SetVPN.exe (2023.10.05)
This program from the command line creates a VPN connection in Windows (in Windows’ built-in VPN client).
The program is designed to Win7, but with some limitations and works in WinXP.
Win8/10/11(22H2) also supported, but connections created are not configurable in GUI and therefore it is better to use PowerShell Add-VpnConnection there.
The program is provided as is without warranty of any kind and responsibility!
For help with commandline keys – SetVPN.exe /help_en
The main commands are:
/add – adds a new VPN-connection. If the connection with that name already exists – ERROR_ALREADY_EXISTS.
/add /force – similar to, but if the connection with the same name already have – it will be removed and re-created.
/delete – delete a connection.
/help_ru – rus-lng reference.
/help_en – this reference.
/savedump – saves to file answer RASENTRYW RASCREDENTIALSW.
/viewlogin – shows the login from the specified VPN-connection.
/list – shows a list of VPN-connections, addresses, PBK-bases.
In the %errorlevel% returns standard error codes Windows, 0 – no error.
/name="connect_to_office" – set the name of the VPN-connection (which will work all other keys).
/servername="192.168.1.1" – address of VPN-server. Allow IPv4, IPv6, or domain.
/ip4addr=192.168.1.50 – local IPv4-address which must be assigned. If the key is not – use DHCP.
/ip4dns1=192.168.1.2 /ip4dns2=192.168.1.3 – addres primary and secondary DNS-servers. If the key is not – use DHCP.
/ip4wins1=192.168.1.2 /ip4wins2=192.168.1.3 – addres primary and secondary WINS-servers. If the key is not – use DHCP.
/ip4metric=123 – set the interface metric. If no key – auto.
/ip4DefGw – set ‘default gateway’
/ip4DisableCBSRt – disables route based on the class. (win7)
if set ip4DisableCBSRt – no ip4DefGw
/ip6addr /ip6dns1 /ip6dns2 /ip6metric /ip6DefGw – simular keys for IPv6.
/DisableIP4 – disable support TCP/IPv4
/DisableIP6 – disable support TCP/IPv6
/DisableFileAndPrint – disable File and Print Sharing for Microsoft Networks
/DisableClientForMSNet – disable Client for Microsoft Networks
/DisableNbtOverIP – disable NetBIOS over TCP/IP
/OnlyIP – DisableNbtOverIP and DisableClientForMSNet and DisableFileAndPrint
All keys ‘ip’ and ‘DisableIP’ – in WinXP not working correctly and to use they should not be there. In WinXP all options will be the default (DHCP, gateway default, and so on).
/DnsSuffix="test" – DNS-suffix
/RegIpWithDns – register this connection’s address in DNS.
/UseDnsSuffixForReg – use the DNS-suffix in DNS registration.
Key UseDnsSuffixForReg automatically includes RegIpWithDns.
Authentication Protocol (multiple keys):
/PAP – PAP.
/SPAP – Shiva. Only for WinXP.
/CHAP – CHAP.
/W95MsCHAP – Microsoft CHAP for Win95. Only for WinXP.
/MsCHAP1 – Microsoft CHAP v1. Only for WinXP.
/MsCHAP2 – Microsoft CHAP v2.
/EAP – EAP. However, after SetVPN.exe it can not adjust to the fullest. Key EAP can not be used together with any other key protocols.
If you do not specify any of the keys at all – will be listed MsCHAP2, but if are some clues – that will be allowed only with specified protocols.
Data encryption (one key).
/encryption_none –
/encryption_optional –
/encryption_normal – by default if not specified
/encryption_maximum –
Type VPN (one key).
/vs_Default – all. By default if not specified.
/vs_PptpOnly – only PPTP.
/vs_PptpFirst – first PPTP, then IKEv2, SSTP, L2TP.
/vs_L2tpOnly – only L2TP.
/vs_L2tpFirst – first L2TP, then IKEv2, SSTP, PPTP.
/vs_SstpOnly – only SSTP. (WinVistaSP1,Win7+).
/vs_SstpFirst – only SSTP, then IKEv2, PPTP, L2TP.
/vs_Ikev2Only – only IKEv2. (Win7+).
/vs_Ikev2First – only IKEv2, then SSTP, PPTP, L2TP.
/vs_PptpSstp – first PPTP, then SSTP. (Win7+).
/vs_L2tpSstp – first L2TP, then SSTP. (Win7+).
/vs_Ikev2Sstp – first IKEv2, then SSTP. (Win7+).
