IFPCVpnPPPSettings::EnableEAP property

Applies to: desktop apps only

The EnableEAP property gets or sets a Boolean value that indicates whether the Extensible Authentication Protocol (EAP) is enabled. In Forefront TMG, EAP is used only with the Transport Level Security authentication scheme (EAP-TLS) for incoming connections.

This property is read/write.


HRESULT put_EnableEAP(

HRESULT get_EnableEAP(
' Data type: Boolean

Property EnableEAP( _
  ByVal fEnableEAP As VARIANT_BOOL, _
  ByVal pfEnableEAP As VARIANT_BOOL _
) As Boolean

Property value

Boolean value that indicates whether EAP is enabled.

Error codes

These property methods return S_OK if the call is successful; otherwise, they return an error code.


This property is read/write. Its default value is False (VARIANT_FALSE in C++).

EAP can be used to provide an added layer of security to Point-to-Point Protocol (PPP) VPN connections. EAP enables this functionality through certification authority (CA) and smart card technologies, which provide mutual authentication of the VPN client and the VPN server. To use EAP in a VPN scenario, the server must be configured to accept EAP authentication as a valid authentication method and it must have a user certificate (X.509). The client must be configured to use EAP, and either have a smart card (with a smart card certificate installed) or a user certificate.

Multiple EAP types are supported. Enabling EAP through this property adds the EAP-TLS type to the list of EAP types that can be used on the computer, and disabling EAP through this property removes the EAP-TLS type from the list of EAP types. If no EAP type remains on the list, EAP is disabled on the computer.


Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)


Forefront Threat Management Gateway (TMG) 2010





See also




Build date: 7/12/2010