Citrix Gateway

Citrix Gateway VPN client registry keys

The following table lists the Citrix Gateway VPN client registry keys, values, and a brief description of each value.

Registry key Registry type Values and description
AlwaysOnService REG_DWORD 1 => Establish machine level tunnel but not user level tunnel. 2 => Establish machine level tunnel and user level tunnel
AlwaysOnURL REG_SZ URL of the Citrix Gateway virtual server the user wants to connect to. Example: https://xyz.companyDomain.com
AlwaysOn REG_DWORD 1 => Allow network access on VPN failure. 2=> Block network access on VPN failure
locationDetection REG_DWORD 1 => To enable location detection. 0 => To disable location detection
suffixList REG_SZ Comma separated list of intranet domains. Used when location detection is enabled.
AlwaysOnWhitelist REG_SZ Semicolon separated list of IP addresses or FQDNs to be whitelisted by the driver in Always On strict mode
ProductVersion REG_SZ Current Citrix Gateway plug-in installed version
InstallDir REG_SZ Location where the Citrix Gateway plug-in is installed
userCertCAList REG_SZ Used in the context of the Always On service where a customer can specify the list of CAs to choose the client certificate from
addedRoutes/modifiedRoutes REG_SZ Created for internal plug-in communication. Users must not modify this key
ProductCode REG_SZ This key is used internally. Users must not modify this key
EnableAutoUpdate REG_DWORD To control Windows plug-in upgrade from the client side if value set to 0, by default the value set to 1
Connected REG_DWORD On successful connection this key is set to 1 and else set to 0. This key is used internally. Users must not modify this key
EnableVA REG_DWORD If Citrix Virtual adapter must be enabled when IIP is present. This key is used internally. Users must not modify this key
ClientControl REG_DWORD 1 => Allows users to log out or connect to other gateways. 0 => Blocks users to log out or connect to other gateways
ForcedLogging REG_DWORD Must be set to 1 for enabling Always On service logging
NoDHCPRoute REG_DWORD If set to 1, DHCP server route is not added
DisableIntuneDeviceEnrollment REG_DWORD If set to 1, Intune device enrollment is not performed
HttpTimeout REG_DWORD HTTP timeout is configured in seconds. If timeout is not configured, the default timeout is used

Important:

You can apply registry keys based on your deployments. For example, the AlwaysOnService registry is applicable only for Always on service whereas the ClientControl registry is not applicable for Always on service. Check the individual deployment documentation for more details.

Citrix Gateway VPN client registry keys