Share via

Add-SCVPNConnection

Module:
VirtualMachineManager Module

Adds a VPN connection to a virtual machine network.

Syntax

IPSec (Default) 

Add-SCVPNConnection
    [-VMNetworkGateway] <VMNetworkGateway>
    -Protocol <VPNProtocol>
    [-VMMServer <ServerConnection>]
    [-Name <String>]
    [-Description <String>]
    [-TargetIPv4VPNAddress <String>]
    [-TargetIPv6VPNAddress <String>]
    [-EncryptionMethod <VPNEncryptionMethod>]
    [-IntegrityCheckMethod <VPNIntegrityCheckMethod>]
    [-CipherTransformConstants <VPNCipherTransformConstants>]
    [-AuthenticationTransformConstants <VPNAuthenticationTransformConstants>]
    [-PFSGroup <VPNPFSGroup>]
    [-DHGroup <VPNDHGroup>]
    [-AuthenticationMethod <VPNAuthenticationMethod>]
    [-Secret <RunAsAccount>]
    [-Certificate <ClientCertificate>]
    [-IPSecMainSALifeTimeSeconds <UInt32>]
    [-IPSecMainSALifeTimeKiloBytes <UInt32>]
    [-IPSecQuickSALifeTimeSeconds <UInt32>]
    [-IPSecQuickSALifeTimeKiloBytes <UInt32>]
    [-IPSecIdleDisconnectSeconds <UInt32>]
    [-LocalTrafficSelectors <TrafficSelector[]>]
    [-RemoteTrafficSelectors <TrafficSelector[]>]
    [-MaximumBandwidthInboundKbps <UInt64>]
    [-MaximumBandwidthOutboundKbps <UInt64>]
    [-RunAsynchronously]
    [-PROTipID <Guid>]
    [-JobVariable <String>]
    [-OnBehalfOfUser <String>]
    [-OnBehalfOfUserRole <UserRole>]
    [<CommonParameters>]

GRE 

Add-SCVPNConnection
    [-VMNetworkGateway] <VMNetworkGateway>
    -Protocol <VPNProtocol>
    [-VMMServer <ServerConnection>]
    [-Name <String>]
    [-Description <String>]
    [-TargetIPv4VPNAddress <String>]
    [-TargetIPv6VPNAddress <String>]
    [-MaximumBandwidthInboundKbps <UInt64>]
    [-MaximumBandwidthOutboundKbps <UInt64>]
    [-GRETunnel]
    [-GREKey <UInt32>]
    [-GREIPv4Address <String>]
    [-GREIPv6Address <String>]
    [-RunAsynchronously]
    [-PROTipID <Guid>]
    [-JobVariable <String>]
    [-OnBehalfOfUser <String>]
    [-OnBehalfOfUserRole <UserRole>]
    [<CommonParameters>]

L3 

Add-SCVPNConnection
    [-VMNetworkGateway] <VMNetworkGateway>
    -NextHopNetwork <VMNetwork>
    -Protocol <VPNProtocol>
    -IPAddresses <String[]>
    -PeerIPAddresses <String[]>
    [-VMMServer <ServerConnection>]
    [-Name <String>]
    [-Description <String>]
    [-MaximumBandwidthInboundKbps <UInt64>]
    [-MaximumBandwidthOutboundKbps <UInt64>]
    [-RunAsynchronously]
    [-PROTipID <Guid>]
    [-JobVariable <String>]
    [-OnBehalfOfUser <String>]
    [-OnBehalfOfUserRole <UserRole>]
    [<CommonParameters>]

Description

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Examples

Example 1: Adds a VPN connection

PS C:\> $VmNetworkGateway = Get-SCVMNetworkGateway -Name "VMGateway01"
PS C:\> $RunAsAccount = Get-SCRunAsAccount -ID "972567d5-96ad-472e-9790-831bae5fd69c"
PS C:\> $VpnConnection = Add-SCVPNConnection -AuthenticationMethod "PSKOnly" -AuthenticationTransformConstants "SHA196" -CipherTransformConstants "AES256" -DHGroup "Group2" -EncryptionMethod "AES256" -IntegrityCheckMethod "SHA1" -PFSGroup "PFS2048" -Protocol "IKEv2" -Name "IPSec" -TargetIPv4VPNAddress "100.100.100.100" -Secret $RunAsAccount -VMNetworkGateway $VmNetworkGateway

The first command gets a network gateway named VMGateway01, and then stores it in the $VmNetworkGateway variable.

The second command gets a Run As account, and then stores it in the $RunAsAccount variable. This account is used to add the VPN connection.

The final command adds a VPN connection to the virtual machine network gateway in $VmNetworkGateway, and then stores it in the $VpnConnection variable.

Parameters

-AuthenticationMethod

Specifies a virtual private network (VPN) authentication method. Valid values are: PSKOnly, MachineCertificates.

Parameter properties

Type:VPNAuthenticationMethod
Default value:None
Accepted values:PSKOnly, MachineCertificates
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-AuthenticationTransformConstants

Specifies a virtual private network (VPN) transform constant. Valid values are:

  • SHA256128
  • MD596
  • SHA196
  • GCMAES128
  • GCMAES192
  • GCMAES256

Parameter properties

Type:VPNAuthenticationTransformConstants
Default value:None
Accepted values:SHA256128, MD596, SHA196, GCMAES128, GCMAES192, GCMAES256, SHA256, None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Certificate

Specifies a security certificate object.