/vs_GREOnly – only GRE. (Win8+).
/vs_ProtocolList – (Win10+).
/UsePSK="MyPreSharedKey" – for authentication of L2TP to use PSK, the specified value. Otherwise – the certificates.
/DisableIKENameEkuCheck – disable check name and attributes of a server certificate.
/DisableMobility – (win7) Disable Mobility IKEv2.
/NetworkOutageTime=300 – (win7) IKEv2 NetworkOutageTime seconds
Dialing properties:
/HideDialingProgress – hide stroke connection
/HideUserPw – except to offer input connection name and password.
/PreviewDomain – include Windows logon domain
Parameters of PPP:
/DisableLcpExt – disable LCP extensions
/DisableSwCompression – disables software compression of data
/MultiLink – matching multi-link for single
Options redial:
/RedialCount=5 – Number of attempts to establish communication.
/RedialPause=10 – The interval between attempts in seconds (standard – 1,3,5,10,30,60,120,).
/IdleDisconnect=600 – Idle time before disconnection. Second. If 0 – then the simple unbounded, if the key is not – the system default.
/ReConnect – Call back at break ties.
/UserName="user" – login
/Password="pass" – password
/Domain="test" – domain for login
/CredsForAll – save login, password and domain for all users. Administrator rights are required when creating.
/UseLogonCredentials – use username/password logon in Windows (only MsCHAP).
/NoCacheCreds – unset flag CacheCredentials (win8+).
Options for selecting the PBK-base to work with:
/PbkCurrentUser – work with the PBK-base of the current user – CSIDL_APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk
/PbkAllUsers – work with the system PBK-base – CSIDL_COMMON_APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk
/PbkFile="C:\folder\file.pbk" – work with the specified PBK-base.
By default (if the /Pbk*-key is not specified) – both PBK-bases are used (system and current user): VPN-connections are created (/add) in the system PBK-base when executed with administrator rights or in the user database during normal executed, you can view (/viewlogin, /list) VPN-connections in both PBK-bases without administrator rights.
The parameters that are usually not needed, but there’s API:
/DontUseRasCredentials
/Internet
/UseCountryAndAreaCodes
/UseTypicalSettings (WinVista+)
/UsePreSharedKeyForIkev2Initiator (Win8+)
/UsePreSharedKeyForIkev2Initiator (Win8+)
/UsePreSharedKeyForIkev2Responder (Win8+)
/AutoTriggerCapable (Win8.1+)
/IsThirdPartyProfile (Win8.1+)
/AuthTypeIsOtp (Win8.1+)
/IsAlwaysOn (Win10+)
/IsPrivateNetwork (Win10+)
/PlumbIKEv2TSAsRoutes (Win10+)
/HideStatusMonitor – Disable the tray icon.
/PreviewPhoneNumber – In window of connection, you can change server address.
/SecureRoutingCompartment (WinVista+)
Typical example of the use SetVPN.exe:
setvpn /name="test1" /add /servername="192.168.192.1" /username="aaa" /password="bbb" /disableip6 /onlyip /mschap2 /chap /reconnect
setvpn /name="test2" /add /force /servername="192.168.192.1" /username="aaa" /password="bbb" /disableip6 /onlyip /mschap2 /reconnect /vs_L2tpOnly /UsePSK="psk" /CredsForAll
setvpn /name="test1" /delete
setvpn /name="test2" /savedump
setvpn /name="test2" /viewlogin
setvpn /list
| History of development program: | |
| v.2.0 (2023.10.05) | Fixed a bug with the inability to create the first connection on behalf of a user; Corrected PE header, internal optimization; All functions have been converted to Unicode (for example, when saving a config to a file, connection names); New features – selecting a PBK file to work with (system or current user) – arguments /Pbk*; New features – displaying a list of connections (command /list). |
| v.1.4 (2023.09.13) | Fixed a bug with setting the default gateway. |
| v.1.3 (2022.03.07) | Fixed some bugs (store user/pwd), improved support Win8/10/11 (RASEO2_CacheCredentials by default). |
| v.1.2 (2022.03.01) | Fixed some bugs, the program now works in modern versions of Windows (supported WinXp/WinVista/Win7/Win8/Win10/Win11(21H2)). |
| v.1.1 (2016.02.18) | Minor fix. |
| v.1.0 (2010) | First public version. |
Download “CMD_SetVPN_v20.rar” – 25.24 KBVersion 2.0.0.1, 2023-10-05