Citrix Gateway

Citrix Gateway VPN client registry keys

January 24, 2022

Contributed by:

The VPN client registry keys are available under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client. The following table lists the Citrix Gateway VPN client registry keys, values, and a brief description of each value.

Registry key	Registry type	Values and description
AlwaysOnService	REG_DWORD	1 => Establish machine level tunnel but not user level tunnel. 2 => Establish machine level tunnel and user level tunnel.
AlwaysOnURL	REG_SZ	URL of the Citrix Gateway virtual server the user wants to connect to. Example: `https://xyz.companyDomain.com`
AlwaysOn	REG_DWORD	1 => Allow network access on VPN failure. 2=> Block network access on VPN failure.
locationDetection	REG_DWORD	1 => To enable location detection. 0 => To disable location detection.
suffixList	REG_SZ	Comma separated list of intranet domains. Used when location detection is enabled.
AlwaysOnWhitelist	REG_SZ	Semicolon separated list of IP addresses or FQDNs to be allowed by the driver in Always On strict mode.
ProductVersion	REG_SZ	Current Citrix Gateway plug-in installed version.
InstallDir	REG_SZ	Location where the Citrix Gateway plug-in is installed.
userCertCAList	REG_SZ	Used in the context of the Always On service where a customer can specify the list of CAs to choose the client certificate from.
addedRoutes/modifiedRoutes	REG_SZ	Created for internal plug-in communication. Users must not modify this key.
ProductCode	REG_SZ	This key is used internally. Users must not modify this key
EnableAutoUpdate	REG_DWORD	Used to control plug-in update functionality from the client side. Set to 0 to disable auto-update functionality. Set to 1 to respect ADC configuration.
Connected	REG_DWORD	On successful connection this key is set to 1 and else set to 0. This key is used internally. Users must not modify this key.
EnableVA	REG_DWORD	If Citrix Virtual adapter must be enabled when IIP is present. This key is used internally. Users must not modify this key.
DisableGA	REG_DWORD	Set to 1 to disable Google analytics.
DisableCredProv	REG_DWORD	When Always On before user logon is enabled, the Windows VPN plug-in adds the credential provider to display the tunnel status on the logon screen. If you do not need this additional functionality, create and set this registry to 1.
ClientControl	REG_DWORD	1 => Allows users to log out or connect to other gateways. 0 => Blocks users to log out or connect to other gateways.
ForcedLogging	REG_DWORD	Set this key to 1 to enable debug logging.
NoDHCPRoute	REG_DWORD	If set to 1, the DHCP server route is not added.
DisableIntuneDeviceEnrollment	REG_DWORD	If set to 1, Intune device enrollment is not performed.
HttpTimeout	REG_DWORD	HTTP timeout is configured in seconds. If timeout is not configured, the default timeout is used. The default timeout value is 100 seconds, based on Windows standards.
secureDNSUpdate	REG_DWORD	0 => The VPN plug-in tries the unsecure DNS update only. 1 => The VPN plug-in tries the unsecure DNS update first. If the unsecure DNS update fails, the VPN plug-in then tries the secure DNS update. This is the default behavior starting from the 21.3.1.2 Windows plug-in build. 2 => The VPN plug-in tries only the secure DNS update.
DisableIconHide	REG_DWORD	1 => The Citrix Workspace app and the gateway plug-in are displayed on the taskbar. 0 => The gateway plug-in icon is integrated with Citrix Workspace app for Windows. The gateway plug-in is not visible on the taskbar when running a full VPN session.

Important:

You can apply registry keys based on your deployments. For example, the AlwaysOnService registry is applicable only for Always on service whereas the ClientControl registry is not applicable for Always on service. Check the individual deployment documentation for more details.

secureDNSUpdate is applicable only for domain joined client devices and is not common for other OS types.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Citrix Gateway VPN client registry keys

January 24, 2022

Contributed by:

January 24, 2022

Contributed by:

Citrix Gateway VPN client registry keys

In this article