This repository has been archived by the owner on May 28, 2020. It is now read-only.
forked from richardhicks/aovpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProfileXML_User.xml
51 lines (51 loc) · 2.86 KB
/
ProfileXML_User.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<VPNProfile>
<AlwaysOn>true</AlwaysOn>
<RememberCredentials>true</RememberCredentials>
<DnsSuffix>corp.example.net</DnsSuffix>
<!-- The TrustedNetworkDetection element is optional and used to prevent the VPN connection from being established when the device is on the internal network -->
<TrustedNetworkDetection>corp.example.net</TrustedNetworkDetection>
<!-- The DomainNameInformation element is optional. It should only be used when the DNS servers configured on the VPN server's network interface can't resolve internal Active Directory hostnames -->
<!-- More information regarding DNS configuration for Always On VPN can be found here: https://rmhci.co/2M8EaIk -->
<DomainNameInformation>
<DomainName>.corp.example.net</DomainName>
<DnsServers>10.21.12.100,10.21.12.101</DnsServers>
</DomainNameInformation>
<NativeProfile>
<Servers>vpn.example.net</Servers>
<!-- If NativeProtocolType is set to Automatic, SSTP will be used first. Details here: https://rmhci.co/2M8EaIk -->
<NativeProtocolType>Automatic</NativeProtocolType>
<Authentication>
<UserMethod>Eap</UserMethod>
<Eap>
<Configuration><!-- Use Get-EapConfiguration.ps1 (https://rmhci.co/2UqQ3jz) to extract EAP configuration from existing connection and paste file contents here! --></Configuration>
</Eap>
</Authentication>
<RoutingPolicyType>SplitTunnel</RoutingPolicyType>
<!-- The DisableClassBasedDefaultRoute setting is optional but recommended -->
<DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
<!-- The CryptographySuite setting is optional but recommended when using IKEv2. The default security settings for IKEv2 are extremely weak. Details here: https://rmhci.co/2Eou3Op -->
<!-- Enabling this setting requires the VPN server to use matching settings. A PowerShell script to configure Windows Server RRAS servers can be found here: https://rmhci.co/2WRpFgl -->
<CryptographySuite>
<AuthenticationTransformConstants>SHA256128</AuthenticationTransformConstants>
<CipherTransformConstants>AES128</CipherTransformConstants>
<EncryptionMethod>AES128</EncryptionMethod>
<IntegrityCheckMethod>SHA256</IntegrityCheckMethod>
<DHGroup>Group14</DHGroup>
<PfsGroup>PFS2048</PfsGroup>
</CryptographySuite>
</NativeProfile>
<!-- The Route setting is required when DisableClassBasedDefaultRoute is set to "true" -->
<!-- All RFC 1918 private IP address networks are shown here as an example. -->
<Route>
<Address>10.0.0.0</Address>
<PrefixSize>8</PrefixSize>
</Route>
<Route>
<Address>172.16.0.0</Address>
<PrefixSize>12</PrefixSize>
</Route>
<Route>
<Address>192.168.0.0</Address>
<PrefixSize>16</PrefixSize>
</Route>
</VPNProfile>