-
Notifications
You must be signed in to change notification settings - Fork 7
Description
Currently someone on discord is using the following approach in conjunction with DPC:
Create an event trigger for the following events:
- Microsoft-Windows-NetworkProfile - Event 10000
- Application/RasClient - Event 20226
- Microsoft-Windows-Kernel-Power - Event 42
- User Login (Event ID should be possible to figure out)
This checks for events on the local machine, based on specific event IDs (image.png above).
NetworkProfile 10000 - created when a network connection is established (specifically a domain connection),
RasClient 20226 - typical RAS disconnect event, caused by unhandled termination,
Kernel Power 42 - created when the system enters sleep,
The first and third event IDs are essentially "failsafes" - basically, if a connection has been established, is domain connectivity functional? If the system has recovered from sleep, is domain connectivity still functional?
The second event is the key one - if the RAS client has terminated its connection, we need to get it back up and running asap.
On triggering, the scheduled task runs a Powershell script (Connect-AlwaysOnVPN.ps1) that:
Checks for domain connectivity - if present, script exits cleanly
If domain connectivity is not present, first try to redial the device tunnel (suffix '-DT'), and if that fails, try the backup user tunnel (suffix '-UT') using a "short" connection loop
If the short connection loop doesn't work, retry using a "long" connection loop a maximum of 15 times
The process is effectively:
PowerShell Script to install Scheduled Task -> Scheduled Task in XML Format -> Calls VBS Script -> Calls PowerShell Script to review and trigger tunnels
In this case it appears that the 'primary tunnel' is the device tunnel, against normal best practices however it may be possible to use the same concepts when dialling the user tunnel, device tunnel and the user backup tunnel.
This would need to be an optional feature as it relies on domain connectivity (doesn't cover EID only devices) and also is starting to manipulate VPN connections directly which is something DPC has historically avoided doing