by Njål

Permanent VPN connection in Windows

Windows does not really offer any good ways of setting up a permanent VPN connection that is stable.
People are literally loosing their minds over it.

We came up with a pretty nice solution to this problem by combining

  • Windows Powershell
  • Windows VPN Client
  • Windows Task scheduler
At the server side
  • Make sure your VPN Server is set up and working. This will not be covered here.
At the client side
  1.  Set up a new VPN Connection. Just follow the usual “Connecto to a workplace” wizard. Make sure that the VPN connection works.
  2. After creating the connection – set these Redial properties. The redial functionality works as it should most of the time, but it’s not 100% trustable.
  3. Also – Uncheck “Use default gateway on remote network” – in order to prevent all network/internet trafic to go through the VPN (unless this is what you want).
  4. Since the Redial functionality of the VPN Connection isn’t trustable – it’s best to deal with this yourself. It’s hammer powershell time. Create c:pn.ps1and add the following:
    $ip = "10.20.30.40"
    $result = gwmi -query "SELECT * FROM Win32_PingStatus WHERE Address = '$ip'"
    if ($result.StatusCode -eq 0) {
        Write-Host "$ip is up."
    }
    else{
        Write-Host "$ip is down."
        Write-Host "Disconnecting..."
        rasdial.exe DegreeVPN /DISCONNECT
        Write-Host "Connecting..."
        rasdial.exe DegreeVPN vpnUsername vpnPassword12345
    }

    The script pings an IP that should be available through the VPN. If the ping is unsucecssfull – the connection is reestablished. You can also set up routes here (and get notifications by email every time the VPN was disconnected) if you add a few more lines to the script.

  5. Start up a powershell and type “Set-ExecutionPolicy Unrestricted” order to allow the script to be executed.
  6. Schedule this script to execute at startup (no user/login necessary) and also every 5 minutes.

  7. Bingo! You now have a robust and permanent VPN Connection in windows. This works with PPTP, L2TP, SSTP and IKEv2, and have been tested on Windows 7 and Windows 2008 R2.
  • http://www.vpndialer.com Eric Taneda

    There is also a product called VPN Dialer 2012 which my company publishes, that runs as a service, which can optimize the connection through multiple available gateways, intelligently connect to multiple alternative VPN servers, easy to set up, and has an option for batch file installation to multiple stations. I will not post a link, but it can be readily found by Googling for it.

  • http://non.com rene jansen

    @eric: Costs 40 usd?

  • A. Jahn

    I searched for a way to keep a VPN connection alive and this was one of the first hits on Google.. so, I hope this helps you to keep a VPN connection alive.

    The premise to this being that the basic internet connection stays alive as well. (Since I use a cable router that connects to the internet I don’t know how to keep a dial-up connection alive via Windows, sorry.)

    windowsvpn.info/vpn-show.php?e_id=19

    This tutorial is really great.

    However, you need to change the entries in the “VPN Server List” file to match your VPN connection. Note that the default connection in the Server List File is set to “VPN-servername2”, so either you enter your VPN address in “VPN-servername2″ or you enter the address in”VPN-servername1” and change the default to “VPN-servername1” as well which makes more sense to me.

    If you’re just using 1 VPN connection with 1 static server address you may change the settings in step 8 and enter your VPN’s address in the field next to “Always use the same VPN server” and activate that toggle.

    Also, you may need to change the connection security settings to a different protocol, according to your VPN encryption (Step 12).

    Once done you need to start the executable the program generated and install the connection in Windows. You then get the old school xp dial-up window where you enter the username and password for your VPN connection. To enable auto-redial you need to save the password of course and check “connect automatically”.

    Also, by default the connection will disconnect after 10 minutes of idle time. To change that click on “Properties” in the dial-up window and set “Idle time before disconnecting” to “never”. Set the number of redial attempts to suit your needs too.

    That should be all. From now on your VPN is auto-redialed if the connection’s lost!

  • dreamerman

    Your tutorial is great. Is there a way to have an IP range like 10.0.0.0/16 instead of a specific IP address like “10.20.30.40” ?

  • VikingSven

    Searching for a solution to this problem, and this is still the most relevant Google result after all these years.
    It does however rely on having ICMP (Ping) open over the VPN, which may not always be the case.
    A cleaner solution that doesn’t rely on any protocol being available over the VPN:

    while($true)
    {
    $VPNStatus = rasdial.exe
    If($VPNStatus -NotContains “VPNNAME”)
    {
    “VPN Disconnected”
    rasdial.exe “VPNNAME” “VPNUSERNAME” “PASSWORD”
    }
    Start-Sleep -s 10
    }

    I just run that in an PowerShell window while I want my VPN connected, then close it and manually disconnect the VPN when I’m done. If you want the VPN permanently connected, just put the below into the scheduled task, as per this original post:

    $VPNStatus = rasdial.exe
    If($VPNStatus -NotContains “VPNNAME”)
    {
    “VPN Disconnected”
    rasdial.exe “VPNNAME” “VPNUSERNAME” “PASSWORD”
    }