Disabling Split Tunneling for RAS VPN

Please note that RAS VPN Setup Wizard is a free tool that is provided as-is. We do not offer any additional product support for RAS VPN beyond the information found in this knowledge base.


You have set up RAS VPN and want to disable Split-Tunneling on the clients.


You can use PDQ Deploy to deploy a Powershell one-liner that will disable Split-Tunneling on the client computers.

First, you will want to verify the VPN connection name on the client computers. This will be the name that you configured during the RAS VPN Setup Wizard, but if you need to confirm it, you can from the client via Powershell:

Get-VpnConnection -AllUserConnection


Once you've verified your VPN connection name, you can write a quick Powershell one-liner that will disable Split-Tunneling on the client:

Set-VpnConnection -AllUserConnection -Name "RAS VPN Connection" -SplitTunneling $False


You can verify your Split-Tunneling status again by using the same cmdlet you used to get the name of the VPN connection:

Get-VpnConnection -AllUserConnection


Now that we know how to disable Split-Tunneling, it's time to deploy. From your PDQ Deploy Server, create a new package, and start with a Powershell step.

Paste the one-liner mentioned earlier into the Powershell step in your new package. You can leave all of the other options as their defaults.


Once you've created your package, simply deploy to the targets you wish to disable Split-Tunneling for and you're done! If you ever wish to re-enable Split-Tunneling on these targets, simple replace the $False with $True in your Powershell one-liner.

Disclaimer: This will disconnect your remote clients and possibly show an error in PDQ Deploy if you make this change while the user is connected to RAS VPN. If you choose to do this deployment while your users are connected remotely, make sure that you warn them to re-connect to RAS VPN afterwards, or do this deployment after you have performed any other important deployments that you need to perform that day. If you are deploying the RAS VPN client to your users with PDQ Deploy, you can also add the Powershell step above after the install step in your package to go ahead and disable Split-Tunneling during the initial client installation.

Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.