VPN Ufficio: differenze tra le versioni

Da Webmobili Wiki.
← Differenza precedenteDifferenza successiva →
Riga 7: Riga 7:
Scaricare [[Media:Webmobili-VPN-Certificato.zip]]
Scaricare [[Media:Webmobili-VPN-Certificato.zip]]


Funziona eseguendo il seguente '''script'''<br/>
Funziona eseguendo il seguente '''script batch'''<br/>
(eseguire nella stessa cartella del certificato <code>RemoteAccess_Windows_IPSec_VPN.crt</code> appena scaricato ed estratto)
(eseguire nella stessa cartella del certificato <code>RemoteAccess_Windows_IPSec_VPN.crt</code> appena scaricato ed estratto)
<syntaxhighlight lang="batch">
<syntaxhighlight lang="batch">

Versione delle 10:52, 7 apr 2025

VPN Ufficio

Con il nuovo ufficio è stato installato un nuovo firewall che ci permette di avere una VPN.

Windows

Al momento la VPN è configurata solo per gli utenti Windows.

Scaricare Media:Webmobili-VPN-Certificato.zip

Funziona eseguendo il seguente script batch
(eseguire nella stessa cartella del certificato RemoteAccess_Windows_IPSec_VPN.crt appena scaricato ed estratto) 

@echo off
set Name="Webmobili"
set ServerAddress="nebula-67deeefb.d2ns-nbl.com"
set TunnelType="IKEv2"
set AuthenticationMethod="EAP"
set EncryptionLevel="Required"
set UseWinlogonCredential=$False
set RememberCredential=$True
set SplitTunneling=$True
set IKEEnc="AES256"
set IKEAuth="SHA256"
set IKEKey="Group14"
set ESPEnc="AES256"
set ESPAuth="SHA256"
set ESPPfs="None"
:: Installing CA certificate requires Administrator privileges.
call :isAdmin

:: Check Administrator priviledges and run alternative action
if %errorlevel% == 0 (
	goto :run
) else if "%1" == "admin_session" (
	goto :run
) else if %errorlevel% == 1 (
	goto :UACPrompt
) else (
	echo "Could not get administrative privileges"
	pause
	exit /b
)

:isAdmin
	fsutil dirty query %systemdrive% >nul 2>&1
	exit /b

:run
	cd /d %~dp0
	powershell -ExecutionPolicy Bypass -NonInteractive -Command "& {Get-ChildItem -Path .\RemoteAccess_Windows_IPSec_VPN.crt | Import-Certificate -CertStoreLocation cert:\LocalMachine\root}"
	exit /b

:UACPrompt
	echo Requesting administrative privileges to install the IKEv2 VPN CA certificate...
	echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
	echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" admin_session", "", "runas", 1 >> "%temp%\getadmin.vbs"
	"%temp%\getadmin.vbs"
	del "%temp%\getadmin.vbs"
	echo "Install the IKEv2 VPN CA certificate..."

powershell -ExecutionPolicy Bypass -command "Get-VpnConnection -Name %Name% -ErrorAction SilentlyContinue"

if %errorlevel% == 0 (
	goto :UpdateVPN
) else (
	goto :AddVPN
)

:AddVPN
	powershell -ExecutionPolicy Bypass -command "Add-VpnConnection -Name %Name% -ServerAddress %ServerAddress% -TunnelType %TunnelType% -EncryptionLevel %EncryptionLevel% -AuthenticationMethod %AuthenticationMethod% -Force"
	powershell -ExecutionPolicy Bypass -command "Set-VpnConnection -Name %Name% -SplitTunneling %SplitTunneling% -RememberCredential %RememberCredential% -Force"
	powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force"
	powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru"
	powershell -ExecutionPolicy Bypass -command "Write-Host \"Create the %Name% VPN connection\""
	pause
	exit /b

:UpdateVPN
	powershell -ExecutionPolicy Bypass -command "Set-VpnConnection -Name %Name% -ServerAddress %ServerAddress% -TunnelType %TunnelType% -EncryptionLevel %EncryptionLevel% -AuthenticationMethod %AuthenticationMethod% -SplitTunneling %SplitTunneling% -Force"
	powershell -ExecutionPolicy Bypass -command "Set-VpnConnectionIPsecConfiguration -ConnectionName %Name% -EncryptionMethod %IKEEnc% -IntegrityCheckMethod %IKEAuth% -DHGroup %IKEKey% -CipherTransformConstants %ESPEnc% -AuthenticationTransformConstants %ESPAuth% -PfsGroup %ESPPfs% -Force"
	powershell -ExecutionPolicy Bypass -command "Add-VpnConnectionRoute -ConnectionName %Name% -DestinationPrefix '10.13.17.0/24' -PassThru"
	powershell -ExecutionPolicy Bypass -command "Write-Host \"Updated the %Name% VPN connection\""
	pause
	exit /b

exit /b

Eliminare VPN

Per eliminare/disinstallare tutto quello che è stato fatto usare il seguente script batch 

@echo off
setlocal

set Name="Webmobili"
set CertSubject="CN=RemoteAccess_Windows_IPSec_VPN"

:: Verifica privilegi amministrativi
call :isAdmin
if %errorlevel% neq 0 (
    echo Richiesti privilegi amministrativi per rimuovere la VPN e il certificato.
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" admin", "", "runas", 1 >> "%temp%\getadmin.vbs"
    "%temp%\getadmin.vbs"
    del "%temp%\getadmin.vbs"
    exit /b
)

:: Rimozione connessione VPN
powershell -ExecutionPolicy Bypass -Command "if (Get-VpnConnection -Name %Name% -ErrorAction SilentlyContinue) { Remove-VpnConnection -Name %Name% -Force; Write-Host 'VPN rimossa' } else { Write-Host 'VPN non trovata' }"

:: Rimozione certificato CA dal certificato root
powershell -ExecutionPolicy Bypass -Command ^
    "$certs = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Subject -eq '%CertSubject%' }; ^
    if ($certs) { $certs | Remove-Item -Force; Write-Host 'Certificato rimosso' } else { Write-Host 'Certificato non trovato' }"

pause
exit /b

:isAdmin
    fsutil dirty query %systemdrive% >nul 2>&1
    exit /b
Estratto da "https://wiki.wmdemo.it/index.php?title=VPN_Ufficio&oldid=4471"