Skip to content
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

47 lines (46 sloc) 2.81 KB
<!-- The RegisterDNS element is optional and used to register the IP address of the device tunnel VPN connection in internal DNS. If a user tunnel is deployed in conjuction with a device tunnel, this element should only be defined on the device tunnel -->
<!-- The DomainNameInformation element is optional. It should only be used when the DNS servers configured on the VPN server's network interface can't resolve internal Active Directory hostnames -->
<!-- More information regarding DNS configuration for Always On VPN can be found here: -->
<!-- Only IKEv2 is supported for use with the Always On VPN device tunnel -->
<!-- Only machine certificatea authentication is supported for use with the Always On VPN device tunnel -->
<!-- This setting is optional but recommended -->
<!-- The CryptographySuite setting is optional but recommended when using IKEv2. The default security settings for IKEv2 are extremely weak. Details here: -->
<!-- Enabling this setting requires the VPN server to use matching settings. A PowerShell script to configure Windows Server RRAS servers can be found here: -->
<!-- The Route setting is reuqired when DisableClassBasedDefaultRoute is set to "true" -->
<!-- Host routes (/32) should be used to restrict access over the device tunnel to domain controllers. Using traffic filters isn't recommended as it prevents outbound management -->
You can’t perform that action at this time.