I'm looking for clues on whether AoVPN using IKEv2 can be done and how. I can see that IKEv2 is available as a protocol for iOS in the VPN Configuration Profile settings but not for MacOS in the corresponding VPN Configuration Profile settings.
There are hints here and there in Jamf Nation but mostly with 3rd party solutions.
If anyone can point me at some info that could help I would really appreciate that
I wasn't even finding the IKEv2 entry in Jamf Pro under Computers > Configuration Profiles when making a new config profile. Jamf Support put me on the right track as it is a User Level Config Profile not the default Computer Level Config Profile and that is set under General in the Config Profile.
There doesn't look to be an Always On field though. I see there is a feature request for that.
This looks to be different to how our Windows machines do AoVPN using IKEv2 - it's on even before the user logs in so it means the computer is authenticating off our domain
Strangely though - iMazing Profile Editor has IKEv2 available for VPN in a System (Computer) configuration profile
Hello.
As far as I know Always-On VPN is a concept that does not exist on Mac, and solutions that put it in place make their magic happen by using ploy...
😉
Glad to see more people asking for this
Please upvote this if you haven't already; https://ideas.jamf.com/ideas/JN-I-15714
I would love to see this on macOS implemented as well as it is in iOS, with all the captive portal detection etc.
As you have highlighted already, it is a bit all over with it's implementation as it's user-targeted, so you wouldn't be able to do it for pre-logon authentication (even though it can use machine certs).
I've tried a few ways to get it to work, like using the VPN on-demand settings (but effectively identifying all traffic that I'd expect) but haven't had success with this yet.
Glad to see more people asking for this
Please upvote this if you haven't already; https://ideas.jamf.com/ideas/JN-I-15714
I would love to see this on macOS implemented as well as it is in iOS, with all the captive portal detection etc.
As you have highlighted already, it is a bit all over with it's implementation as it's user-targeted, so you wouldn't be able to do it for pre-logon authentication (even though it can use machine certs).
I've tried a few ways to get it to work, like using the VPN on-demand settings (but effectively identifying all traffic that I'd expect) but haven't had success with this yet.
Managed to get this working somewhat with On-Demand VPN settings. Does the job. No captive portal detection etc but I guess we're a little of the way there...
I wasn't even finding the IKEv2 entry in Jamf Pro under Computers > Configuration Profiles when making a new config profile. Jamf Support put me on the right track as it is a User Level Config Profile not the default Computer Level Config Profile and that is set under General in the Config Profile.
There doesn't look to be an Always On field though. I see there is a feature request for that.
This looks to be different to how our Windows machines do AoVPN using IKEv2 - it's on even before the user logs in so it means the computer is authenticating off our domain
Thanks @dlondon for the info around setting the CP to User Level. Was about to put a support ticket in myself around not being able to find the IKEv2 option.
Managed to get this working somewhat with On-Demand VPN settings. Does the job. No captive portal detection etc but I guess we're a little of the way there...
Hi @JamieG Any chance you can share what you've done with the AoVPN or On-Demand VPN?
Managed to get this working somewhat with On-Demand VPN settings. Does the job. No captive portal detection etc but I guess we're a little of the way there...
Care to share what you did?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.