VPNv2 云解决方案提供商VPNv2 CSP

VPNv2 配置服务提供程序允许移动设备管理 (MDM) 服务器配置设备的 VPN 配置文件。The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.

以下是此 CSP 的要求:Here are the requirements for this CSP:

  • VPN 配置命令必须封装在 SyncML 中的原子块中。VPN configuration commands must be wrapped in an Atomic block in SyncML.

  • 为了获得最佳结果,先配置 VPN 证书,然后再将 VPN 配置文件向下推送到设备。For best results, configure your VPN certificates first before pushing down VPN profiles to devices. 如果你使用的是 Windows 信息保护 (WIP) (以前称为企业数据保护) ,则应该在配置 WIP 策略之前先配置 VPN。If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.

  • 请按照以下步骤进行更改,而不是更改单个属性:Instead of changing individual properties, follow these steps to make any changes:

    • 发送 ProfileName 的 Delete 命令以删除整个配置文件。Send a Delete command for the ProfileName to delete the entire profile.

    • 使用封装在 Atomic 块中的新值再次发送整个配置文件。Send the entire profile again with new values wrapped in an Atomic block.

      在某些情况下,你可以直接更改某些属性,但我们不建议这样做。In certain conditions you can change some properties directly, but we do not recommend it.

所有 EAP 方法的 XSD 均在框中提供,可在以下位置找到:The XSDs for all EAP methods are shipped in the box and can be found at the following locations:

  • C:\Windows\schemas\EAPHost
  • C:\Windows\schemas\EAPMethods

下面以树格式显示 VPNv2 配置服务提供程序。The following shows the VPNv2 configuration service provider in tree format.

./Vendor/MSFT
VPNv2
----ProfileName
--------AppTriggerList
------------appTriggerRowId
----------------App
--------------------Id
--------------------Type
--------RouteList
------------routeRowId
----------------Address
----------------PrefixSize
----------------Metric
----------------ExclusionRoute
--------DomainNameInformationList
------------dniRowId
----------------DomainName
----------------DomainNameType
----------------DnsServers
----------------WebProxyServers
----------------AutoTrigger
----------------Persistent
--------TrafficFilterList
------------trafficFilterId
----------------App
--------------------Id
--------------------Type
----------------Claims
----------------Protocol
----------------LocalPortRanges
----------------RemotePortRanges
----------------LocalAddressRanges
----------------RemoteAddressRanges
----------------RoutingPolicyType
----------------Direction
--------EdpModeId
--------RememberCredentials
--------AlwaysOn
--------LockDown
--------DeviceTunnel
--------RegisterDNS
--------DnsSuffix
--------ByPassForLocal
--------TrustedNetworkDetection
--------ProfileXML
--------Proxy
------------Manual
----------------Server
------------AutoConfigUrl
--------APNBinding
------------ProviderId
------------AccessPointName
------------UserName
------------Password
------------IsCompressionEnabled
------------AuthenticationType
--------DeviceCompliance
------------Enabled
------------Sso
----------------Enabled
----------------IssuerHash
----------------Eku
--------PluginProfile
------------ServerUrlList
------------CustomConfiguration
------------PluginPackageFamilyName
------------CustomStoreUrl
------------WebAuth
----------------Enabled
----------------ClientId
--------NativeProfile
------------Servers
------------RoutingPolicyType
------------NativeProtocolType
------------Authentication
----------------UserMethod
----------------MachineMethod
----------------Eap
--------------------Configuration
--------------------Type
----------------Certificate
--------------------Issuer
--------------------Eku
------------CryptographySuite
----------------AuthenticationTransformConstants
----------------CipherTransformConstants
----------------EncryptionMethod
----------------IntegrityCheckMethod
----------------DHGroup
----------------PfsGroup
------------L2tpPsk
------------DisableClassBasedDefaultRoute
------------PlumbIKEv2TSAsRoutes


./User/Vendor/MSFT
VPNv2
----ProfileName
--------AppTriggerList
------------appTriggerRowId
----------------App
--------------------Id
--------------------Type
--------RouteList
------------routeRowId
----------------Address
----------------PrefixSize
----------------Metric
----------------ExclusionRoute
--------DomainNameInformationList
------------dniRowId
----------------DomainName
----------------DomainNameType
----------------DnsServers
----------------WebProxyServers
----------------AutoTrigger
----------------Persistent
--------TrafficFilterList
------------trafficFilterId
----------------App
--------------------Id
--------------------Type
----------------Claims
----------------Protocol
----------------LocalPortRanges
----------------RemotePortRanges
----------------LocalAddressRanges
----------------RemoteAddressRanges
----------------RoutingPolicyType
--------EdpModeId
--------RememberCredentials
--------AlwaysOn
--------DnsSuffix
--------ByPassForLocal
--------TrustedNetworkDetection
--------ProfileXML
--------Proxy
------------Manual
----------------Server
------------AutoConfigUrl
--------APNBinding
------------ProviderId
------------AccessPointName
------------UserName
------------Password
------------IsCompressionEnabled
------------AuthenticationType
--------DeviceCompliance
------------Enabled
------------Sso
----------------Enabled
----------------IssuerHash
----------------Eku
--------PluginProfile
------------ServerUrlList
------------CustomConfiguration
------------PluginPackageFamilyName
------------CustomStoreUrl
------------WebAuth
----------------Enabled
----------------ClientId
--------NativeProfile
------------Servers
------------RoutingPolicyType
------------NativeProtocolType
------------Authentication
----------------UserMethod
----------------MachineMethod
----------------Eap
--------------------Configuration
--------------------Type
----------------Certificate
--------------------Issuer
--------------------Eku
------------CryptographySuite
----------------AuthenticationTransformConstants
----------------CipherTransformConstants
----------------EncryptionMethod
----------------IntegrityCheckMethod
----------------DHGroup
----------------PfsGroup
------------L2tpPsk
------------DisableClassBasedDefaultRoute
------------PlumbIKEv2TSAsRoutes


./Vendor/MSFT
./User/Vendor/MSFT
VPNv2
----ProfileName
--------AppTriggerList
------------appTriggerRowId
----------------App
--------------------Id
--------------------Type
--------RouteList
------------routeRowId
----------------Address
----------------PrefixSize
----------------Metric
----------------ExclusionRoute
--------DomainNameInformationList
------------dniRowId
----------------DomainName
----------------DomainNameType
----------------DnsServers
----------------WebProxyServers
----------------AutoTrigger
----------------Persistent
--------TrafficFilterList
------------trafficFilterId
----------------App
--------------------Id
--------------------Type
----------------Claims
----------------Protocol
----------------LocalPortRanges
----------------RemotePortRanges
----------------LocalAddressRanges
----------------RemoteAddressRanges
----------------RoutingPolicyType
----------------Direction
--------EdpModeId
--------RememberCredentials
--------AlwaysOn
--------LockDown
--------DeviceTunnel
--------RegisterDNS
--------DnsSuffix
--------ByPassForLocal
--------TrustedNetworkDetection
--------ProfileXML
--------Proxy
------------Manual
----------------Server
------------AutoConfigUrl
--------APNBinding
------------ProviderId
------------AccessPointName
------------UserName
------------Password
------------IsCompressionEnabled
------------AuthenticationType
--------DeviceCompliance
------------Enabled
------------Sso
----------------Enabled
----------------IssuerHash
----------------Eku
--------PluginProfile
------------ServerUrlList
------------CustomConfiguration
------------PluginPackageFamilyName
------------CustomStoreUrl
------------WebAuth
----------------Enabled
----------------ClientId
--------NativeProfile
------------Servers
------------RoutingPolicyType
------------NativeProtocolType
------------Authentication
----------------UserMethod
----------------MachineMethod
----------------Eap
--------------------Configuration
--------------------Type
----------------Certificate
--------------------Issuer
--------------------Eku
------------CryptographySuite
----------------AuthenticationTransformConstants
----------------CipherTransformConstants
----------------EncryptionMethod
----------------IntegrityCheckMethod
----------------DHGroup
----------------PfsGroup
------------L2tpPsk
------------DisableClassBasedDefaultRoute
------------PlumbIKEv2TSAsRoutes

设备或用户配置文件Device or User profile
对于用户配置文件,请使用 ./User/Vendor/MSFT 路径,对于设备配置文件,请使用 ./Device/Vendor/MSFT 路径。For user profile, use ./User/Vendor/MSFT path and for device profile, use ./Device/Vendor/MSFT path.

