How to connect to a VPN at startup?
Found this solution here.
- Open Task Scheduler (search Task Scheduler)
- Click Create Task in the Actions panel on the right
- General Tab
- Provide a logical name for the task like Auto VPN
- Switch the running task mode to Run whether user is logged on or not
- Enable the Run with highest privileges option
- Change the Configure for: drop-down to Windows 10
- Triggers Tab
- Click the New... button
- Change Begin the task: to At start up
- (Optional) Enable Delay task for and set to 5 minutes. This give the slow machine a chance to idle down before launching the VPN.
- Actions Tab
- Click the New... button
- Enter
c:\windows\system32\rasdial.exe
in the Program/script: field. You can also browse to it if you don't want to type it or your default Windows install directory is different. - Type the connection name in the Add arguments field. The
rasdial.exe
requires you wrap the connection name in quotes if it has spaces. You may also need to append the connection's username and password, as well as domain, if they are required, like this:"VPN Connection Name" username password /domain:domainname
.
- Conditions Tab
- Un-check all of the options on the conditions tab.
- Settings Tab
- (Optional) enable "If the task fails, restart every:" and set to an appropriate value. I set mine to 1 hour in case there is a problem on the VPN server's end.
- (Optional) set the "Attempt to restart up to:" value to an acceptable number. My default is 72 times at a 1 hour interval. This covers long weekend.
- Save the new task
The accepted answer by Mikael is great, except for the plain text password in 5.3, which just makes me queasy. The way my VPN connection (via IKEv2) works, rasdial doesn't need the username and password as parameters.
But if your situation is different, there are ways to avoid the plain text password in the script:
This article explains how to encrypt and save text using Powershell: https://www.pdq.com/blog/secure-password-with-powershell-encrypting-credentials-part-1/
To summarize: using the function ConvertTo-SecureString you can encrypt text in such a way that only (processes running under) the same user, on the same machine can decrypt it. Which isn't perfectly secure, but better than plain text. The powershell command to encrypt and save "MyP@ssword1" to a file would be:
"MyP@ssword1" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\path to\your\Password.txt"
And here you'll find how to read and decrypt the password again: https://stackoverflow.com/a/19950628/4602253