Creating .msi installer for L2TP VPN

Hey there, I’ve been trying every combination of keywords I can think of in Google and DDG looking for a guide on how to build my own .msi installer package.

I have some clients with very specific VPN connection needs and I’ve got all of the steps written down in guides filed under each client.

However I’ve seen basic windows 10/11 VPNs be fully configured and ready to connect through a simple .msi installer.

I cannot figure out how to make that installer myself and this would save me at least 1 hour per week just setting up VPNs, refencing this document or that pre-shared key…

Anyone have a link to a good guide for this?

Windows built in VPN?

Using Powershell to deploy it is pretty easy.

Full Tunnel

$ServerAddress = "address"
$ConnectionName = "name"
$PresharedKey = "key"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -L2tpPsk "$PresharedKey" -remembercredential -AuthenticationMethod Pap -Force

Split Tunnel

$ServerAddress = "address"
$ConnectionName = "Name"
$PresharedKey = "key"
$Destination = "subnet/24"
$Destination2 = "subnet/24"
$Destination3 = "subnet/24"
Add-VpnConnection -Name "$ConnectionName" -ServerAddress "$ServerAddress" -TunnelType L2tp -L2tpPsk "$PresharedKey" -remembercredential -AuthenticationMethod Pap -Force

Start-Sleep -m 100

Set-VpnConnection -Name $ConnectionName -SplitTunneling $true

Start-Sleep -m 100

Add-Vpnconnectionroute -Connectionname $ConnectionName -DestinationPrefix $Destination
Add-Vpnconnectionroute -Connectionname $ConnectionName -DestinationPrefix $Destination2
Add-Vpnconnectionroute -Connectionname $ConnectionName -DestinationPrefix $Destination3

EXE not MSI but could you package it

Its old, but I’ve used it before.

If the powershell works you can try using ps2exe or one of the other options for making a powershell script into an EXE file that the users just have to double click.

Obviously will require a bit of testing but might work for you.

The freeware version of advanced installer has done the job for all the MSIs I’ve needed but I’ve never needed to msi a vpn so no idea if it’ll work for you.

You can use the free edition of Visual Studio 2019 to create your own MSI package.

Have used this for Intune deployments for our apps that are EXE based only.

https://www.advancedinstaller.com/create-msi-installer-with-visual-studio.html

Yeah but I want a file I can send a client, so all they have to do is click on it to install.

Absolute minimal interaction. They’re clients, they don’t know anything about computers.

looks remarkably like the script I built for the same, Meraki networking.

​

I added in RASDIAL commands to delete the old connection in case it was there.

​

$name = 'CORP VPN'
rasdial $name /DISCONNECT;
Remove-VpnConnection -Name $name -AllUserConnection -Force
Add-VpnConnection -Name $name -TunnelType L2tp -ServerAddress 'vpn.mycompany.com' -L2tpPsk 'MyL2tpPassphrase' -DnsSuffix 'mydomain.com' -AuthenticationMethod PAP -EncryptionLevel Optional -AllUserConnection $true -Force
Add-VpnConnectionRoute -ConnectionName $name -DestinationPrefix "mysubnet" -AllUserConnection

Works like a champ.

This might have been it.

It’s been a few years so maybe it was EXE. Thnx.

literally save it as a .ps1 file.

send it to them.

Right-Click - Run with Powershell

done

Edited above for a split tunnel vpn as well

That’s an option. Thnx.

If they are Domain joined, pretty easy to push out the .ps1 file at login for the computers via gpo. Then you dont have to send them anything!

Lately it’s been entirely when the client’s system is offsite (like at my office) and I’m doing a nuke/pave.

My plan is to save my future self a ton of time by having a folder with the VPN connection installers for each client. Then save that into ITGlue so I can have the installer available from anywhere I’ve got internet.

Are you a MSP? I worked at one that was a Meraki shop, just about all of our clients had Merakis with L2TP VPNs.

We used our RMM to create the VPN connection with a powershell command/script. Just make sure you have the -alluserconnection or whatever switch and it gets installed system wide instead of just to the user running the command.

-alluserconnection

That’s one very important thing I needed thnx. I can never find that option after the VPN has been configured