VeeamPN can help alleviate your Covid-19 remote access woes with a FREE VPN appliance.
With Covid-19 in full swing more and more people are being sent to work from home. Some I.T. teams are overwhelmed with requests and don’t have systems to support that kind of load. Veeam creates a free VPN appliance that we might be able to use to fill this need. VeeamPN is primarily used for site to site VPNs so you can recover to the cloud. We arent going to be looking at any of these features today. We are looking at its OpenVPN endpoint support. This endpoint support does seem secondary, unpolished and doesn’t support the hyped WireGuard.
Given that, the virtual appliance is easy to install/configure and takes ~20 minutes. Then open a port in the firewall, maybe a route or two, and you are good to go.
After that comes the fun part of creating clients for each user/machine and getting it installed/configured for every end-user/point.
I have created some scripts that should make this part easier. We can use PowerShell to interact with the VeeamPN appliance and install/configure OpenVPN on the client.
With these tools, we can query Active Directory a CSV or whatever for a list of users or computers to make into clients. We can then download and modify all these VPN configs. Once we have this list of configs we can trigger remote installs to machines or email instructions and config files to end-users.
After you get the network hub up and running we can use the PowerShell module to create new clients and download their configs.
One thing with the VeeamPN setup that is lacking is DNS and routing options. With the default config that is downloaded the agent has no DNS or routing information. This makes for a crappy VPN experience. There is a function in the module that will modify the config to add DNS and routing information.
Once you have these configs you need to get them out to end users/points. You should be able to make a script that emails each user their config with some instructions.
| Import-Module VeeamPN | |
| $AllUsers = Get-ADUser -Filter * -Properties emailaddress | |
| Connect-VeeamPN -VeeamPNServer $VeeamPNServer -Credential $Credentials | |
| $Clients = Get-VeeamPNClient | |
| foreach($User in $UserList){ | |
| $Result = New-VeeamPNClient -ClientName $User.EmailAddress | |
| $ConfigPath = Get-VeeamPNClientConfig -ID $Result.id -OutputPath $ConfigDirectory | |
| Update-VeeamPNConfig -Config $ConfigPath -Routes $Routes -DNS $DNS | |
| Send-MailMessage -To $User.EmailAddress -from $From -Subject 'VeeamPN!' -Attachments $ConfigPath -Body $Body -SmtpServer $SMTPServer | |
| } |
Sudo code please see github for better examples
If you have remote execution capabilities you can use the module to install and configure the OpenVPN agent.
| Import-Module VeeamPN | |
| $Computers = Get-ADComputer -Filter * -Properties * | |
| $Workstations = $Computers | Where-Object {$_.LastLogonDate -gt (Get-Date).AddDays(-30) -and $_.OperatingSystem -notlike "*server*"} | |
| Connect-VeeamPN @ConnectionInfo | |
| foreach($Computer in $Workstations){ | |
| $Result = New-VeeamPNClient -ClientName $Computer.Name | |
| $ConfigPath = Get-VeeamPNClientConfig -ID $Result.id -OutputPath $ConfigDirectory | |
| Update-VeeamPNConfig -Config $ConfigPath -Routes $Routes -DNS $DNS | |
| $ScriptBlock = { | |
| Install-Module VeeamPN | |
| Import-Module VeeamPN | |
| Invoke-RestMethod "$using:URL/$($using:Computer.Name).ovpn" -OutFile $using:ConfigPath | |
| Install-OpenVPN -ConfigPath $using:ConfigPath | |
| } | |
| Invoke-Command -ComputerName $Computer.Name -ScriptBlock $ScriptBlock | |
| } |
Sudo code please see github for better examples
I hope that VeeamPN and this module can help you keep your people safe and healthy working at home.
Leave a Reply