Partager via

PS_VpnConnection class

The PS_VpnConnection class contains the profile management functionality of the Get Connected wizard (GCW).

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.


[ClassVersion("1.0.0"), InPartition("local-system", "local-user"), dynamic, provider("VpnClientPSProvider"), AMENDMENT]
class PS_VpnConnection
  string                                  Name;
  boolean                                 AllUserConnection;
  string                                  ServerAddress;
  string                                  ProfileType;
  string                                  ProvisioningAuthority;
  boolean                                 RememberCredential;
  boolean                                 SplitTunneling;
  string                                  Guid;
  string                                  ConnectionStatus;
  uint32                                  IdleDisconnectSeconds;
  string                                  DnsSuffix;
  string                                  TunnelType;
  boolean                                 UseWinlogonCredential;
  string                                  AuthenticationMethod[];
  string                                  EncryptionLevel;
  string                                  L2tpPsk;
  string                                  L2tpIPsecAuth;
  string                                  EapConfigXmlStream;
  string                                  NapState;
  string                                  VpnConfigurationXml;
  string                                  MachineCertificateEKUFilter[];
  string                                  MachineCertificateIssuerFilter;
  string                                  ApplicationID[];
  PS_VpnServerAddress                     ServerList[];
  PS_VpnConnectionRoute                   Routes[];
  PS_VpnConnectionTriggerDnsConfiguration DnsConfig[];
  string                                  DnsSuffixSearchList[];
  string                                  TrustedNetwork[];
  PS_VpnConnectionProxy                   Proxy;
  string                                  PlugInApplicationID;
  string                                  CustomConfiguration;
  boolean                                 IsAutoTriggerEnabled;


The PS_VpnConnection class has these types of members:


The PS_VpnConnection class has these methods.

Method Description
Add Adds a virtual private network (VPN) connection to the Connection Manager phone book.
Get Retrieves virtual private network (VPN) connection profiles.
NewByThirdParty Adds a Third Party virtual private network (VPN) connection to the Connection Manager phone book.
Remove Removes a virtual private network (VPN) connection profile from the Connection Manager phone book.
Set Modifies an existing virtual private network (VPN) connection profile.
SetByThirdParty Modifies a third party virtual private network (VPN) connection profile.


The PS_VpnConnection class has these properties.


Data type: boolean

Access type: Read/write

Qualifiers: key

True if the VPN connection profile is for all users; false if it is for a single user.


Data type: string array

Access type: Read/write

The identifiers of applications that auto-trigger the connection.


Data type: string array

Access type: Read/write

The authentication protocols to use for the VPN connection.

Chap ("Chap")

Challenge Handshake Authentication Protocol (CHAP).

Eap ("Eap")

Extensible Authentication Protocol (EAP).

MachineCertificate ("MachineCertificate")

A machine certificate.

MsChapv2 ("MsChapv2")

Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2).

Pap ("Pap")

Password Authentication Protocol (PAP).


Data type: string

Access type: Read-only

The connection status of the VPN connection.

Connected ("Connected")


Connecting ("Connecting")

In the process of connecting.

Dormant ("Dormant")

The connection is dormant.

Limited ("Limited")

There connection has less than full capabilities.

NotConnected ("NotConnected")

Not connected.


Data type: string

Access type: Read/write

A custom configuration used by third party VPN profiles.


Data type: PS_VpnConnectionTriggerDnsConfiguration array

Access type: Read/write

Qualifiers: EmbeddedInstance ("PS_VpnConnectionTriggerDnsConfiguration")

The trigger DNS configurations.


Data type: string

Access type: Read/write

The DNS suffix of the VPN connection.


Data type: string array

Access type: Read/write

The DNS suffix search list for the auto-triggered VPN connection.


Data type: string

Access type: Read/write

An XML stream of the detailed EAP configuration for the VPN connection profile.


Data type: string

Access type: Read/write

The encryption level for the VPN connection.

NoEncryption ("NoEncryption")

No encryption.

Optional ("Optional")

Optional encryption.

Required ("Required")

Required encryption.

Maximum ("Maximum")

Maximum encryption.

Custom ("Custom")

Custom encryption.

Windows 8 and Windows Server 2012: This value is not available before Windows 8.1 and Windows Server 2012 R2.


