Set-VpnAuthProtocol

Configures the authentication method for incoming site-to-site (S2S) VPN interfaces on a Routing and Remote Access (RRAS) server.

Syntax

Set-VpnAuthProtocol
   [-UserAuthProtocolAccepted <String[]>]
   [-TunnelAuthProtocolsAdvertised <String>]
   [-RootCertificateNameToAccept <X509Certificate2>]
   [-CertificateAdvertised <X509Certificate2>]
   [-SharedSecret <String>]
   [-PassThru]
   [-CertificateEKUsToAccept <String[]>]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-VpnAuthProtocol cmdlet configures how the incoming site-to-site (S2S) VPN Interfaces on a Routing and Remote Access (RRAS) server are authenticated, such as when the server is a responder for incoming connections whose authentication method is EAP or computer certificates (machine certificates).

Examples

EXAMPLE 1

PS C:\> Set-VpnAuthProtocol -UserAuthProtocolAccepted Certificate -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted. 
 
UserAuthProtocolAccepted      : {Certificate} 
TunnelAuthProtocolsAdvertised : Certificates 
RootCertificateNameToAccept   : 
CertificateAdvertised         :

This example changes the authentication method used by the server for incoming connections to Certificate and advertises certificates as authentication mechanism to the peer computers.

EXAMPLE 2

PS C:\>$cert1 = ( Get-ChildItem -Path cert:LocalMachine\root | Where-Object -FilterScript { $_.Subject -Like "*CN=Contoso Root Certification Authority,*" } )



PS C:\>Set-VpnAuthProtocol -RootCertificateNameToAccept $cert1 -PassThru

This example sets the root certificate against which all of the incoming connections computer certificates are matched.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateAdvertised

Specifies the certificate to be sent to a peer computer. Applicable only if the TunnelAuthProtocolsAdvertised parameter is set to Certificate.

Type:X509Certificate2
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateEKUsToAccept

Specifies an array of Certificate Extended Key Usage (EKU) extensions to allow. This parameter is only valid if the UserAuthProtocolAccepted parameter contains certificates.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RootCertificateNameToAccept

Specifies the root certificates that are allowed. Applicable only if the UserAuthProtocolAccepted parameter contains certificates.

Type:X509Certificate2
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SharedSecret

Specifies the text of the shared secret for the connection. Applicable only if the TunnelAuthProtocolsAdvertised parameter is set to PSK.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TunnelAuthProtocolsAdvertised

Specifies the remote authentication method used by the RRAS server. If this parameter value is set to pre-shared key (PSK), then the SharedSecret parameter is mandatory. If this parameter value is set to Certificate, then the CertificateAdvertised parameter is mandatory. Only one of the values can be specified.

Type:String
Accepted values:Certificates, PreSharedKey
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-UserAuthProtocolAccepted

Specifies the local authentication protocols that are allowed.

Type:String[]
Accepted values:EAP, Certificate, MsChapv2, Chap, PAP, PreSharedKey
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String[]

String

Outputs

CimInstance

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.