48

How can I create a VPN connection with an arbitrary server using an arbitrary protocol in Windows cmd?

Andriy M
  • 76,112
  • 17
  • 94
  • 154
user1892542
  • 481
  • 1
  • 4
  • 4

3 Answers3

47

I know this is a very old thread but I was looking for a solution to the same problem and I came across this before eventually finding the answer and I wanted to just post it here so somebody else in my shoes would have a shorter trek across the internet.

****Note that you probably have to run cmd.exe as an administrator for this to work**

So here we go, open up the prompt (as an adminstrator) and go to your System32 directory. Then run

C:\Windows\System32>cd ras

Now you'll be in the ras directory. Now it's time to create a temporary file with our connection info that we will then append onto the rasphone.pbk file that will allow us to use the rasdial command.

So to create our temp file run:

C:\Windows\System32\ras>copy con temp.txt

Now it will let you type the contents of the file, which should look like this:

[CONNECTION NAME]
MEDIA=rastapi
Port=VPN2-0
Device=WAN Miniport (IKEv2)
DEVICE=vpn
PhoneNumber=vpn.server.address.com

So replace CONNECTION NAME and vpn.server.address.com with the desired connection name and the vpn server address you want.

Make a new line and press Ctrl+Z to finish and save.

Now we will append this onto the rasphone.pbk file that may or may not exist depending on if you already have network connections configured or not. To do this we will run the following command:

C:\Windows\System32\ras>type temp.txt >> rasphone.pbk

This will append the contents of temp.txt to the end of rasphone.pbk, or if rasphone.pbk doesn't exist it will be created. Now we might as well delete our temp file:

C:\Windows\System32\ras>del temp.txt

Now we can connect to our newly configured VPN server with the following command:

C:\Windows\System32\ras>rasdial "CONNECTION NAME" myUsername myPassword

When we want to disconnect we can run:

C:\Windows\System32\ras>rasdial /DISCONNECT

That should cover it! I've included a direct copy and past from the command line of me setting up a connection for and connecting to a canadian vpn server with this method:

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd ras

C:\Windows\System32\ras>copy con temp.txt
[Canada VPN Connection]
MEDIA=rastapi
Port=VPN2-0
Device=WAN Miniport (IKEv2)
DEVICE=vpn
PhoneNumber=ca.justfreevpn.com
^Z
        1 file(s) copied.

C:\Windows\System32\ras>type temp.txt >> rasphone.pbk

C:\Windows\System32\ras>del temp.txt

C:\Windows\System32\ras>rasdial "Canada VPN Connection" justfreevpn 2932
Connecting to Canada VPN Connection...
Verifying username and password...
Connecting to Canada VPN Connection...
Connecting to Canada VPN Connection...
Verifying username and password...
Registering your computer on the network...
Successfully connected to Canada VPN Connection.
Command completed successfully.

C:\Windows\System32\ras>rasdial /DISCONNECT
Command completed successfully.

C:\Windows\System32\ras>

Hope this helps.

John Dorian
  • 1,884
  • 1
  • 19
  • 29
  • I get the following error: Remote Access error 623 - The system could not find the phone book entry for th s connection. – Utsav Gupta Feb 02 '15 at 00:24
  • my rasphone.pbk looks like this [DEV_QA] MEDIA=rastapi Port=VPN2-0 Device=WAN Miniport (IKEv2) Device=vpn PhoneNumber=XXX – Utsav Gupta Feb 02 '15 at 00:54
  • FYI when I was missing the `rasphone.pbk` file, I got the `this function is only valid in win32 mode` error. (this is just an informational comment, later I created the file and it worked as expected.) – n611x007 Apr 13 '15 at 20:42
  • I am getting the following error: Remote Access error 800 - The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly. – keshav Jan 04 '16 at 06:24
  • @keshav I would imagine you have an issue with your VPN server. Have you tried this with a server that you've verified works? – John Dorian Jan 05 '16 at 08:44
  • I tried with cisco anyconnect ui and it worked. I wanted to automate vpn connection using above given solution but it is showing 800 error – keshav Jan 05 '16 at 08:48
  • 2
    Thanks a lot! Works good but folder for rasphone.pbk in %userprofile%\AppData\Roaming\Microsoft\Network\Connections\PBK – oobe Aug 26 '16 at 07:31
  • Agree with @oobe , [related question about location of pbk](https://superuser.com/a/607182/292784) – Nate Anderson May 18 '17 at 19:09
  • Worked on Win8. The location is in `%userprofile%\AppData\Roaming\Microsoft\Network\Connections\‌​PB` as pointed above. I had the VPN configured previously so actually i didnt required any particular edition, just the `rasdial` command... – Brethlosze Jan 24 '18 at 23:45
  • All of this because MS can't make a tray icon to control the VPN by a simple click (connect/disconnect). Amazing .. per usual. MS: "Let's make it extra hard to be secure."? 3rd party software always seems to manage it. See OpenVPN/GUI, NetExtender etc. – B. Shea Jan 21 '22 at 17:15
30