Data type: string

Access type: Read-only

The GUID of this VPN profile.


Data type: uint32

Access type: Read/write

The amount of idle time after which a connection is terminated. A value of 0 disables the time-out.


Data type: boolean

Access type: Read-only

true if the VPN connection is enabled for auto-trigger; false if it is not.

Windows 8 and Windows Server 2012: This property is not available before Windows 8.1 and Windows Server 2012 R2.


Data type: string

Access type: Read-only

The authentication method of Layer Two Tunneling Protocol (L2TP) Internet Protocol security (IPSec).

Certificate ("Certificate")

Machine certificate.

Psk ("Psk")

Preshared key.


Data type: string

Access type: Read/write

The value of the preshared key to be used for L2TP authentication. If this parameter is not specified, a certificate is used for L2TP.


Data type: string array

Access type: Read/write

A filter based on the Certificate EKU Name or OID to select the Machine Certificate for authentication. This property applies when IKEv2 tunnel type along with Machine Certificate authentication method is used.


Data type: string

Access type: Read/write

A filter based on the root certificate issuer to select the Machine Certificate for authentication. This property applies when IKEv2 tunnel type along with Machine Certificate authentication method is used.


Data type: string

Access type: Read/write

Qualifiers: key

The name of the current VPN connection profile.


Data type: string

Access type: Read-only

The Network Access Protection (NAP) health status of the connection. This property applies when the Protected Extensible Authentication Protocol (PEAP) authentication protocol is used.

Error ("Error")

An error occurred.

NoConnection ("NoConnection")

No connection has been made.

NotNapCapable ("NotNapCapable")

NAP is not supported.

Success ("Success")

The connection is successful.


Data type: string

Access type: Read/write

The identifier of the third party VPN application.


Data type: string

Access type: Read/write

The VPN connection profile type.

Inbox ("Inbox")

The profile is an inbox profile.

ThirdParty ("ThirdParty")

The profile is a third party profile.


Data type: string

Access type: Read/write

The provisioning authority of the VPN connection profile.

Windows 8 and Windows Server 2012: This property is not available before Windows 8.1 and Windows Server 2012 R2.


Data type: PS_VpnConnectionProxy

Access type: Read/write

Qualifiers: EmbeddedInstance ("PS_VpnConnectionProxy")

The proxy settings of the VPN connection.


Data type: boolean

Access type: Read/write

true to save the credentials for the VPN connection upon the first successful connection; otherwise, false.


Data type: PS_VpnConnectionRoute array

Access type: Read/write

Qualifiers: EmbeddedInstance ("PS_VpnConnectionRoute")

The list of routes to plumb on the VPN interface when the VPN profile is connected.


Data type: string

Access type: Read/write

The address of the remote VPN server that the client connects to. This address is a URL, a friendly name, an IPv4 address, or an IPv6 address. This should be one of the elements of ServerList.


Data type: PS_VpnServerAddress array

Access type: Read/write

Qualifiers: EmbeddedInstance ("PS_VpnServerAddress")

The VPN servers that the client can connect to.


Data type: boolean

Access type: Read/write

true to enable split tunneling for the VPN connection profile; otherwise, false.


Data type: string array

Access type: Read/write

The trusted network DNS suffixes for the auto-triggered VPN connection.


Data type: string

Access type: Read/write

The tunnel type that is used in the RAS configuration. The tunnel type is decided after the first successful connection.

Pptp ("Pptp")

Point to Point Tunneling Protocol (PPTP).

L2tp ("L2tp")

Layer 2 Tunneling Protocol (L2TP).

Sstp ("Sstp")

Secure Socket Tunneling Protocol (SSTP).

Ikev2 ("Ikev2")

Internet Key Exchange version 2 (IKEv2).

Automatic ("Automatic")

The tunnel types are tried in sequence.


Data type: boolean

Access type: Read/write

True if the Winlogon credentials for the user are automatically used to connect; otherwise, false. This flag is only used for authentication protocols that use MSCHAPv2 or EAP-MSCHAPv2 authentication methods.


Data type: string

Access type: Read-only

An XML representation of this instance, which can be used as input for Set method of the MSFT_VpnConnection class.


Minimum supported client
Windows 8
Minimum supported server
Windows Server 2012