Hi fokes,
We have several cases where we need to deploy a VPN-client that uses the TAP-Windows Adapter V9. For some reason the installer of the VPN-client is silent (in this case Watchguard) right until the point where the installer tries to install the TAP-adapter, then we get an error that it was unable to deploy.
I wonder if anyone has experience with this?
I would love to know this myself. We use the watchguard SSL VPN in my org and i’ve never found a way to deploy it silently.
I’ve never managed to do this, everything is silent bar the Tap driver, I looked into installing the Openvpn drivers as that’s all watchguard client is under the hood. I gave up and used PS app deployment toolkit to tell users to press install. I’d look into install tap drivers before installing the client silently and see if that works?
Is there someone who has an awnser to this?
To avoid this window add to your script the option: /SELECT_TAP=1 to “Install” or /SELECT_TAP=0 to “Don’t Install”
For example: $InstallArguments = “/S /SELECT_TAP=0”
Me neither, still looking.
I can only speak for Watchguard SSLVPN which I deploy silently with zero interaction.
When you normally install the VPN it installs two certificates in your trusted publishers certificate store, one from Watchguard and one from OpenVPN, after installing these certificates the silent installer works great.
I am about to adapt this for use with Intune, but here is how it looks in batch which i use for my current RMM:
taskkill /IM “wgsslvpnc.exe” /F
“C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\unins000.exe” /VERYSILENT /NORESTART
certutil -addstore -f TrustedPublisher trustedpublisher1.cer
certutil -addstore -f TrustedPublisher trustedpublisher2.cer
WG-MVPN-SSL.exe /TYPE=“full” TASKS=“desktopicon” /VERYSILENT
The first two lines make it so i can deploy an update to the client in case it is running, etc.
EDIT: Deployed successfully through Intune, threw the 2 certificates, installer and a batch script with the above in it in a Intunewin-package, set the batch as the install command and away we go.
Thanks for this u/Zodiam! Worked perfectly for a new install. Any idea how to update an already installed version? The detection method is picking up the already installed version and then wont install over the top.
Hello
Thanks for the response but i’ve already fixed it with the certutil -addstore -f TrustedPublisher trustedpublisher1.cer
If i did not found it this would help 
So this worked perfectly through Intune. Is there a way in the bat file to include the remote server name for the install? So basically When I do the install, I want to include the Server name that will be used to log in to.
Would you mind explaining how you got all of these files into one Intunewin package? Did you have to bundle them together some way first?
change your detection rule to file version, and use one of the binaries from the install location, ie
“C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnc.exe”
Other than that i use the same batch, still works fine for me.
I dont think the WG client has that option for the installer (have not double checked)
I know it saves the IP and username somewhere after your first connection probably in Appdata or the registry, maybe you could find that and add on a line to copy that to the client PCs?
There is a program called win32 content prep tool that you use to bundle it into a intunewin package, its pretty easy to get the hang of.
Gave that a go and it worked a treat. Thanks again!
Ah yeah I’m familiar with it and have used it on stand alone files before but wasn’t sure how you were able to get all of those into one. I’ve tried using a program to bundle the files as an .exe and then use that tool to convert them but haven’t tested it yet.
Nah, just throw the files i mentioned above into a folder along with the batch file with the install commands as below, then when the tool tasks you point that folder out as the content folder and the “install.bat” or whatever you name it as the installer.