VPNv2/ ProfileNameVPNv2/ProfileName
配置文件的唯一字母数字标识符。Unique alpha numeric identifier for the profile. 配置文件名称不得包含正斜杠 (/) 。The profile name must not include a forward slash (/).

支持的操作包括 Get、Add 和 Delete。Supported operations include Get, Add, and Delete.

备注

如果配置文件名称有空格或其他非字母数字字符,则必须根据 URL 编码标准正确转义该名称。If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.

VPNv2/ ProfileName /AppTriggerListVPNv2/ProfileName/AppTriggerList
可选节点。Optional node. 设置为触发 VPN 的应用程序列表。List of applications set to trigger the VPN. 如果其中任何应用已启动,并且 VPN 配置文件当前为活动配置文件,将触发此 VPN 配置文件进行连接。If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.

VPNv2/ ProfileName /AppTriggerList/ appTriggerRowIdVPNv2/ProfileName/AppTriggerList/appTriggerRowId
一个顺序整数标识符,允许为应用触发器指定多个应用。A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. 排序必须从 0 开始,并且不应跳过数字。Sequencing must start at 0 and you should not skip numbers.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /AppTriggerList/ appTriggerRowId /AppVPNv2/ProfileName/AppTriggerList/appTriggerRowId/App
行 ID 下的"应用节点"。App Node under the Row Id.

VPNv2/ ProfileName /AppTriggerList/ appTriggerRowId /App/IdVPNv2/ProfileName/AppTriggerList/appTriggerRowId/App/Id
应用标识,它是应用的程序包系列名称或文件路径。App identity, which is either an app’s package family name or file path. 类型由 Id 推断,因此无法在"仅获取应用/类型"字段中指定The type is inferred by the Id, and therefore cannot be specified in the get only App/Type field

VPNv2/ ProfileName /AppTriggerList/ appTriggerRowId /App/TypeVPNv2/ProfileName/AppTriggerList/appTriggerRowId/App/Type
返回 App/Id 的类型。此值可以是下列值之一:Returns the type of App/Id. This value can be either of the following:

  • PackageFamilyName - 返回此值时,App/Id 值表示应用的 PackageFamilyName。PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. PackageFamilyName 是 Microsoft Store 应用程序的唯一名称。The PackageFamilyName is the unique name of the Microsoft Store application.
  • FilePath - 返回此值时,App/Id 值表示应用程序的完整文件路径。FilePath - When this is returned, the App/Id value represents the full file path of the app. 例如,C:\Windows\System\Notepad.exeFor example, C:\Windows\System\Notepad.exe.

值类型为 chr。Value type is chr. 支持的操作为 Get。Supported operation is Get.

VPNv2/ ProfileName /RouteList/VPNv2/ProfileName/RouteList/
可选节点。Optional node. 要添加到 VPN 接口路由表的路由列表。List of routes to be added to the routing table for the VPN interface. 如果 VPN 服务器站点具有基于分配给接口的 IP 的默认子网更多的子网,则拆分隧道需要此配置。This is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface.

运行 TCP/IP 的每台计算机都做出路由决策。Every computer that runs TCP/IP makes routing decisions. 这些决策由 IP 路由表控制。These decisions are controlled by the IP routing table. 在此节点下添加值会使用 VPN 接口后连接的路由更新路由表。Adding values under this node updates the routing table with routes for the VPN interface post connection. 此节点下的值表示 IP 路由的目标前缀。The values under this node represent the destination prefix of IP routes. 目标前缀由 IP 地址前缀和前缀长度组成。A destination prefix consists of an IP address prefix and a prefix length.

在此处添加路由允许网络堆栈标识需要通过拆分隧道 VPN 的 VPN 接口的流量。Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. 某些 VPN 服务器可以在连接协商期间进行配置,并且不需要 VPN 配置文件中的此信息。Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. 请与 VPN 服务器管理员联系,以确定是否需要 VPN 配置文件中的此信息。Please check with your VPN server administrator to determine whether you need this information in the VPN profile.

VPNv2/ ProfileName /RouteList/ routeRowIdVPNv2/ProfileName/RouteList/routeRowId
RouteList 的顺序整数标识符。A sequential integer identifier for the RouteList. 如果要添加路由,这是必需的。This is required if you are adding routes. 顺序必须从 0 开始。Sequencing must start at 0.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /RouteList/ routeRowId /AddressVPNv2/ProfileName/RouteList/routeRowId/Address
IPv4/v6 地址格式的子网地址,该地址和前缀将用于确定通过 VPN 接口发送的目标前缀。Subnet address in IPv4/v6 address format which, along with the prefix will be used to determine the destination prefix to send via the VPN Interface. 这是目标前缀的 IP 地址部分。This is the IP address part of the destination prefix.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete. 值类型为 chr。Value type is chr. 示例:Example, 192.168.0.0

VPNv2/ ProfileName /RouteList/ routeRowId /PrefixSizeVPNv2/ProfileName/RouteList/routeRowId/PrefixSize
路由条目的目标前缀的子网前缀大小部分。The subnet prefix size part of the destination prefix for the route entry. 这将与 地址一起用于确定要通过 VPN 接口路由的目标前缀。This, along with the address will be used to determine the destination prefix to route through the VPN Interface.

值类型为 int。支持的操作包括 Get、Add、Replace 和 Delete。Value type is int. Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /RouteList/ routeRowId /MetricVPNv2/ProfileName/RouteList/routeRowId/Metric
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 路由的指标。The route's metric.

值类型为 int。支持的操作包括 Get、Add、Replace 和 Delete。Value type is int. Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /RouteList/ routeRowId /ExclusionRouteVPNv2/ProfileName/RouteList/routeRowId/ExclusionRoute
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 一个布尔值,指定要添加的路由应指向 VPN 接口还是作为网关的物理接口。A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. 有效值:Valid values:

  • False (默认) - 此路由将通过 VPN 直接流量False (default) - This route will direct traffic over the VPN
  • True - 此路由将引导流量通过物理接口。True - This route will direct traffic over the physical interface.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DomainNameInformationListVPNv2/ProfileName/DomainNameInformationList
可选节点。Optional node. 名称解析策略表 (VPN) 的 NRPT 规则。Name Resolution Policy Table (NRPT) rules for the VPN profile.

