Using command line options
Introduction
The SN VPN Client Exclusive offers a set of command-line options as standard that can be used in scripts or batch files. These options are used to perform various tasks, such as opening or closing a VPN tunnel, importing or exporting a VPN configuration, etc.
The syntax of these command-line options always remains the same:
"[installation_directory]\vpnconf.exe" [/option[:value]]
-
[installation_directory] is the directory in which the vpnconf.exe executable file is located (i.e. the SN VPN Client Exclusive installation directory).
-
If the value contains blank spaces (e.g. a directory name), it must be placed between quotation marks.
-
All available options are explained below.
IMPORTANT
The vpnconf.exe command line cannot be run when the SN VPN Client Exclusive is started in TrustedConnect mode. You must quit the TrustedConnect Panel to use the command-line options, and then restart it.
The value TunnelName used with options /open, /status, and /close consists of the following (replace the name of the IKEAuth, ChildSA, or TLS with the name you defined in your configuration):
|
|
TunnelName |
|
IKEv2 |
IKEAuth-ChildSA |
|
SSL |
TLS |
IMPORTANT
The tunnel name is case sensitive. If the name contains spaces, it must be placed between quotation marks.
Difference between import, importonce, add, and replace
The /import option is used to import a VPN configuration and simultaneously start the SN VPN Client Exclusive, if it is not already running.
The /importonce option is used to import a VPN configuration without starting the SN VPN Client Exclusive.
When the SN VPN Client Exclusive is already running, both options simply import the VPN configuration.
When the existing VPN configuration (prior to import) of the SN VPN Client Exclusive is not empty, both options will display a pop-up asking the user whether to “Add or replace”, i.e. add the new VPN configuration or replace the old configuration with the new one.
The /add and /replace options are used to prevent showing the user prompt: the /add option will always add the VPN configuration, the /replace option will always replace the old configuration with the new one.
|
Option |
Prompt to “Add or replace” |
Starts VPN Client if not already running |
|
/import |
Yes |
Yes |
|
/importonce |
Yes |
No |
|
/add |
No: adds the VPN configuration |
No |
|
/replace |
No: replaces the VPN configuration |
No |
If access to the Configuration Panel is restricted to administrators, the command line interpreter (cmd, PowerShell, etc.) must be run as administrator to be able to use the import or export commands: /import, /importonce, /add, /replace, /export, /exportonce.
Importing
/import
|
Syntax: |
"[installation_directory]\vpnconf.exe" /import:[ConfigFileName] |
|
Usage: |
This option is used to import a VPN configuration when the SN VPN Client Exclusive is started. This option can be used to start the SN VPN Client Exclusive with a specific VPN configuration. If the VPN Client is already running, this option will import and update the VPN configuration without stopping the software. A window is displayed prompting you to decide whether the configuration should be added or replaced. If a tunnel is open when you import a configuration, it is closed and no tunnel will be opened automatically. [ConfigFileName] is the complete path to the file to be imported. If the path contains blank spaces, quotation marks must be added before and after. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /import:"C:\Users\Admin\Documents\mavpnconf.tgb" |
NOTE
If the imported VPN configuration is password-protected, you must use the /import option together with the /pwd option (see below).
NOTE
If the current VPN configuration is not empty, the software will display a window prompting the user to decide whether to add the imported VPN configuration or replace the existing configuration with the one being imported. To prevent this window from being displayed, use the /add or /replace options (see below).
/importonce
|
Syntax: |
"[installation_directory]\vpnconf.exe" /importonce:[ConfigFileName] |
|
Usage: |
Same behavior as the /import option, but without starting the VPN Client. [ConfigFileName] is the complete path to the file to be imported. If the path contains blank spaces, quotation marks must be added before and after. |
|
Return code: |
Refer to the note on return codes below. 0: Command has been executed successfully |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /importonce:"C:\Users\admin\Documents\mavpnconf.tgb" |
NOTE
If the VPN configuration is empty, both the /import and /importonce options will not prompt the user for anything and will “add” the VPN configuration.
NOTE
If the current VPN configuration is not empty, the software will display a window prompting the user to decide whether to add the imported VPN configuration or replace the existing configuration with the one being imported. To prevent this window from being displayed, use the /add or /replace options (see below).
NOTE
The /importonce command is preemptive and will pause the rest of the command line until it has been successfully completed.
An error code will be returned in the ERRORLEVEL environment variable (see return codes below).
If /importonce is not specified with a password, but a password is required, a dialog box opens.
NOTE
If the user cancels the Add/Replace prompt, a return code set to 1 will be written in ERRORLEVEL (users are not supposed to use /importonce in a script if the execution should be silent).
/add
|
Syntax: |
"[installation_directory]\vpnconf.exe" /add:[ConfigFileName] |
|
Usage: |
Used to add a VPN configuration. [ConfigFileName] is the complete path to the file to be imported. If the path contains blank spaces, quotation marks must be added before and after. |
|
Return code: |
Refer to the note on return codes below. 0: Command has been executed successfully |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /add:"C:\Users\Admin\Documents\mavpnconf.tgb" |
NOTE
If the imported VPN configuration is password-protected, then /add must be used with the /pwd option (see below).
NOTE
The /add command is preemptive and will pause the rest of the command line until it has been successfully completed.
An error code will be returned in the ERRORLEVEL variable (see return codes below).
If /add is not specified with a password, but a password is required, a dialog box will open.