Parameter properties

Type:ClientCertificate
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-CipherTransformConstants

Specifies a virtual private network cipher transform constants. Valid values are:

  • DES
  • DES3
  • AES128
  • AES192
  • AES256
  • GCMAES128
  • GCMAES192
  • GCMAES256

Parameter properties

Type:VPNCipherTransformConstants
Default value:None
Accepted values:DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256, None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Description

Specifies a description for the VPN connection.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DHGroup

Specifies a virtual private network (VPN) Diffie-Hellman (DH) group. Valid values are:

  • None
  • Group1
  • Group2
  • Group14
  • ECP256
  • ECP384
  • Group24

Parameter properties

Type:VPNDHGroup
Default value:None
Accepted values:None, Group1, Group2, Group14, ECP256, ECP384, Group24
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-EncryptionMethod

Specifies a virtual private network (VPN) encryption method. Valid values are:

  • DES
  • DES3
  • AES128
  • AES192
  • AES256

Parameter properties

Type:VPNEncryptionMethod
Default value:None
Accepted values:DES, DES3, AES128, AES192, AES256, CBCDES, CBCDES3, AES128CBC, AES192CBC, AES256CBC, GCMAES128, GCMAES192, GCMAES256
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-GREIPv4Address

Specifies a Generic Route Encapsulation (GRE) IPv4 address.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GRE
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-GREIPv6Address

Specifies a GRE IPv6 address.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GRE
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-GREKey

Specifies a GRE key.

Parameter properties

Type:UInt32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GRE
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-GRETunnel

Indicates that this cmdlet uses a GRE tunnel.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GRE
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IntegrityCheckMethod

Specifies a virtual private network (VPN) integrity check method. Valid values are:

  • MD5
  • SHA1
  • SHA256
  • SHA384

Parameter properties

Type:VPNIntegrityCheckMethod
Default value:None
Accepted values:MD5, SHA1, SHA256, SHA384, SHA196
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IPAddresses

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

L3
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IPSecIdleDisconnectSeconds

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:UInt32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IPSecMainSALifeTimeKiloBytes

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:UInt32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IPSecMainSALifeTimeSeconds

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:UInt32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IPSecQuickSALifeTimeKiloBytes

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:UInt32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-IPSecQuickSALifeTimeSeconds

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:UInt32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-JobVariable

Specifies that job progress is tracked and stored in the variable named by this parameter.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-LocalTrafficSelectors

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:

TrafficSelector[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-MaximumBandwidthInboundKbps

Specifies, in kbps, the maximum inbound bandwidth.

Parameter properties

Type:UInt64
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-MaximumBandwidthOutboundKbps

Specifies, in kbps, the maximum outbound bandwidth.

Parameter properties

Type:UInt64
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Name

Specifies the name of a VMM object.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-NextHopNetwork

Specifies a VMNetwork object.

Parameter properties

Type:VMNetwork
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

L3
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-OnBehalfOfUser

Specifies a user name. This cmdlet operates on behalf of the user that this parameter specifies.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-OnBehalfOfUserRole

Specifies a user role. To obtain a user role, use the Get-SCUserRole cmdlet. This cmdlet operates on behalf of the user role that this parameter specifies.

Parameter properties

Type:UserRole
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-PeerIPAddresses

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:

String[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

L3
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-PFSGroup

Specifies a virtual private network (VPN) Perfect Forward Secrecy (PFS) group. Valid values are:

  • None
  • PFS1
  • PFS2
  • PFS2048
  • ECP256
  • ECP384
  • PFSMM
  • PFS24

Parameter properties

Type:VPNPFSGroup
Default value:None
Accepted values:None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFSMM, PFS24, PFS14
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-PROTipID

Specifies the ID of the Performance and Resource Optimization tip (PRO tip) that triggered this action. This parameter lets you audit PRO tips.

Parameter properties

Type:Guid
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Protocol

Specifies a VPN protocol. The acceptable values for this parameter are:

  • IKEv2
  • L2TP
  • PPTP
  • GRE

Parameter properties

Type:VPNProtocol
Default value:None
Accepted values:IKEv2, L2TP, PPTP, GRE, L3, IPSec
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-RemoteTrafficSelectors

The Add-SCVPNConnection cmdlet adds a virtual private network (VPN) connection to a virtual machine network to establish a site-to-site tunnel from a Virtual Machine Manager (VMM) managed network gateway to another endpoint.

Parameter properties

Type:

TrafficSelector[]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-RunAsynchronously

Indicates that the job runs asynchronously so that control returns to the command shell immediately.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Secret

Specifies a Run As account.

To obtain a Run As account, use the Get-SCRunAsAccount cmdlet.

Parameter properties

Type:RunAsAccount
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-TargetIPv4VPNAddress

Specifies a target VPN address in IPv4 format.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
GRE
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-TargetIPv6VPNAddress

Specifies a target VPN address in IPv6 format.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

IPSec
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
GRE
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-VMMServer

Specifies a VMM server object.

Parameter properties

Type:ServerConnection
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-VMNetworkGateway

Specifies a virtual machine network gateway object.

To obtain a VMNetworkGateway object, use the Get-SCVMNetworkGateway cmdlet.

Parameter properties

Type:VMNetworkGateway
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:0
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.