名称解析策略表 (NRPT) 是 Windows 注册表中存储的命名空间和相应设置的表,用于确定发出查询和处理响应时 DNS 客户端的行为。The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. NRPT 中的每一行表示 DNS 客户端针对其查询的命名空间的一部分的规则。Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. 在发出名称解析查询之前,DNS 客户端会查阅 NRPT,以确定在查询中是否必须设置任何其他标志。Before issuing name resolution queries, the DNS client consults the NRPT to determine if any additional flags must be set in the query. 收到响应后,客户端会再次咨询 NRPT,以检查是否有特殊处理或策略要求。After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. 如果没有 NRPT,客户端将基于在接口上设置的 DNS 服务器和后缀进行操作。In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowIdVPNv2/ProfileName/DomainNameInformationList/dniRowId
域名信息的顺序整数标识符。A sequential integer identifier for the Domain Name information. 顺序必须从 0 开始。Sequencing must start at 0.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowId /DomainNameVPNv2/ProfileName/DomainNameInformationList/dniRowId/DomainName
用于指示应用策略的命名空间。Used to indicate the namespace to which the policy applies. 发出名称查询时,DNS 客户端会将查询中的名称与 DomainNameInformationList 下的所有命名空间进行比较以查找匹配项。When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. 此参数可以是下列类型之一:This parameter can be one of the following types:

  • FQDN - 完全限定的域名FQDN - Fully qualified domain name
  • 后缀 - 将追加到 DNS 解析的短名称查询的域后缀。Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. 若要指定后缀,请预置 To specify a suffix, prepend . 到 DNS 后缀。to the DNS suffix.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowId /DomainNameTypeVPNv2/ProfileName/DomainNameInformationList/dniRowId/DomainNameType
返回命名空间类型。Returns the namespace type. 此值可以是下列值之一:This value can be one of the following:

  • FQDN - 如果 DomainName 未在 前添加 FQDN - If the DomainName was not prepended with a . 和 仅适用于指定主机的完全限定 (FQDN) FQDN。and applies only to the fully qualified domain name (FQDN) of a specified host.
  • 后缀 - 如果 DomainName 的前缀为 Suffix - If the DomainName was prepended with a . 和 应用于指定的命名空间、该命名空间中的所有记录以及所有子域。and applies to the specified namespace, all records in that namespace, and all subdomains.

值类型为 chr。Value type is chr. 支持的操作为 Get。Supported operation is Get.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowId /DnsServersVPNv2/ProfileName/DomainNameInformationList/dniRowId/DnsServers
要用于命名空间的逗号分隔 DNS 服务器 IP 地址列表。List of comma-separated DNS Server IP addresses to use for the namespace.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowId /WebProxyServersVPNv2/ProfileName/DomainNameInformationList/dniRowId/WebProxyServers
可选。Optional. Web 代理服务器 IP 地址(如果要通过 Intranet 重定向流量)。Web Proxy Server IP address if you are redirecting traffic through your intranet.

备注

目前仅支持一个 Web 代理服务器。Currently only one web proxy server is supported.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowId /AutoTriggerVPNv2/ProfileName/DomainNameInformationList/dniRowId/AutoTrigger
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 可选。Optional. 用于确定此域名规则是否将触发 VPN 的布尔值。Boolean to determine whether this domain name rule will trigger the VPN.

如果设置为 False,则此 DomainName 规则不会触发 VPN。If set to False, this DomainName rule will not trigger the VPN.

如果设置为 True,则此 DomainName 规则将触发 VPNIf set to True, this DomainName rule will trigger the VPN

默认情况下,此值为 false。By default, this value is false.

值类型为 bool。Value type is bool.

VPNv2/ ProfileName /DomainNameInformationList/ dniRowId /PersistentVPNv2/ProfileName/DomainNameInformationList/dniRowId/Persistent
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 一个布尔值,指定添加的规则即使在未连接 VPN 时也应保持。A boolean value that specifies if the rule being added should persist even when the VPN is not connected. 值:Value values:

  • False (默认) - 只有在连接 VPN 时,才应用此 DomainName 规则。False (default) - This DomainName rule will only be applied when VPN is connected.
  • True - 此 DomainName 规则将始终存在并应用。True - This DomainName rule will always be present and applied.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterListVPNv2/ProfileName/TrafficFilterList
指定规则列表的可选节点。An optional node that specifies a list of rules. 仅可通过 VPN 接口发送匹配这些规则的流量。Only traffic that matches these rules can be sent via the VPN Interface.

备注

添加 TrafficFilterList 后,将阻止除匹配规则的流量外的所有流量。Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.

添加多个规则时,每个规则都基于 OR 与其他规则一起运行。When adding multiple rules, each rule operates based on an OR with the other rules. 在每个规则中,每个属性都基于 AND 彼此运行。Within each rule, each property operates based on an AND with each other.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterIdVPNv2/ProfileName/TrafficFilterList/trafficFilterId
流量筛选器规则的顺序整数标识符。A sequential integer identifier for the Traffic Filter rules. 顺序必须从 0 开始。Sequencing must start at 0.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /AppVPNv2/ProfileName/TrafficFilterList/trafficFilterId/App
每个应用 VPN 规则。Per app VPN rule. 这将只允许通过 VPN 接口允许指定的应用。This will allow only the apps specified to be allowed over the VPN interface. 值类型为 chr。Value type is chr.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /App/IdVPNv2/ProfileName/TrafficFilterList/trafficFilterId/App/Id
基于应用的流量筛选器的应用标识。App identity for the app-based traffic filter.

此节点的值可以是下列值之一:The value for this node can be one of the following:

  • PackageFamilyName - 此 App/Id 值表示应用的 PackageFamilyName。PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. PackageFamilyName 是 Microsoft Store 应用程序的唯一名称。The PackageFamilyName is the unique name of a Microsoft Store application.
  • FilePath - 此 App/Id 值表示应用程序的完整文件路径。FilePath - This App/Id value represents the full file path of the app. 例如,C:\Windows\System\Notepad.exeFor example, C:\Windows\System\Notepad.exe.
  • SYSTEM – 此值允许内核驱动程序通过 VPN 发送流量 (例如 PING 或 SMB) 。SYSTEM – This value enables Kernel Drivers to send traffic through VPN (for example, PING or SMB).

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /App/TypeVPNv2/ProfileName/TrafficFilterList/trafficFilterId/App/Type
返回应用/ID 的 ID 类型Returns the type of ID of the App/Id.

值类型为 chr。Value type is chr. 支持的操作为 Get。Supported operation is Get.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /ClaimsVPNv2/ProfileName/TrafficFilterList/trafficFilterId/Claims
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /ProtocolVPNv2/ProfileName/TrafficFilterList/trafficFilterId/Protocol
0-255 的数字值,表示要允许的 IP 协议。Numeric value from 0-255 representing the IP protocol to allow. 例如,TCP = 6,UDP = 17。For example, TCP = 6 and UDP = 17.

值类型为 int。支持的操作包括 Get、Add、Replace 和 Delete。Value type is int. Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /LocalPortRangesVPNv2/ProfileName/TrafficFilterList/trafficFilterId/LocalPortRanges
指定允许的本地端口范围的逗号分隔值列表。A list of comma-separated values specifying local port ranges to allow. 例如,100-120, 200, 300-320For example, 100-120, 200, 300-320.

备注

只有在协议设置为 TCP=6 或 UDP=17 时,端口才有效。Ports are only valid when the protocol is set to TCP=6 or UDP=17.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /RemotePortRangesVPNv2/ProfileName/TrafficFilterList/trafficFilterId/RemotePortRanges
指定允许的远程端口范围的逗号分隔值列表。A list of comma-separated values specifying remote port ranges to allow. 例如,100-120, 200, 300-320For example, 100-120, 200, 300-320.

备注

只有在协议设置为 TCP=6 或 UDP=17 时,端口才有效。Ports are only valid when the protocol is set to TCP=6 or UDP=17.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /LocalAddressRangesVPNv2/ProfileName/TrafficFilterList/trafficFilterId/LocalAddressRanges
指定允许的本地 IP 地址范围的逗号分隔值列表。A list of comma-separated values specifying local IP address ranges to allow.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /RemoteAddressRangesVPNv2/ProfileName/TrafficFilterList/trafficFilterId/RemoteAddressRanges
指定要允许的远程 IP 地址范围的逗号分隔值列表。A list of comma-separated values specifying remote IP address ranges to allow.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /RoutingPolicyTypeVPNv2/ProfileName/TrafficFilterList/trafficFilterId/RoutingPolicyType
如果应用或声明类型在流量筛选器中使用,则指定路由策略。Specifies the routing policy if an App or Claims type is used in the traffic filter. 此属性的范围仅针对此流量筛选器规则。The scope of this property is for this traffic filter rule alone. 值可以是下列值之一:The value can be one of the following:

  • SplitTunnel - 对于此流量筛选器规则,仅针对 VPN 接口 (由网络堆栈规则确定) 流量通过该接口。SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet 流量可以继续通过其他接口。Internet traffic can continue to go over the other interfaces.
  • ForceTunnel - 对于此流量规则,所有 IP 流量都必须仅通过 VPN 接口。ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.

这仅适用于基于应用 ID 的流量筛选器规则。This is only applicable for App ID-based Traffic Filter rules.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /TrafficFilterList/ trafficFilterId /DirectionVPNv2/ProfileName/TrafficFilterList/trafficFilterId/Direction
在 Windows 10 版本 2004 中添加。Added in Windows 10, version 2004. 指定要应用此策略的流量方向。Specifies the traffic direction to apply this policy to. 默认值为"出站"。Default is Outbound. 值可以是下列值之一:The value can be one of the following:

  • 出站 - 规则适用于所有出站流量Outbound - The rule applies to all outbound traffic
  • 入站 - 规则适用于所有入站通信Inbound - The rule applies to all inbound traffic

如果未提供入站筛选器,则默认情况下将阻止所有未经请求的入站通信。If no inbound filter is provided, then by default all unsolicited inbound traffic will be blocked.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /EdpModeIdVPNv2/ProfileName/EdpModeId
企业 ID,这是通过 WIP 策略连接此 VPN 配置文件所需的。Enterprise ID, which is required for connecting this VPN profile with a WIP policy. 设置后,网络堆栈在应用令牌中查找此企业 ID,以确定是否允许流量通过 VPN。When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. 如果配置文件处于活动状态,它还会自动触发 VPN 进行连接。If the profile is active, it also automatically triggers the VPN to connect. 我们建议每个设备只有一个这样的配置文件。We recommend having only one such profile per device.

此外,当连接到 Windows 信息保护 (WIP) (以前称为企业数据保护) 时,管理员无需在此配置文件 (中单独指定 AppTriggerList 和 TrafficFilterList 规则) 因为 WIP 策略和应用列表会自动生效。Additionally when connecting with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /RememberCredentialsVPNv2/ProfileName/RememberCredentials
用于缓存凭据 (布尔值) true 或 false。Boolean value (true or false) for caching credentials. 默认值为 false,表示不缓存凭据。Default is false, which means do not cache credentials. 如果设置为 true,将尽可能缓存凭据。If set to true, credentials are cached whenever possible.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /AlwaysOnVPNv2/ProfileName/AlwaysOn
启用 Always On 模式的可选标志。An optional flag to enable Always On mode. 这将在登录时自动连接 VPN,并一直保持连接状态,直到用户手动断开连接。This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.

备注

Always On 仅适用于活动配置文件。Always On only works for the active profile. 预配的第一个可自动触发的配置文件将自动设置为活动。The first profile provisioned that can be auto triggered will automatically be set as active.

保留用户始终打开首选项Preserving user Always On preference

Windows 具有保留用户的 AlwaysOn 首选项的功能。Windows has a feature to preserve a user’s AlwaysOn preference. 如果用户手动取消选中"自动连接"复选框,Windows 会通过将配置文件名称添加到值 AutoTriggerDisabledProfilesList 来记住此配置文件名称的用户首选项。In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
如果管理工具删除/添加同一配置文件名称,并且将 AlwaysOn 设置为 true,则 Windows 将不会选中该框(如果配置文件名称存在于下面的注册表值中,以便保留用户首选项)。Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference. 项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config 值:AutoTriggerDisabledProfilesList 类型:REG_MULTI_SZKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config Value: AutoTriggerDisabledProfilesList Type: REG_MULTI_SZ

有效值:Valid values:

  • 假 (默认) - 始终打开已关闭。False (default) - Always On is turned off.
  • True - 始终打开。True - Always On is turned on.

值类型为 bool。Value type is bool. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DeviceTunnel (./Device only profile) VPNv2/ProfileName/DeviceTunnel (./Device only profile)
设备隧道配置文件。Device tunnel profile.

有效值:Valid values:

  • 如果 (,) False - 这不是设备隧道配置文件。False (default) - this is not a device tunnel profile.
  • True - 这是设备隧道配置文件。True - this is a device tunnel profile.

当 DeviceTunnel 配置文件打开时,它将执行以下操作:When the DeviceTunnel profile is turned on, it does the following things:

  • 首先,它会自动变为"始终打开"配置文件。First, it automatically becomes an "always on" profile.
  • 其次,它不需要任何用户登录或登录计算机,以便计算机进行连接。Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
  • 第三,同一计算机上可能不存在任何其他设备隧道配置文件。Third, no other device tunnel profile maybe is present on the same machine.-

必须先删除设备隧道配置文件,然后才能添加、删除或连接其他设备隧道配置文件。A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.

值类型为 bool。Value type is bool. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /RegisterDNS允许在 DNS 中注册连接的地址。VPNv2/ProfileName/RegisterDNS Allows registration of the connection's address in DNS.

有效值:Valid values:

  • False = 请勿在 DNS 中注册连接地址, (默认) 。False = Do not register the connection's address in DNS (default).
  • True = 在 DNS 中注册连接的地址。True = Register the connection's addresses in DNS.

VPNv2/ ProfileName /DnsSuffixVPNv2/ProfileName/DnsSuffix
可选。Optional. 指定一个或多个以逗号分隔的 DNS 后缀。Specifies one or more comma-separated DNS suffixes. 列表中的第一个还将用作 VPN 接口的主连接特定 DNS 后缀。The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. 整个列表也将添加到 SuffixSearchList 中。The entire list will also be added into the SuffixSearchList.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /ByPassForLocalVPNv2/ProfileName/ByPassForLocal
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /TrustedNetworkDetectionVPNv2/ProfileName/TrustedNetworkDetection
可选。Optional. 用于标识受信任网络的逗号分隔字符串。Comma-separated string to identify the trusted network. 当用户连入设备可直接访问受保护的资源的公司无线网络时,不会自动连接 VPN。VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /ProfileXMLVPNv2/ProfileName/ProfileXML
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 用于预配 VPN 的所有字段的 XML 架构。The XML schema for provisioning all the fields of a VPN. 有关 XSD,请参阅ProfileXML XSD。For the XSD, see ProfileXML XSD.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /ProxyVPNv2/ProfileName/Proxy
配置对象的集合,用于启用 VPN 强制隧道连接的连接后代理支持。A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. 当此配置文件处于活动状态且已连接时,将应用为此配置文件定义的代理。The proxy defined for this profile is applied when this profile is active and connected.

备注

VPN 代理设置仅用于强制隧道连接。VPN proxy settings are used only on Force Tunnel connections. 在拆分隧道连接上,使用常规代理设置。On Split Tunnel connections, the general proxy settings are used.

VPNv2/ ProfileName /Proxy/ManualVPNv2/ProfileName/Proxy/Manual
包含手动服务器设置的可选节点。Optional node containing the manual server settings.

VPNv2/ ProfileName /Proxy/Manual/ServerVPNv2/ProfileName/Proxy/Manual/Server
可选。Optional. 作为完全限定主机名或 IP 地址的代理服务器地址。Proxy server address as a fully qualified hostname or an IP address. 您应将此元素与 Port 一起设置。You should set this element together with Port. 示例,proxy.contoso.com。Example, proxy.contoso.com.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /Proxy/AutoConfigUrlVPNv2/ProfileName/Proxy/AutoConfigUrl
可选。Optional. 用于自动检索代理设置的 URL。URL to automatically retrieve the proxy settings.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /APNBindingVPNv2/ProfileName/APNBinding
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /APNBinding/ProviderIdVPNv2/ProfileName/APNBinding/ProviderId
保留以供将来使用。Reserved for future use. 可选节点。Optional node.

VPNv2/ ProfileName /APNBinding/AccessPointNameVPNv2/ProfileName/APNBinding/AccessPointName
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /APNBinding/UserNameVPNv2/ProfileName/APNBinding/UserName
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /APNBinding/PasswordVPNv2/ProfileName/APNBinding/Password
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /APNBinding/IsCompressionEnabledVPNv2/ProfileName/APNBinding/IsCompressionEnabled
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /APNBinding/AuthenticationTypeVPNv2/ProfileName/APNBinding/AuthenticationType
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /DeviceComplianceVPNv2/ProfileName/DeviceCompliance
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. DeviceCompliance 下的节点可用于为 VPN 启用基于 AAD 的条件访问。Nodes under DeviceCompliance can be used to enable AAD-based Conditional Access for VPN.

VPNv2/ ProfileName /DeviceCompliance/EnabledVPNv2/ProfileName/DeviceCompliance/Enabled
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 从客户端启用设备合规性流。Enables the Device Compliance flow from the client. 如果标记为 True,VPN 客户端将尝试与 AAD 通信,获取用于身份验证的证书。If marked as True, the VPN Client will attempt to communicate with AAD to get a certificate to use for authentication. VPN 应设置为使用证书身份验证,并且 VPN 服务器必须信任 Azure Active Directory 返回的服务器。The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory.

值类型为 bool。Value type is bool. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DeviceCompliance/SsoVPNv2/ProfileName/DeviceCompliance/Sso
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 对于设备合规性,SSO 下的节点可用于选择不同于 Kerberos 身份验证的 VPN 身份验证证书的证书。Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication in the case of Device Compliance.

VPNv2/ ProfileName /DeviceCompliance/Sso/EnabledVPNv2/ProfileName/DeviceCompliance/Sso/Enabled
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 如果此字段设置为 True,VPN 客户端将为 Kerberos 身份验证查找单独的证书。If this field is set to True, the VPN Client will look for a separate certificate for Kerberos Authentication.

值类型为 bool。Value type is bool. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DeviceCompliance/Sso/IssuerHashVPNv2/ProfileName/DeviceCompliance/Sso/IssuerHash
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. VPN 客户端的哈希值,用于查找 Kerberos 身份验证的正确证书。Hashes for the VPN Client to look for the correct certificate for Kerberos Authentication.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /DeviceCompliance/Sso/EkuVPNv2/ProfileName/DeviceCompliance/Sso/Eku
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. Comma-Separated VPN 客户端的 EK 列表,以查找 Kerberos 身份验证的正确证书。Comma-Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /PluginProfileVPNv2/ProfileName/PluginProfile
使用基于 Microsoft Store 的 VPN 插件时,PluginProfile 下的节点是必需的。Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.

VPNv2/ ProfileName /PluginProfile/ServerUrlListVPNv2/ProfileName/PluginProfile/ServerUrlList
插件配置文件的必需项。Required for plug-in profiles. 以 URL、主机名或 IP 格式以分号分隔的服务器列表。Semicolon-separated list of servers in URL, hostname, or IP format.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /PluginProfile/CustomConfigurationVPNv2/ProfileName/PluginProfile/CustomConfiguration
可选。Optional. 这是特定于 SSL-VPN 插件配置的 HTML 编码 XML blob,包括部署到设备使其可用于 SSL-VPN 插件的身份验证信息。有关格式和其他详细信息,请与插件提供商联系。This is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. 大多数插件还可以根据服务器协商和默认值配置值。Most plugins can also configure values based on the server negotiations as well as defaults.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /PluginProfile/PluginPackageFamilyNameVPNv2/ProfileName/PluginProfile/PluginPackageFamilyName
插件配置文件的必需项。Required for plug-in profiles. SSL-VPN 插件的程序包系列名称。Package family name for the SSL-VPN plug-in.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /PluginProfile/CustomStoreUrlVPNv2/ProfileName/PluginProfile/CustomStoreUrl
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /NativeProfileVPNv2/ProfileName/NativeProfile
使用 IKEv2、PPTP、L2TP (Windows 收件箱 VPN 协议时,需要 NativeProfile 下的) 。Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, L2TP).

VPNv2/ ProfileName /NativeProfile/ServersVPNv2/ProfileName/NativeProfile/Servers
本机配置文件的必需项。Required for native profiles. VPN 网关的公共或可路由 IP 地址或 DNS 名称。Public or routable IP address or DNS name for the VPN gateway. 它可指向网关的外部 IP 或服务器场的虚拟 IP。It can point to the external IP of a gateway or a virtual IP for a server farm. 示例 208.147.66.130 或 vpn.contoso.com。Examples, 208.147.66.130 or vpn.contoso.com.

名称可以是服务器名称以及用分号分隔的友好名称。The name can be a server name plus a friendly name separated with a semi-colon. 例如,server2.example.com;server2FriendlyName。For example, server2.example.com;server2FriendlyName. 获取值时,返回将同时包括服务器名称和友好名称;如果没有提供友好名称,它将默认为服务器名称。When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name.

