Share via

powershell command to see what IPsec encryption protocols the Windows VPN client is using

Robert Allen Fisher 70 Reputation points
2026-02-28T23:46:24.0566667+00:00

I need a powershell command or someting to see what IPsec encryption protocols the Windows VPN client is using in a client to server configuration

In elevated Powershell I ran the following with no errors.

Set-VpnConnectionIPsecConfiguration -ConnectionName "VPN Name" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup Group14 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 –Force

To see what the new IPsec configurations actually was I ran

Get-VpnConnection -Name "YourVPNConnectionName" | Get-VpnConnectionIPsecConfiguration

The error reported was:

Get-VpnConnectionIPsecConfiguration: The term 'Get-VpnConnectionIPsecConfiguration' is not recognized as a name of a cmdlet, function, script file, or executable program.

Searching the internet for hours with no workable result

Windows for home | Windows 10 | Internet and connectivity
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-02-28T23:46:32.1366667+00:00

    Get-VpnConnectionIPsecConfiguration is not a valid cmdlet on Windows; only Set-VpnConnectionIPsecConfiguration is provided for configuring IPsec parameters on a VPN connection.

    To view or confirm the IPsec settings that were applied to a specific IKEv2/L2TP VPN connection, use Set-VpnConnectionIPsecConfiguration with the -RevertToDefault or explicit parameter values as a reference, but there is no supported PowerShell command in the provided documentation that reads back and displays the currently effective IPsec configuration from the Windows VPN client.

    The documented usage is write-only, for example:

    Set-VpnConnectionIPsecConfiguration -ConnectionName "YourVPNConnectionName" `
  -AuthenticationTransformConstants SHA256128 `
  -CipherTransformConstants AES128 `
  -DHGroup Group14 `
  -EncryptionMethod AES128 `
  -IntegrityCheckMethod SHA256 `
  -PfsGroup PFS2048 `
  -Force

    or to revert to defaults:

    Set-VpnConnectionIPsecConfiguration -ConnectionName "YourVPNConnectionName" -RevertToDefault -Force

    But there is no companion Get-* cmdlet in the VpnClient module to query and display those IPsec parameters.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.