgur.com/WW4Iy.png
I found technet.microsoft.com/en-us/library/jj899565.aspx (sorry reputation) and it says The Set-NetConnectionProfile cmdlet changes the network category setting of a connection profile. A connection profile represents a network connection.
Could it be that a connection profile is representating more than one network connection?
Edit:
They are all not identified Networks.
When you change something for unindentified networks, because these networks are unindentified, they are not given a connection profile, this means any change is applied to all unidentified networks.
What you need to do is to make them identified. Identification relies on having a gateway address. One trick is to add a second IP to the interface, usually just 1 before the broadcast address for the subnet, and then assign that address as the gateway. This makes Windows automatically identify the network (using your own machine's characteristics), and then allow you to set a firewall profiles to it, and other details.
I have created a powershell script that makes this easy: https://gist.github.com/CMCDragonkai/dbd2d94840cdaf79d3f6964bbd58e92f
Try it!

Putty error : Unable to open connection to hostname : Host does not exist

I am using Putty to ssh into some of the servers that I work on. I am able to connect all others except the one. Although I was able to connect to it before. Whenever I try connecting to it, it always give me error:
Unable to open connection on myhost: Host does not exist
My firewall is off and I have even re-installed putty but that did not fix it. When I tried connecting to the same server using putty on some other windows system, I was able to do so. I searched regarding this on Internet but did not find much relevant.
I am running putty on Windows 7.
What can be the possible issue?
As I understand you have three computers involved. At the same time one connection is working and the other one fails. So we can exclude that the ssh daemon on your linux box is hanging.
In lack of knowing their real names I will call your computers linuxbox (this is the computer you want to ssh into), win7ok (that is the computer that you are able to ssh from using putty) and win7fail (that obviously is the computer you can't connect from).
Please do a tracert from both Win7 computers:
tracert linuxbox.your.domain
tracert linuxbox
Add the results to your question as it will help us find out what is happening.
Perhaps it is also a good idea to determine the ip address of the linuxbox from win7ok:
ping linuxbox
or
nslookup linuxbox
Then try to connect from win7fail by using the ip address of the target computer, perhaps it is only a DNS problem (which might be as nmap is failing too).
To make all of this easier to understand for us please provide the real names of the computers as you use them in putty.
For me the problem was with the Url of the reposity. Check remote URL. It must start with git#github.com, not https://.
I used nslookup and then used the ip address it gave me to connect and it worked
I had a similar problem with GitExtensions. The solution was to remove the https url and replace it with git#gitlab....
WRONG:
GOOD:
I just went through this. I have a Cisco VPN I need to use to get through to the Linux machine I wanted to login to and check.
No Putty session would get through using the machines name.
An nslookup on the windows machine yielded the correct address.
I too connected right in via the ip address.
I tried to Google the error and it failed, so I suspected the wireless.
Disconnected and reconnected my WiFi and all was good.
I did it fast enough that open connections stayed open.
And new connections refering to DNS names worked fine.
Seems like maybe some cached DNS addresses were stale.
Your DNS cache stores the locations (IP addresses) of web servers that contain web pages which you have recently viewed. If the location of the web server changes before the entry in your DNS cache updates, you can no longer access the site.
Following CLI command will do the trick:
ipconfig /flushdns

Self Hosted WebApi Accessible over LAN

Very new to the Self Host WebApi, but I am very impressed with its ease of use and extendability. At least through this tutorial. Everything I've done so far works on my development machine whether I use localhost, 127.0.0.1, or my LAN Ip (192.168.0.x) but I am baffled why I can't access the service from any other computer even others in the same subnet.
In short after going through the tutorial on the machine where it is running:
Browsing to
localhost:3636/api/products/
results in the expected xml return.
On another machine on the LAN browsing to:
192.168.0.x:3636/api/products/
results in a timeout
Data points for those who might know how this all interacts:
1.) My dev machine(192.168.0.x, server, host whatever you want to call it) has IIS on it; I was so paranoid it was in the way that I stopped it via the Administration GUI
2.) I have reserved the URL/Port with the following command line executions:
>netsh http add urlacl url=http://+:3636/ user=DOMAIN\USER listen=yes delegate=yes
>netsh http add urlacl url=http://192.168.0.x:3636/ user=DOMAIN\USER listen=yes delegate=yes
2.b) I've tried both of those together and individually, and tried changing the user to "everyone" to no avail
3.) I have tried to change the code in the tutorial to set the
config.HostNameComparisonMode = HostNameComparisonMode.Exact //default is Strong Wildcard
4.) I can successfully ping and tracert to 192.168.0.x from other machines on the LAN
5.) A friend recommended I setup a TCPListener and ensure I could telnet to that to eliminate the firewall as a possibility. If that logic is sound, the firewall isn't the problem
EDIT: Thanks for your help, here's another data point that I believe confirms it's not a firewall issue. I previously posted this connection when behind a rather obtuse (at least to a non Certified guy like me) Juniper Firewall/Router. I have since redone the tutorial on another machine (without IIS) on my home network and still cannot publish the service to other computers within my LAN. Any ideas?
Well it wasn't the hardware firewall, it was the windows firewall! yikes i wasted a bunch of time on that. Once I turned off the windows firewall (the code runs in an intranet anyway) everything worked.
Anyone know of a good site that explains how firewalls and wireshark interact; or i suppose that just has to be one's first test.
I would try a couple things:
First off, get rid of the HostNameComparisonMode line. That might actually disable requests coming from other machines.
If things still don't work, try getting rid of the URL ACLs and run your application as an administrator and see if that works. If that works, you may be able to add the URL ACL back on and not have to run as an administrator. You should only need the one with '+' as the hostname.
I faced the same problem when i tried to self host using OWIN. What worked for me was -
Run Visual Studio as an Admin
Remove any and all netsh urlacl port registrations that I had added while debugging this issue
Add a inbound rule to my windows firewall
I followed the instructions on this link
https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/firewall-instructions
Check out the section - To enable a port range in advance
That's it! I was able to call my api from other computers on the network.
Hope this helps...

Resources