Share vpn commands on windows in cmd

Create a VPN under CMD
1. Prerequisites
In the service, the windows Firewall is stopped (or you can configure the router Protocol and port 1723)
The Remote Registry Service must be enabled.
Server service must be enabled
The router routing service must be enabled.
It is convenient to use win2000 of two or more NICs for vpn. After the nat protocol is added, the client can use a remote network to connect to the internet. This allows some clients to speed up the network and act as proxies.
Winxp and win2003 of a network card are still very convenient to do similar vpn. After the nat protocol is added, add two more interfaces, one being local connection and the other being internal. Set the local connection to full forwarding, the internal mode is private, which allows users with permissions to dial in.
It is inconvenient to use a similar vpn for win2000 of a network card. After adding the nat protocol, you can add an interface. You can only add local connections, but the graphic interface cannot be added internally, after checking the netsh dump> c: \ 1.txt, try to add an internal interface in the netsh command and pass. Command: netsh routing ip nat add interface private
Some Common commands are as follows: Copy codeThe Code is as follows: netsh ras set user username permit // sets user authorization. This user cannot be tsinternetuser support_388945a0.
Netsh ras ip set addrassign pool // sets the static address pool mode.
Netsh ras ip add range 10.0.0.1 10.0.0.100 // set the static pool range. Use a standard LAN address to avoid address forwarding errors when accessing the internet.
Netsh routing ip nat install // Add nat Protocol
Netsh routing ip nat add interface local connection full // add nat interface local connection full forwarding
Netsh routing ip nat add interface internal private // add nat excuse internal private Mode

Igmp can also be configured in netsh. The command line is long:Copy codeThe Code is as follows: netsh routing ip igmp install
Netsh routing ip igmp add interface internal igmpprototype = effecifenabled = enable robustvar = 2 startupquerycount = 2 startupqueryinterval = 31 genqueryinterval = 125 genqueryresptime = 10 lastmemquerycount = 2 bytes = 1000 bytes = YES
Netsh routing ip igmp add interface name = "Local Connection" igmpprototype = IGMPPROXY ifenabled = enable

If an interface already exists before configuration, delete it first:
Netsh routing ip igmp delete interface internal // similar to this
The Routing and Remote Access Services record a lot of information in the system and security diary, such as ipsec and login information.
Modify the Registry to avoid:Copy codeThe Code is as follows: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ RasMan \ Parameters
ProhibitIPsec "= dword: 00000001
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ RemoteAccess \ Parameters
LoggingFlags "= dword: 00000000

Besides the logon information, the ipsec and remoteaccess warnings are not recorded.

It is also worth mentioning that the establishment of a good vpn, usually using the pptp protocol, tcp1723 port, if we add a tcp1723 allowed entry in the NIC ip policy, basically can dial in. Why is it basic, because pptp has an ip47 protocol besides tcp1723, which is important for authentication unlike tcp and udp. If the firewall on the network is cut off, problems such as dialing-> User Authentication-> dispassing authentication will occur.
When configuring the vpn, you also need the support of the remoteregister service. After the vpn is set up, you can turn it off.
Workstation, server, and rpc are also required during configuration.

After a vpn is created on the command line, no specific configuration information is displayed in rrasmgmt. msc. That is to say, only by viewing the network connection folder can we see a dial-in connection.