VPN Configuration Service Provider
4/8/2010
The VPN configuration service provider is used to configure virtual private networks. Each VPN node configures a virtual private network. This VPN connection can apply to one or more connectivity objects (ConRefs), as long as the ConRefs point to the same metanetwork. One or more VPN connections can be provisioned.
The ACCESS Configuration Service Provider must be configured before configuring the VPN object. The ACCESS configuration service provider maps a particular connection (using the ConRef field) with a metanetwork, such as the Internet or Work.
Note
This configuration service provider is part of the OMA DM protocol, with some proprietary extensions, and must be used when provisioning devices using OMA DM. To provision devices using the OMA Client Provisioning protocol, use the CM_VPNEntries Configuration Service Provider instead.
Note
Access to this configuration service provider is determined by security roles. Because OEMs and mobile operators can selectively disallow access, ask them about the availability of this configuration service provider.
The following image shows the management object used by OMA DM.
VPN
The root node for the VPN object. The following table shows the default settings.Format
Node
Roles allowed to query and update setting
Manager
AuthenticatedUser
Access Type
Read/Write
Occurs
Once
VPN/VPNXXX
Specifies a VPN connection. The suggested name of this node is VPNXXX, a numbered node beginning at zero. For example, if you wanted to provision two different VPNs, you would use two nodes, VPN0 and VPN1. You can use any unique name for this node, but no spaces may appear in the node name (use %20 instead).Format
Node
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/VPNID
Specifies the identifier of the VPN. The value of the VPNID must match a ConRef specified using the ACCESS Configuration Service Provider. The VPNID must be unique.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/NAME
Specifies the user-friendly name of the VPN connection.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/ADDR
Specifies the address of the VPN access point. The ADDR may be the network name of the access point, or any other string (such as an IP address) used to uniquely identify the VPN access point.Note
If your VPN network IP address class belongs to the GPRS IP address class, the VPN network cannot be reached when both GPRS and VPN connections are active (connected).
The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/ADDRTYPE
Specifies the type of address used to identify proxy server. This value is always set to "IPv4" when provisioning VPN connections.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/CONREFS/CONREFXXX/ConRef
Specifies one single connectivity object associated with the VPN connection. The value must match a ConRef specified using the ACCESS Configuration Service Provider.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/AUTHINFO
Specifies the authentication information, including the protocol, user name, and password.The following table shows the default settings.
Format
Node
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/AUTHINFO/AUTHTYPE
Specifies the method of authentication. Some supported protocols are IPSecL2TP and PPTP.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/AUTHINFO/AUTHNAME
Specifies the user name and domain to be used during authentication. This field is in the form Domain\UserName.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/AUTHINFO/AUTHSECRET
Specifies the password used during authentication. Queries of this field will return a string of sixteen asterisks (*).The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/AUTHINFO/IPSECINFO/AUTHTYPE
Specifies the type of authentication used for VPN connections established using IPSecL2TP. Valid values are PSK and Cert. Use PSK if you are using a PreSharedKey for authentication. You must specify the PreSharedKey field (described below) when using an AUTHTYPE of PSK.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
VPN/VPNXXX/AUTHINFO/IPSECINFO/PRESHAREDKEY
Specifies the key used for authentication. This field is mandatory when using an AUTHTYPE of PSK, otherwise it is not required.The following table shows the default settings.
Format
String
Roles allowed to query and update setting
Manager
AuthenticatedUser
- VPN/VPN XXX /Ext
Stores extended parameters.
- VPN/VPN XXX /Ext/Microsoft
Stores Microsoft-specific parameters.
VPN/VPN XXX /Ext/Microsoft/ReadOnly
This parameter determines whether users are able to modify VPN settings. Permitted values are 0 for FALSE and 1 for TRUE. If the value is set to 1, users will be able to view, but not change, the VPN settings on the device.The following table shows the default settings.
Permissions
Read/Write
Data type
Boolean
Roles allowed to query and update setting
Manager
Operator TPS
See Also
Tasks
VPN Configuration Service Provider Example for OMA DM
Concepts
Configuration Service Provider Reference for Windows Mobile Devices