Scenario / Questions

In an XP Pro workstation, is there a way to start the native Windows VPN client and open/close a connection from the command line so it can be scripted in a batch file?

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

Yes, if the VPN connection is called “My VPN” then:

rasdial "My VPN"

will dial the connection. Helpfully it sets errorlevel to the RAS error code if it fails to connect, so your script can detect a connection failure. If you need to supply a username and password instead of using the saved credentials use:

rasdial "My VPN" username password

To disconnect a connection use:

rasdial "My VPN" /disconnect


Suggestion: 2

An alternative that works under Windows 7 (not sure about XP) is:

rasphone -d "My VPN"

This brings up the “dialling” dialog, same as if you double-click on the connection. If you have the username and password saved it automatically dials.

rasdial did not work for me (on Windows 7):

Verifying username and password...

Remote Access error 691 - The remote connection was denied because the user name
 and password combination you provided is not recognized, or the selected authen
tication protocol is not permitted on the remote access server.

If you add empty strings under Windows 7 it works with cached credentials:
rasdial “My VPN” “” “” (those are two pairs of double quotes with nothing in between)

Suggestion: 3

Run command-line: Control ncpa.cpl

enter image description here

Network Connections control

Network Connections control

In first run, edit My VPN Settings

enter image description here

After setup, edit My VPN Settings

enter image description here

Save credentials

enter image description here

Destination VPN host settings

enter image description here

Silent VPN up settings

enter image description here

VPN networking

enter image description here

VPN TCP advanced

enter image description here

VPN gateway

enter image description here

Advanced network connection

enter image description here

Set priority interface

enter image description here

Set priority interface apply

enter image description here

Set priority network provider

enter image description here

Script Silent-dial.cmd:

:: - comment in cmd) - REM alternative
:: disabled command output

@echo off

:: Silent dial "My VPN"
@rasphone -d "My VPN"

:: wait 10 sec W2K3 server test
::@SET waitsec=10
::@choice /T %waitsec% /N /D y /M "wait %waitsec% sec"

:: wait 10 sec - alternative - XP .. 7
@ping -n 10 > NUL 

:: ********************************************
:: get path
:: set route table
:: run application 
:: ********************************************

@ping -n 10 > NUL 

:: silent close "My VPN" connection
@rasphone -h "My VPN"

:: END Silent-dial.cmd

Use powershell or WSH.

Suggestion: 4

I have not seen a command line scheme for the client yet. But, that does not mean it cannot be automated in scripts. Here is a two step approach,

  • Create the shortcut link for the VPN as is done normally for your VPN users
    • Keep it configured with username and password
  • Use AutoIt to script only,
    • launching the shortcut, and
    • pressing ENTER on the VPN login window (which is what a user does when everything is configured)

If I recollect correctly, the code for pressing enter on a window is simply,

Send ("{ENTER}")

Look at the Send command.

You can setup AutoIt on one of your administration machines, get the script working, make and executable for it, and give it to the users. It can then be launched from command line as an executable.