Windows 10 - How to establish VPN before Windows login

The situation

Due to remote work and data sharing with the company, site-to-site connection may not be available in all locations. To enhance network security and control, some organizations require a VPN connection before staff can log in.

Here is how to do it

The solution

It’s not obvious how to set up a VPN before the windows login process but I have found the answer.

You need to run the following command from an elevated Powershell window (right-click, – ‘Run as Administrator). You will need to substitute VPN_NAME with a name of your choice and VPN_SERVER_ADDRESS with the IP address or domain address of your VPN server:

Add-VpnConnection -Name VPN_NAME -ServerAddress VPN_SERVER_ADDRESS -AllUserConnection $true -SplitTunneling $true -AuthenticationMethod MSChapv2 -TunnelType Automatic -EncryptionLevel Required -PassThru

If you want to use a specific type of VPN you can change the -TunnelType

eg. -TunnelType “PPTP” or -TunnelType “L2TP” -L2TPpsk “PassKey”

The result

Once you’ve run the add VPN script above, log off the PC. At the login screen, you will see a new network icon in the bottom right of the screen.

Click on that, and it will prompt for your VPN username and password.
I’m using Microsoft Routing and Remote Access for VPN access, which is linked to Active Directory.
This means the user just has to put in their Windows username and password. This then connects the VPN and they get logged into Windows.

Additional Notes:

Please also note you might need to add a Registry key for L2TP if you have NAT on your routers.

Under HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent

Add a DWORD AssumeUDPEncapsulationContextOnSendRule with a value of 2 if both devices are behind NAT firewalls or a value of 1 if one end is behind a NAT Firewall.

If you don’t want to go down the VPN route you can always try some remote access software such as LogMeIn* or check out my IT Tools page for more options

Let me know if this helps in the comment section below, or check out my other support posts here

Another way of supporting me would be to buy me a coffee by clicking below