Have you looked into rasdial?

Just incase anyone wanted to do this and finds this in the future, you can use rasdial.exe from command prompt to connect to a VPN network

ie rasdial "VPN NETWORK NAME" "Username" *

it will then prompt for a password, else you can use "username" "password", this is however less secure

http://www.msfn.org/board/topic/113128-connect-to-vpn-from-cmdexe-vista/?p=747265

sshow
  • 8,820
  • 4
  • 51
  • 82
LNendza
  • 1,350
  • 1
  • 12
  • 21
  • yes,but rasdial is for connecting to existing connection,I need to create connection – user1892542 Jan 31 '13 at 08:26
  • This command have some issues in Windows 10. I tried and it say connected successfully. However, if you try to Get-VpnConnection using powershell it will tell you not connected. I think it is probably a bug in the latest version of windows. – Juan Acosta Aug 19 '16 at 00:18
  • 2
    Using as rasdial "vpnName" also works like a charm in cmd. Thanks for answer! – Ali Karaca Jun 11 '18 at 10:30
19

Is Powershell an option?

Start Powershell:

powershell

Create the VPN Connection: Add-VpnConnection

Add-VpnConnection [-Name] <string> [-ServerAddress] <string> [-TunnelType <string> {Pptp | L2tp | Sstp | Ikev2 | Automatic}] [-EncryptionLevel <string> {NoEncryption | Optional | Required | Maximum}] [-AuthenticationMethod <string[]> {Pap | Chap | MSChapv2 | Eap}] [-SplitTunneling] [-AllUserConnection] [-L2tpPsk <string>] [-RememberCredential] [-UseWinlogonCredential] [-EapConfigXmlStream <xml>] [-Force] [-PassThru] [-WhatIf] [-Confirm]

Edit VPN connections: Set-VpnConnection

Set-VpnConnection [-Name] <string> [[-ServerAddress] <string>] [-TunnelType <string> {Pptp | L2tp | Sstp | Ikev2 | Automatic}] [-EncryptionLevel <string> {NoEncryption | Optional | Required | Maximum}] [-AuthenticationMethod <string[]> {Pap | Chap | MSChapv2 | Eap}] [-SplitTunneling <bool>] [-AllUserConnection] [-L2tpPsk <string>] [-RememberCredential <bool>] [-UseWinlogonCredential <bool>] [-EapConfigXmlStream <xml>] [-PassThru] [-Force] [-WhatIf] [-Confirm]

Lookup VPN Connections: Get-VpnConnection

Get-VpnConnection [[-Name] <string[]>] [-AllUserConnection]

Connect: rasdial [connectionName]

rasdial connectionname [username [password | \]] [/domain:domain*] [/phone:phonenumber] [/callback:callbacknumber] [/phonebook:phonebookpath] [/prefixsuffix**]

You can manage your VPN connections with the powershell commands above, and simply use the connection name to connect via rasdial.

The results of Get-VpnConnection can be a little verbose. This can be simplified with a simple Select-Object filter:

Get-VpnConnection | Select-Object -Property Name

More information can be found here:

mickael9
  • 456
  • 2
  • 12
Élie
  • 1,285
  • 1
  • 12
  • 27