DirectAccess administrators will be intimately familiar with the NRPT, as it is explicitly required for DirectAccess operation. Use of the NRPT for Windows 10 Always On VPN is optional, however. It is commonly used for deployments where split DNS is enabled. Here the NRPT can define DNS servers for the internal namespace, and exclusions can be configured for FQDNs that should not be routed over the VPN tunnel.
To enable the NRPT for Windows 10 Always On VPN, edit the ProfileXML to include the DomainNameInformation element.
<DomainNameInformation> <DomainName>.example.net</DomainName> <DnsServers>10.21.12.100,10.21.12.101</DnsServers> </DomainNameInformation>
Note: Be sure to include the leading “.” in the domain name to ensure that all hosts and subdomains are included.
To create an NRPT exclusion simply omit the DnsServers element. Define additional entries for each hostname to be excluded, as shown here.
<DomainNameInformation> <DomainName>www.example.net</DomainName> </DomainNameInformation> <DomainNameInformation> <DomainName>mail.example.net</DomainName> </DomainNameInformation> <DomainNameInformation> <DomainName>autodiscover.example.net</DomainName> </DomainNameInformation>
Additional Information
Windows 10 VPNv2 Configuration Service Provider (CSP) Reference