/replace
|
Syntax: |
"[installation_directory]\vpnconf.exe" /replace:[ConfigFileName] |
|
Usage: |
Used to add a VPN configuration. [ConfigFileName] is the complete path to the file to be imported. If the path contains blank spaces, quotation marks must be added before and after. |
|
Return code: |
Refer to the note on return codes below. 0: Command has been executed successfully |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /replace:"C:\Users\Admin\Documents\mavpnconf.tgb" |
NOTE
If the imported VPN configuration is password-protected, then /replace must be used with the /pwd option (see below).
NOTE
The /replace command is preemptive and will pause the rest of the command line until it has been successfully completed.
An error code will be returned in the ERRORLEVEL variable (see return codes below).
If /replace is not specified with a password, but a password is required, a dialog box will open.
/pwd
|
Syntax: |
"[installation_directory]\vpnconf.exe" /pwd:[password] |
|
Usage: |
Used to specify a password for importing and exporting VPN configurations. This option is used with the following options: /import, /importonce, /add, /replace, /export, /exportonce. In the command line, the /pwd option must be specified after the import or export options. When exporting the configuration file, the password must be greater than or equal to 16 characters in length. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /import:"C:\Users\Admin\Documents\mavpnconf.tgb" /pwd:monmdp |
TIP
From a security standpoint, we recommend using the /importonce, /add and /replace options for maintenance tasks (and not /import), since they quit the software immediately after their execution.
Exporting
/export
|
Syntax: |
"[installation_directory]\vpnconf.exe" /export:[ConfigFileName] |
|
Usage: |
Used to export a VPN configuration when you start the VPN Client software. If the software is already running, the /export option will export the VPN configuration without stopping it. [ConfigFileName] is the complete path to the file to be imported. If the path contains blank spaces, quotation marks must be added before and after. /export can be used with /pwd in order to export a VPN configuration and protect it with a password. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /export:"C:\Users\Admin\Documents\mavpnconf.tgb" /pwd:gq1aRe7fr8TGB2!5 |
/exportonce
|
Syntax: |
"[installation_directory]\vpnconf.exe" /exportonce:[ConfigFileName] |
|
Usage: |
Same behavior as the /export option, but without starting the VPN Client. If the software is already running, the /exportonce option will export the VPN configuration without stopping it. [ConfigFileName] is the complete path to the file to be imported. If the path contains blank spaces, quotation marks must be added before and after. /exportonce can be used with /pwd in order to export a VPN configuration and protect it with a password. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /exportonce:"C:\Users\Admin\Documents\mavpnconf.tgb" /pwd: gq1aRe7fr8TGB2!5 |
Opening/closing a VPN tunnel
The /stop, /closeall, and /status options can only be executed if the SN VPN Client Exclusive is already running and not started in TrustedConnect mode.
The /open and /close options can be executed even if the SN VPN Client Exclusive is not already running. In this case, the software is started and does not quit, but no return code is output to find out the result of the execution.
/stop
|
Syntax: |
"[installation_directory]\vpnconf.exe" /stop |
|
Usage: |
Closes all VPN tunnels currently open and quits the VPN Client software. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /stop |
/open
|
Syntax: |
"[installation_directory]\vpnconf.exe" /open:[TunnelName] |
|
Usage: |
Used to open a VPN tunnel from the command line. |
|
Return code: |
0: Tunnel is still closed Other: See the list of return codes below. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /open:TgbTest-TgbTest @echo return_code = %ERRORLEVEL% Pause |
/status
|
Syntax: |
"[installation_directory]\vpnconf.exe" /status:[TunnelName] |
|
Usage: |
Used to get the status of a VPN tunnel from the command line. |
|
Return code: |
0: VPN tunnel is closed Other: See the list of return codes below. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /status:TgbTest-TgbTest @echo return_code = %ERRORLEVEL% Pause |
/close
|
Syntax: |
"[installation_directory]\vpnconf.exe" /close:[TunnelName] |
|
Usage: |
Used to close a VPN tunnel from the command line. |
|
Return code: |
0: VPN tunnel is closed Other: See the list of return codes below. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /close:TgbTest-TgbTest |
/closeall
|
Syntax: |
"[installation_directory]\vpnconf.exe" /closeall |
|
Usage: |
Used to close all currently open VPN tunnels. |
|
Return code: |
0: All VPN tunnels are closed Other: See the list of return codes below. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /closeall |
Restarting
The /resetike option can only be executed if the SN VPN Client Exclusive is already running and not started in TrustedConnect mode.
/resetike
|
Syntax: |
"[installation_directory]\vpnconf.exe" /resetike |
|
Usage: |
Used to restart the IKE service from the command line. |
|
Return code: |
0: IKE service has restarted Other: See the list of return codes below. |
|
Example: |
"C:\Program Files\Stormshield\Network VPN Client Exclusive\vpnconf.exe" /resetike |
Return codes
The command-line options (/open, /close, /status, /closeall, /resetike) may return the following codes:
|
-1: |
Cannot execute the command: the VPN Client is not running yet. |
|
100 to 499: |
Internal error (contact support). |
|
500: |
The specified VPN tunnel does not exist (case sensitive!). |
|
501 to 999: |
Internal error (contact support). |
|
1000 to 1999: |
Other issue while accessing the VPN tunnel. |
|
1089: |
No reply from gateway. |
|
1090: |
The gateway refuses to authenticate the client (IKE_AUTH Failed). |