Export (0) Print
Expand All
Expand Minimize

Set-VpnAuthProtocol

Windows Server 2012 R2 and Windows 8.1

Updated: September 24, 2014

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

Set-VpnAuthProtocol

Sets the authentication method for incoming site-to-site (S2S) VPN interfaces on a Routing and Remote Access (RRAS) server.

Syntax

Parameter Set: Set1
Set-VpnAuthProtocol [-AsJob] [-CertificateAdvertised <X509Certificate2> ] [-CertificateEKUsToAccept <String[]> ] [-CimSession <CimSession[]> ] [-PassThru] [-RootCertificateNameToAccept <X509Certificate2> ] [-SharedSecret <String> ] [-ThrottleLimit <Int32> ] [-TunnelAuthProtocolsAdvertised <String> ] [-UserAuthProtocolAccepted <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Set-VpnAuthProtocol cmdlet configures how the incoming site-to-site (S2S) VPN Interfaces on a Routing and Remote Access (RRAS) server are authenticated, such as when the server is a responder for incoming connections whose authentication method is EAP or computer certificates (machine certificates).

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the Receive-Job cmdlet. For more information about Windows PowerShell® background jobs, see about_Jobs.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CertificateAdvertised<X509Certificate2>

Specifies the certificate to be sent to a peer computer. Applicable only if the TunnelAuthProtocolsAdvertised parameter is set to Certificate.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CertificateEKUsToAccept<String[]>

Specifies an array of Certificate Extended Key Usage (EKU) extensions to allow. This parameter is only valid if the UserAuthProtocolAccepted parameter contains certificates.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-RootCertificateNameToAccept<X509Certificate2>

Specifies the root certificates that are allowed. Applicable only if the UserAuthProtocolAccepted parameter contains certificates.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SharedSecret<String>

Specifies the text of the shared secret for the connection. Applicable only if the TunnelAuthProtocolsAdvertised parameter is set to PSK.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-TunnelAuthProtocolsAdvertised<String>

Specifies the remote authentication method used by the RRAS server. If this parameter value is set to pre-shared key (PSK), then the SharedSecret parameter is mandatory. If this parameter value is set to Certificate, then the CertificateAdvertised parameter is mandatory. Only one of the values can be specified.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-UserAuthProtocolAccepted<String[]>

Specifies the local authentication protocols that are allowed.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Management.Infrastructure.CimInstance#VpnAuthProtocol

    The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.


Examples

EXAMPLE 1

This example changes the authentication method used by the server for incoming connections to Certificate and advertises certificates as authentication mechanism to the peer computers.


PS C:\> Set-VpnAuthProtocol -UserAuthProtocolAccepted Certificate -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted. 
 
UserAuthProtocolAccepted      : {Certificate} 
TunnelAuthProtocolsAdvertised : Certificates 
RootCertificateNameToAccept   : 
CertificateAdvertised         : 

EXAMPLE 2

This example sets the root certificate against which all of the incoming connections computer certificates are matched.


 

PS C:\> $cert1 = ( Get-ChildItem -Path cert:LocalMachine\root | Where-Object -FilterScript { $_.Subject -Like "*CN=Contoso Root Certification Authority,*" } )

 

PS C:\> Set-VpnAuthProtocol -RootCertificateNameToAccept $cert1 -PassThru

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft