Tip of the Day: Name-Based Connection Triggers for VPN

Today’s Tip…

New Windows 10 Anniversary Edition VPN features include the ability to configure a connection profile to connect automatically if an enterprise location is accessed.  To properly detect enterprise locations, admins must set the appropriate Suffixes and FQDN's which should trigger the VPN. This information is added to the NRPT table, configurable through the DomainNameInformationList URI node.

The DomainNameInformationList URI node contains two new configuration URIs to control triggering behavior, as shown below in blue in the following graphic.

More Info

Name Resolution Policy Table (NRPT) rule configuration URIs added in the Anniversary Edition to support Name-Based triggers include:

VPNv2/ProfileName/DomainNameInformationList/dniRowId/AutoTrigger

Added in Windows 10, version 1607. Boolean to determine whether this domain name rule will trigger the VPN.

• If set to False (default), this DomainName rule will not trigger the VPN.
• If set to True, this DomainName rule will trigger the VPN

VPNv2/ProfileName/DomainNameInformationList/dniRowId/Persistent

Added in Windows 10, version 1607. A Boolean value that specifies if the rule being added should persist even when the VPN is not connected.

• False (default) - This DomainName rule will only be applied when VPN is connected.
• True - This DomainName rule will always be present and applied.