可以通过创建服务器名称列表来制作服务器列表,其中 (友好名称,) 逗号分隔。You can make a list of server by making a list of server names (with optional friendly names) separated by commas. 例如,server1.example.com,server2.example.com。For example, server1.example.com,server2.example.com.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/RoutingPolicyTypeVPNv2/ProfileName/NativeProfile/RoutingPolicyType
对于本机配置文件,可选。Optional for native profiles. 路由策略的类型。Type of routing policy. 此值可以是下列值之一:This value can be one of the following:

  • SplitTunnel - 流量可以通过网络堆栈确定的任何接口。SplitTunnel - Traffic can go over any interface as determined by the networking stack.
  • ForceTunnel - 所有 IP 流量都必须通过 VPN 接口。ForceTunnel - All IP traffic must go over the VPN interface.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/NativeProtocolTypeVPNv2/ProfileName/NativeProfile/NativeProtocolType
本机配置文件的必需项。Required for native profiles. 使用的隧道协议的类型。Type of tunneling protocol used. 此值可以是下列值之一:This value can be one of the following:

  • PPTPPPTP
  • L2TPL2TP
  • IKEv2IKEv2
  • 自动Automatic

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

备注

自动选项意味着设备将尝试每个内置隧道协议,直到某个协议成功为止。The Automatic option means that the device will try each of the built-in tunneling protocols until one succeeds. 它将按以下顺序尝试协议:SSTP、IKEv2、PPTP 和 L2TP。It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. 此顺序不可自定义。This order is not customizable.

VPNv2/ ProfileName /NativeProfile/AuthenticationVPNv2/ProfileName/NativeProfile/Authentication
本机配置文件的必需节点。Required node for native profile. 它包含本机 VPN 配置文件的身份验证信息。It contains authentication information for the native VPN profile.

VPNv2/ ProfileName /NativeProfile/Authentication/UserMethodVPNv2/ProfileName/NativeProfile/Authentication/UserMethod
此值可以是下列值之一:This value can be one of the following:

  • EAPEAP
  • MSChapv2 (IKEv2 版本不支持) MSChapv2 (This is not supported for IKEv2)

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/Authentication/MachineMethodVPNv2/ProfileName/NativeProfile/Authentication/MachineMethod
这仅在 IKEv2 中受支持。This is only supported in IKEv2.

此值可以是下列值之一:This value can be one of the following:

  • 证书Certificate

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/Authentication/EapVPNv2/ProfileName/NativeProfile/Authentication/Eap
当本机配置文件指定 EAP 身份验证时是必需的。Required when the native profile specifies EAP authentication. EAP 配置 XML。EAP configuration XML.

支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/Authentication/Eap/ConfigurationVPNv2/ProfileName/NativeProfile/Authentication/Eap/Configuration
EAP 配置的 HTML 编码 XML。HTML encoded XML of the EAP configuration. 有关 EAP 配置 XML 的信息,请参阅 EAP 配置For more information about EAP configuration XML, see EAP configuration.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/Authentication/Eap/TypeVPNv2/ProfileName/NativeProfile/Authentication/Eap/Type
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /NativeProfile/Authentication/CertificateVPNv2/ProfileName/NativeProfile/Authentication/Certificate
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /NativeProfile/Authentication/Certificate/IssuerVPNv2/ProfileName/NativeProfile/Authentication/Certificate/Issuer
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /NativeProfile/Authentication/Certificate/EkuVPNv2/ProfileName/NativeProfile/Authentication/Certificate/Eku
保留以供将来使用。Reserved for future use.

VPNv2/ ProfileName /NativeProfile/CryptographySuiteVPNv2/ProfileName/NativeProfile/CryptographySuite
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. IPSec 隧道的属性。Properties of IPSec tunnels.

VPNv2/ ProfileName /NativeProfile/CryptographySuite/AuthenticationTransformConstantsVPNv2/ProfileName/NativeProfile/CryptographySuite/AuthenticationTransformConstants
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607.

以下列表包含有效值:The following list contains the valid values:

  • MD596MD596
  • SHA196SHA196
  • SHA256128SHA256128
  • GCMAES128GCMAES128
  • GCMAES192GCMAES192
  • GCMAES256GCMAES256

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/CryptographySuite/CipherTransformConstantsVPNv2/ProfileName/NativeProfile/CryptographySuite/CipherTransformConstants
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607.

以下列表包含有效值:The following list contains the valid values:

  • DESDES
  • DES3DES3
  • AES128AES128
  • AES192AES192
  • AES256AES256
  • GCMAES128GCMAES128
  • GCMAES192GCMAES192
  • GCMAES256GCMAES256

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/CryptographySuite/EncryptionMethodVPNv2/ProfileName/NativeProfile/CryptographySuite/EncryptionMethod
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607.

以下列表包含有效值:The following list contains the valid values:

  • DESDES
  • DES3DES3
  • AES128AES128
  • AES192AES192
  • AES256AES256
  • AES_GCM_128AES_GCM_128
  • AES_GCM_256AES_GCM_256

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/CryptographySuite/IntegrityCheckMethodVPNv2/ProfileName/NativeProfile/CryptographySuite/IntegrityCheckMethod
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607.

以下列表包含有效值:The following list contains the valid values:

  • MD5MD5
  • SHA196SHA196
  • SHA256SHA256
  • SHA384SHA384

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/CryptographySuite/DHGroupVPNv2/ProfileName/NativeProfile/CryptographySuite/DHGroup
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607.

以下列表包含有效值:The following list contains the valid values:

  • Group1Group1
  • Group2Group2
  • Group14Group14
  • ECP256ECP256
  • ECP384ECP384
  • Group24Group24

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/CryptographySuite/PfsGroupVPNv2/ProfileName/NativeProfile/CryptographySuite/PfsGroup
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607.

以下列表包含有效值:The following list contains the valid values:

  • PFS1PFS1
  • PFS2PFS2
  • PFS2048PFS2048
  • ECP256ECP256
  • ECP384ECP384
  • PFSMMPFSMM
  • PFS24PFS24

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/L2tpPskVPNv2/ProfileName/NativeProfile/L2tpPsk
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 用于 L2TP 连接的预共享密钥。The preshared key used for an L2TP connection.

值类型为 chr。Value type is chr. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

VPNv2/ ProfileName /NativeProfile/DisableClassBasedDefaultRouteVPNv2/ProfileName/NativeProfile/DisableClassBasedDefaultRoute
已添加到 Windows 10 版本 1607。Added in Windows 10, version 1607. 指定基于类的默认路由。Specifies the class-based default routes. 例如,如果接口 IP 以 10 开头,则它假定类为 IP,将路由推送到 10.0.0.0/8For example, if the interface IP begins with 10, it assumes a class an IP and pushes the route to 10.0.0.0/8

值类型为 bool。Value type is bool. 支持的操作包括 Get、Add、Replace 和 Delete。Supported operations include Get, Add, Replace, and Delete.

示例Examples

配置文件示例Profile example

<SyncML xmlns="SYNCML:SYNCML1.2" xmlns:A="syncml:metinf">
  <SyncBody>
    <Atomic>
      <CmdID>10000</CmdID>

