Windows 10: VPN profile settings
Windows 10
: VPN profile settingsWindows : VPN profile setting | Description |
---|---|
Connection type | This setting specifies the connection type that a Windows 10 device uses for a VPN. Possible values:
The default value is " Microsoft ." |
Server | This setting specifies the public or routable IP address or DNS name for the VPN. This setting can point to the external IP of a VPN, or a virtual IP for a server farm. This setting is valid only if the "Connection type" is set to " Microsoft ." |
Server URL list | This setting specifies a comma-separated list of servers in URL, host name, or IP format. This setting is valid only if the "Connection type" is not set to " Microsoft ". |
Routing policy type | This setting specifies the type of routing policy. This setting is valid only if the "Connection type" is set to " Microsoft ."Possible values:
The default value is "Force tunnel." |
Native protocol type | This setting specifies the type of routing policy used by the VPN. This setting is valid only if the "Connection type" is set to " Microsoft ."Possible values:
The default value is "Automatic." |
Authentication | This setting specifies the method of authentication used for the native VPN. The "Native protocol type" setting determines which authentication methods are supported and the default value for this setting:
Possible values:
|
EAP configuration | This setting specifies the XML of the EAP configuration. For information about how to generate the EAP configuration XML, visit eap-configuration This setting is valid only if the "Authentication " setting is set to "EAP." |
User method | This setting specifies the type of user method authentication to use. This setting is valid only if the "Authentication " setting is set to "User method." Possible values:
|
Machine method | This setting specifies the type of machine method authentication to use. This setting is valid only if the "Authentication " setting is set to "Machine method." Possible value:
|
Custom configuration | This setting specifies the HTML encoded XML blob for an SSL-VPN plug-in specific configuration, including authentication information, that is sent to the device to make it available for SSL-VPN plug-ins. This setting is valid only if the "Connection type" is not set to " Microsoft ." |
Plugin package family name | This setting specifies the package family name of the custom SSL VPN. This setting is valid only if the "Connection type" is set to "Manual connection definition." |
L2TP preshared key | This setting specifies the preshared key used for an L2TP connection. |
App trigger list | This setting specifies a list of apps that start the VPN connection. |
App trigger list > App ID | This setting identifies an app for a per-app VPN. Possible values:
|
Route list | This setting specifies a list of routes that the VPN can use. If the VPN uses split tunneling, a route list is required. |
Subnet address | This setting specifies the IP address of the destination prefix using the IPv4 or IPv6 address format. |
Subnet prefix | This setting specifies the subnet prefix of the destination prefix. |
Exclusion | This setting specifies whether the route that is added must point to the VPN interface as the gateway or a physical interface. If you select the check box, traffic is directed over the physical interface. If you leave the box unchecked, traffic is directed over the VPN. |
Domain name list | This setting specifies the Name Resolution Policy Table (NRPT) rules for the VPN. |
Domain name | This setting specifies the FQDN or suffix of the domain. |
DNS servers | This setting specifies the list of IP addresses of the DNS servers, separated by commas. |
Web proxy server | This setting specifies the IP address of the web proxy server. |
Trigger VPN | This setting specifies whether this domain name rule triggers the VPN. |
Persistent | This setting specifies whether the domain name rule is applied when the VPN is not connected. |
Traffic filter list | This setting specifies the rules that allow traffic over the VPN. |
Traffic filter list > App ID | This setting identifies an app for an app-based traffic filter. Possible values:
|
Protocol | This setting specifies the protocol that the VPN uses. Possible values:
The default value is "All." |
Local port ranges | This setting specifies the list of allowed local port ranges separated by commas. For example, 100-120, 200, 300-320. |
Remote port ranges | This setting specifies the list of allowed remote port ranges separated by commas. For example, 100-120, 200, 300-320. |
Local address ranges | This setting specifies the list of allowed local IP address ranges, separated by commas. |
Remote address ranges | This setting specifies the list of allowed remote IP address ranges, separated by commas. |
Routing policy type | This setting specifies the routing policy that the traffic filter uses. If set to "Force tunnel," all traffic goes through the VPN. If set to "split tunnel," traffic can go through the VPN or the Internet. Possible values:
The default setting is "Force tunnel." |
Remember credentials | This setting specifies whether the credentials are cached whenever possible. |
Always on | This setting specifies whether devices automatically connect to the VPN at sign-in and stay connected until the user manually disconnects the VPN. |
Lock down | This setting specifies whether this VPN connection must be used when the device connects to a network. When this setting is enabled, the following applies:
|
DNS suffix | This setting specifies one or more DNS suffixes separated by commas. The first DNS suffix in the list is also used as the primary connection for the VPN. The list is added to the SuffixSearchList. |
Trusted network detection | This setting specifies a comma-separated string to identify the trusted network. The VPN does not connect automatically when users are on their organization's wireless network. |
IP Security properties | |
Authentication transform constants | Possible values:
The default setting is "MD596." |
Cipher transform constants | Possible values:
The default setting is "DES." |
Encryption method | Possible values:
The default setting is "DES." |
Integrity check method | Possible values:
The default setting is "MD5." |
Diffie-Hellman Group | Possible values:
The default setting is "Group1." |
PFS Group | Possible values:
The default value is "PFS1." |
Proxy type | This setting specifies the type of proxy configuration for the VPN. Possible values:
The default value is "None." |
PAC URL | This setting specifies the URL for the web server that hosts the PAC file, including the PAC file name. For example, http://www.example.com/PACfile.pac. This setting is valid only if the "Proxy type" setting is set to "PAC configuration." |
Address | This setting specifies the FQDN or IP address for the proxy server. This setting is valid only if the "Proxy type" setting is set to "Manual configuration." |
Associated SCEP profile | This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the VPN. |