InstallByVpn method of the PS_RemoteAccess class

  • Article

This cmdlet does the following 1. Performs pre-requisite checks for DirectAccess to ensure that it can be installed2. Installs DirectAccess for remote access (includes management of remote clients) or for management of remote clients only3. Installs VPN (both Remote Access VPN and site-to-site VPN).

Syntax

uint32 InstallByVpn(
  [in]  string             VpnType,
  [in]  string             ComputerName,
  [in]  string             IPAddressRange[],
  [in]  string             RadiusServer,
  [in]  boolean            Legacy,
  [in]  string             SharedSecret,
  [in]  uint32             RadiusTimeout,
  [in]  uint8              RadiusScore,
  [in]  uint16             RadiusPort,
  [in]  string             MsgAuthenticator,
  [in]  boolean            PassThru,
  [in]  string             IPv6Prefix,
  [in]  string             EntrypointName,
  [out] RemoteAccessCommon cmdletOutput
);

Parameters

VpnType [in]

The type of VPN to installed. You can set this value to Vpn or VpnS2S.

ComputerName [in]

IPv4/IPv6 address or hostname of the machine on which the remote access server machine specific tasks should be executed.

IPAddressRange [in]

Specifying this parameter indicates that static pool IPv4 addressing should be enabled. The parameter contains an IP address range (consisting of a start IP and an end IP) from which IP addresses are allocated to VPN clients. In load balancing scenario only static pool IPv4 addressing is supported for VPN (DHCP address assignment is not supported). Hence it is mandatory to specify this parameter and an IPv4 address range should be provided for every node in the cluster. The address are specified in the following format: StartIPRange1, EndIPRange1, StartIPRange2, EndIPRange2, StartIPRange3, EndIPRange3 ... Essentially the start and end IPs of each of the ranges are specified one after the other and separated by commas.

RadiusServer [in]

IPv4/IPv6 address or hostname of the RADIUS server that is to be used for authentication. Specifying this parameter indicates that Radius authentication should be used for VPN.

Legacy [in]

true to install the legacy stack.

Windows Server 2012 R2 and Windows Server 2012: This parameter is not supported before Windows Server 2016.

SharedSecret [in]

Shared secret between the Remote Access server and the specified external RADIUS server which is required for successful communication between the two servers. Note that the secret is specified in clear text. It is mandatory to specify this parameter if a Radius server is being configured for authentication.

RadiusTimeout [in]

The value is specified in seconds. Default is 5 secs. This parameter is applicable only when a Radius server is being configured for authentication.

RadiusScore [in]

Indicates the initial score. The default is 30. This parameter is applicable only when a Radius server is being configured for authentication.

RadiusPort [in]

Indicates the port number on which the RADIUS server is accepting authentication requests. Default is 1813. This parameter is applicable only when a Radius server is being configured for authentication.

MsgAuthenticator [in]

Indicates whether usage of message authenticator should be enabled or disabled. Can take one of the following values. 1. Enabled 2. Disabled. By default it is disabled. This parameter is applicable only when a Radius server is being configured for authentication.

PassThru [in]

Specifying PassThru returns the Remote Access object which contains the entire Remote Access (DA and VPN) configuration. This cmdlet doesn't generate an object by default.

IPv6Prefix [in]

Specifying this parameter enables IPv6 address assignment for VPN and specifies the prefix to use for the addressing.

EntrypointName [in]

Entrypoint refers to the identity of a site in a multisite deployment where VPN needs to be installed. This is required in a scenario where DirectAccess with multisite is already deployed and a user wants to additionally deploy VPN. If entrypoint is not specified then the entrypoint to which the server on which the cmdlet is executed belongs is used. The server could also be represented using the ComputerName parameter.

If both entrypoint and computername are specified and the ComputerName does not belong to the site represented by the entrypoint then the entrypoint takes precedence and VPN is deployed at the site indicated by it.

Note that in a multisite deployment case VPN can only be installed one site at a time.

cmdletOutput [out]

  1. When only DirectAccess is installed output will be the DA status, DA deployment mode and DA configuration portions and common configuration portions. 2. When only VPN is installed output will be the VPN status and VPN configuration and common configuration portions.

Requirements
Minimum supported client
 None supported
Minimum supported server
 Windows Server 2012
Namespace
 Root\Microsoft\Windows\RemoteAccess
MOF
RAMgmtPSProvider.mof
DLL
RAMgmtPSProvider.dll

See also

PS_RemoteAccess