      <!-- Configure VPN Server Name or Address (PhoneNumber=) [Comma Separated]-->
      <Add>
        <CmdID>10001</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPN_Demo/ProfileXML</LocURI>
          </Target>
          <Data><VPNProfile>
  <ProfileName>VPN_Demo</ProfileName>
  <NativeProfile>
    <Servers>VPNServer.contoso.com</Servers>
    <NativeProtocolType>Automatic</NativeProtocolType>
    <Authentication>
      <UserMethod>Eap</UserMethod>
      <Eap>
        <Configuration>
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> <EapMethod> <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type> <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId> </EapMethod> <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>25</Type> <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> <ServerValidation> <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation> <ServerNames></ServerNames> </ServerValidation> <FastReconnect>true</FastReconnect> <InnerEapOptional>false</InnerEapOptional> <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>13</Type> <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> <CredentialsSource> <CertificateStore> <SimpleCertSelection>false</SimpleCertSelection> </CertificateStore> </CredentialsSource> <ServerValidation> <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation> <ServerNames></ServerNames> </ServerValidation> <DifferentUsername>false</DifferentUsername> <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation> <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName> <TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2"> <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3"> <EKUMapping> <EKUMap> <EKUName>Unknown Key Usage</EKUName> <EKUOID>1.3.6.1.4.1.311.87</EKUOID> </EKUMap> </EKUMapping> <ClientAuthEKUList Enabled="true"> <EKUMapInList> <EKUName>Unknown Key Usage</EKUName> </EKUMapInList> </ClientAuthEKUList> </FilteringInfo> </TLSExtensions> </EapType> </Eap> <EnableQuarantineChecks>false</EnableQuarantineChecks> <RequireCryptoBinding>false</RequireCryptoBinding> <PeapExtensions> <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation> <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName> </PeapExtensions> </EapType> </Eap> </Config> </EapHostConfig>
    </Configuration>
      </Eap>
    </Authentication>
    <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
  </NativeProfile>
  <DomainNameInformationList>
    <DomainName>.contoso.com</DomainName>
    <DNSServers>10.5.5.5</DNSServers>
  </DomainNameInformationList>
 <TrafficFilter>  
    <App>%ProgramFiles%\Internet Explorer\iexplore.exe</App> 
  </TrafficFilter> 
  <TrafficFilter>  
    <App>Microsoft.MicrosoftEdge_8wekyb3d8bbwe</App>  
  </TrafficFilter>
  <Route>
    <Address>10.0.0.0</Address>
    <PrefixSize>8</PrefixSize>
  </Route>
  <Route>
    <Address>25.0.0.0</Address>
    <PrefixSize>8</PrefixSize>
  </Route>
    <RememberCredentials>true</RememberCredentials>
  </VPNProfile></Data>
        </Item>
      </Add>

    </Atomic>
    <Final/>
  </SyncBody>
</SyncML>

AppTriggerListAppTriggerList

<!-- Internet Explorer -->
<Add>
  <CmdID>10013</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/0/App/Id</LocURI>
    </Target>
    <Data>%PROGRAMFILES%\Internet Explorer\iexplore.exe</Data>
  </Item>
</Add>
<Add>
  <CmdID>10014</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/1/App/Id</LocURI>
    </Target>
    <Data>%PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe</Data>
  </Item>
</Add>
<!-- Edge -->
<Add>
  <CmdID>10015</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/2/App/Id</LocURI>
    </Target>
    <Data>Microsoft.MicrosoftEdge_8wekyb3d8bbwe</Data>
  </Item>
</Add>

RouteList 和 ExclusionRouteRouteList and ExclusionRoute

<Add>
  <CmdID>10008</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/Address</LocURI>
    </Target>
    <Data>192.168.0.0</Data>
  </Item>
</Add>
<Add>
  <CmdID>10009</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/PrefixSize</LocURI>
    </Target>
    <Meta>
      <Format xmlns="syncml:metinf">int</Format>
    </Meta>
    <Data>24</Data>
  </Item>
</Add>
<Add>
  <CmdID>10010</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/ExclusionRoute</LocURI>
    </Target>
    <Meta>
      <Format xmlns="syncml:metinf">bool</Format>
    </Meta>
    <Data>true</Data>
  </Item>
</Add>

DomainNameInformationListDomainNameInformationList

<!-- Domain Name rule with Suffix Match with DNS Servers -->
<Add>
  <CmdID>10013</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DomainName</LocURI>  
    </Target>
    <Data>.contoso.com</Data>
  </Item>
</Add>
<Add>
  <CmdID>10014</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DnsServers</LocURI>  
    </Target>
    <Data>192.168.0.11,192.168.0.12</Data>
  </Item>
</Add>

<!-- Domain Name rule with Suffix Match with Web Proxy -->
<Add>
  <CmdID>10013</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/DomainName</LocURI>  
    </Target>
    <Data>.contoso.com</Data>
  </Item>
</Add>

<Add>
  <CmdID>10015</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/WebProxyServers</LocURI>  
    </Target>
    <Data>192.168.0.100:8888</Data>
  </Item>
</Add>

<!-- Domain Name rule with FQDN Match with DNS Servers -->

<Add>
  <CmdID>10016</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DomainName</LocURI>  
    </Target>
    <Data>finance.contoso.com</Data>
  </Item>
</Add>
<Add>
  <CmdID>10017</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DnsServers</LocURI>  
    </Target>
    <Data>192.168.0.11,192.168.0.12</Data>
  </Item>
</Add>

<!-- Domain Name rule with FQDN Match with Proxy Server -->

<Add>
  <CmdID>10016</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/DomainName</LocURI>  
    </Target>
    <Data>finance.contoso.com</Data>
  </Item>
</Add>
<Add>
  <CmdID>10017</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/WebProxyServers</LocURI>  
    </Target>
    <Data>192.168.0.11:8080</Data>
  </Item>
</Add>

<!-- Domain Name rule for all other (any) traffic through DNS Servers -->
<Add>
  <CmdID>10016</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DomainName</LocURI>  
    </Target>
    <Data>.</Data>
  </Item>
</Add>
<Add>
  <CmdID>10017</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DnsServers</LocURI>  
    </Target>
    <Data>192.168.0.11,192.168.0.12</Data>
  </Item>
</Add>

<!-- Domain Name rule for all other (any) traffic through Proxy -->

<Add>
  <CmdID>10016</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/DomainName</LocURI>  
    </Target>
    <Data>.</Data>
  </Item>
</Add>
<Add>
  <CmdID>10017</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/WebProxyServers</LocURI>  
    </Target>
    <Data>192.168.0.11</Data>
  </Item>
</Add>

AutoTriggerAutoTrigger

<Add>
  <CmdID>10010</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/AutoTrigger</LocURI>
    </Target>
    <Meta>
      <Format xmlns="syncml:metinf">bool</Format>
    </Meta>
    <Data>true</Data>
  </Item>
</Add>

永久性Persistent

<Add>
  <CmdID>10010</CmdID>
  <Item>
    <Target>
      <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/Persistent</LocURI>
    </Target>
    <Meta>
      <Format xmlns="syncml:metinf">bool</Format>
    </Meta>
    <Data>true</Data>
  </Item>
</Add>

TrafficFilterLIst 应用TrafficFilterLIst App

  Desktop App
    <Add>
        <CmdID>10013</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/0/App/Id</LocURI>
          </Target>
          <Data>%ProgramFiles%\Internet Explorer\iexplore.exe</Data>
        </Item>
      </Add>
  Store App
      <Add>
        <CmdID>10014</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/1/App/Id</LocURI>  
          </Target>
          <Data>Microsoft.MicrosoftEdge_8wekyb3d8bbwe</Data>
        </Item>
      </Add>
  SYSTEM
      <Add>
        <CmdID>10015</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/App/Id</LocURI>  
          </Target>
          <Data>SYSTEM</Data>
        </Item>
      </Add>

Protocol、LocalPortRanges、RemotePortRanges、LocalAddressRanges、RemoteAddressRanges、RoutingPolicyType、EDPModeId、RememberCredentials、AlwaysOn、Lockdown、DnsSuffix、TrustedNetworkDetectionProtocol, LocalPortRanges, RemotePortRanges, LocalAddressRanges, RemoteAddressRanges, RoutingPolicyType, EDPModeId, RememberCredentials, AlwaysOn, Lockdown, DnsSuffix, TrustedNetworkDetection

Protocol
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/Protocol</LocURI>  
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">int</Format>
          </Meta>
          <Data>6</Data>
        </Item>
      </Add>
  LocalPortRanges
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/LocalPortRanges</LocURI>  
          </Target>
          <Data>10,20-50,100-200</Data>
        </Item>
      </Add>
 
  RemotePortRanges
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/RemotePortRanges</LocURI>  
          </Target>
          <Data>20-50,100-200,300</Data>
        </Item>
      </Add>
 
  LocalAddressRanges
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/LocalAddressRanges/LocURI>  
          </Target>
          <Data>3.3.3.3/32,1.1.1.1-2.2.2.2</Data>
        </Item>
      </Add>
 
  RemoteAddressRanges
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/RemoteAddressRanges</LocURI>  
          </Target>
          <Data>30.30.0.0/16,10.10.10.10-20.20.20.20</Data>
        </Item>
      </Add>
 
  RoutingPolicyType
<Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/0/RoutingPolicyType</LocURI>
          </Target>
          <Data>ForceTunnel</Data>
        </Item>
      </Add>
 
  EDPModeId
    <Add>
      <CmdID>$CmdID$</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/EDPModeID</LocURI>
        </Target>
        <Data>corp.contoso.com</Data>
      </Item>
    </Add>
 
  RememberCredentials
<Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/RememberCredentials</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">bool</Format>
          </Meta>
          <Data>true</Data>
        </Item>
      </Add>
 
  AlwaysOn
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/AlwaysOn</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">bool</Format>
          </Meta>
          <Data>true</Data>
        </Item>
      </Add>
 
  Lockdown
<Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/Lockdown</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">bool</Format>
          </Meta>
          <Data>true</Data>
        </Item>
      </Add>
 
  DnsSuffix
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DnsSuffix</LocURI>
          </Target>
          <Data>Adatum.com</Data>
        </Item>
      </Add>
 
  TrustedNetworkDetection
     <!-- Configure Trusted Networks (TrustedNetworks=) [Comma separated] -->
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/TrustedNetworkDetection</LocURI>
          </Target>
          <Data>Adatum.com</Data>
        </Item>
      </Add>

代理 - 手动或 AutoConfigUrlProxy - Manual or AutoConfigUrl

Manual
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/Proxy/Manual/Server</LocURI>
          </Target>
          <Data>192.168.0.100:8888</Data>
        </Item>
      </Add>
 
  AutoConfigUrl
      <Add>
        <CmdID>$CmdID$</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/Proxy/AutoConfigUrl</LocURI>
          </Target>
          <Data>HelloWorld.com</Data>
        </Item>
      </Add>

设备合规性 - SsoDevice Compliance - Sso

  Enabled
<Add>
        <CmdID>10011</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DeviceCompliance/SSO/Enabled</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">bool</Format>
          </Meta>
          <Data>true</Data>
        </Item>
      </Add>
 
  IssuerHash
<Add>
        <CmdID>10011</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DeviceCompliance/SSO/IssuerHash</LocURI>
          </Target>
          <Data>ffffffffffffffffffffffffffffffffffffffff;ffffffffffffffffffffffffffffffffffffffee</Data>
        </Item>
      </Add>
 
  Eku
<Add>
        <CmdID>10011</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/DeviceCompliance/SSO/EKU</LocURI>
          </Target>
          <Data>1.3.6.1.5.5.7.3.2</Data>
        </Item>
      </Add>

PluginProfilePluginProfile

PluginPackageFamilyName
      <!-- Configure VPN Server Name or Address (PhoneNumber=) [Comma Separated]-->
      <Add>
        <CmdID>10001</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/PluginProfile/ServerUrlList</LocURI>
          </Target>
          <Data>selfhost.corp.contoso.com</Data>
        </Item>
      </Add>
 
      <!-- Configure VPN Plugin AppX Package ID (ThirdPartyProfileInfo=) -->
      <Add>
        <CmdID>10002</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/PluginProfile/PluginPackageFamilyName</LocURI>
          </Target>
          <Data>TestVpnPluginApp-SL_8wekyb3d8bbwe</Data>
        </Item>
      </Add>
 
      <!-- Configure Microsoft's Custom XML (ThirdPartyProfileInfo=) -->
      <Add>
        <CmdID>10003</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/PluginProfile/CustomConfiguration</LocURI>
          </Target>
          <Data><pluginschema><ipAddress>auto</ipAddress><port>443</port><networksettings><routes><includev4><route><address>172.10.10.0</address><prefix>24</prefix></route></includev4></routes><namespaces><namespace><space>.vpnbackend.com</space><dnsservers><server>172.10.10.11</server></dnsservers></namespace></namespaces></networksettings></pluginschema></Data>
        </Item>
      </Add>

NativeProfileNativeProfile

Servers
<Add>
        <CmdID>10001</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Servers</LocURI>
          </Target>
          <Data>Selfhost.corp.contoso.com</Data>
        </Item>
      </Add>
 
  RoutingPolicyType
      <Add>
        <CmdID>10007</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/RoutingPolicyType</LocURI>
          </Target>
          <Data>ForceTunnel</Data>
        </Item>
      </Add>
 
  NativeProtocolType
    <!-- Configure VPN Protocol Type (L2tp, Pptp, Ikev2) -->
      <Add>
        <CmdID>10002</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/NativeProtocolType</LocURI>
          </Target>
          <Data>Automatic</Data>
        </Item>
      </Add>
 
  Authentication
  UserMethod
      <!-- Configure VPN User Method (Mschapv2, Eap) -->
      <Add>
        <CmdID>10003</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/UserMethod</LocURI>
          </Target>
          <Data>Eap</Data>
        </Item>
      </Add>
 
  MachineMethod
      <!-- Configure VPN Machine Method (Certificate, Eap, PresharedKey) -->
      <Add>
        <CmdID>10004</CmdID>
        <Item>
         <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/MachineMethod</LocURI>
          </Target>
          <Data>Eap</Data>
        </Item>
      </Add>
 
  CryptographySuite
        <Add>
        <CmdID>10004</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/AuthenticationTransformConstants</LocURI>
          </Target>
          <Data>SHA196</Data>
        </Item>
      </Add>
      <Add>
        <CmdID>10004</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/CipherTransformConstants</LocURI>
          </Target>
          <Data>AES192</Data>
        </Item>
      </Add>
      <Add>
        <CmdID>10004</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/EncryptionMethod</LocURI>
          </Target>
          <Data>AES128</Data>
        </Item>
      </Add>
      <Add>
        <CmdID>10004</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/IntegrityCheckMethod</LocURI>
          </Target>
          <Data>SHA256</Data>
        </Item>
      </Add>
      <Add>
        <CmdID>Group14</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/DHGroup</LocURI>
          </Target>
          <Data>Group2</Data>
        </Item>
     </Add>
      <Add>
        <CmdID>10004</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/PfsGroup</LocURI>
          </Target>
          <Data>PFS2048</Data>
        </Item>
      </Add>
   
  DisableClassBasedDefaultRoute 
        <CmdID>10011</CmdID>
        <Item>
          <Target>
            <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/DisableClassBasedDefaultRoute</LocURI>
          </Target>
          <Meta>
            <Format xmlns="syncml:metinf">bool</Format>
          </Meta>
          <Data>true</Data>
        </Item>
      </Add>

另请参阅See also

配置服务提供程序参考Configuration service provider reference