Before we went with a public JSS we used the apple configuratior tool and created config profiles, which casper installed. (through a script as pushing it wasn't optimal for us at that time)

I found it worked a lot better on keeping settings we wanted for our vpn's (it also had the added bonus of not allowing the user to remove the vpn)

Okay absolute strangeness...I got it to work using a profile, but instead of using Apple Configurator or the JSS (which I tried regenerating the profile numerous times with numerous different profile names)....would folks believe that I got it to work using iPhone Configuration Utility for Windows 3.6.2 (yes...I used iPCU for Windows to write a profile to control Macs where Configurator wasn't working for some reason). I am thoroughly baffled, but it works the way we want it. Anyway, I am later going to export the profile created on iPCU for Windows and compare it to the one I posted and see if that helps me understand.

The windows version of the apple configurator has more features than the mac version. Eg the ability to watch a live log from the apple tv, or the ability to add wild cards to the Wireless profiles allowable Certs.

for those interested in comparisons, here is the profile that was generated from iPCU. The above profile was generated from Casper, imported into Configurator and exported as text. (using a straight Casper profile, exported and installed to a machine didn't work either). Makes no sense, but whatever, the problem is solved.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>EAP</key>
            <dict/>
            <key>IPSec</key>
            <dict>
                <key>AuthenticationMethod</key>
                <string>SharedSecret</string>
                <key>SharedSecret</key>
                <data>
                SECRETHERE
                </data>
            </dict>
            <key>IPv4</key>
            <dict>
                <key>OverridePrimary</key>
                <integer>1</integer>
            </dict>
            <key>PPP</key>
            <dict>
                <key>CommRemoteAddress</key>
                <string>ADDRESSHERE</string>
            </dict>
            <key>PayloadDescription</key>
            <string>Configures VPN settings, including authentication.</string>
            <key>PayloadDisplayName</key>
            <string>VPN (MacVPN)</string>
            <key>PayloadIdentifier</key>
            <string>OURIDENTIFIERHEREINREVERSEDOMAIN</string>
            <key>PayloadOrganization</key>
            <string>OURCORPORATENAMEHERE</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadUUID</key>
            <string>1C873876-4AB0-4AA1-9893-72CD2B5C72CE</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Proxies</key>
            <dict/>
            <key>UserDefinedName</key>
            <string>MacVPN</string>
            <key>VPNType</key>
            <string>L2TP</string>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Profile description.</string>
    <key>PayloadDisplayName</key>
    <string>CONNECTIONNAMEHERE</string>
    <key>PayloadIdentifier</key>
    <string>REVERSEDOMAINHERE</string>
    <key>PayloadOrganization</key>
    <string>OURCORPORATENAMEHERE</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>A98F68F0-A5CE-491D-85DE-E13A4C35136B</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

might wanna remove the IP and shared secret on your post ^

double post!

you beat me...i caught it. We'll need to change that now though...du'oh

Now that I've read on it and compared the profiles myself, yeah...that's honestly quite sad...the profile that I originally posted seems to handle that with a </true>setting...the one below handles it with an integer of 1. The one below also embeds the setting in a separate <dict>. sighs...why is the Windows version of iPCU more beefy than Apple's own Configurator for Mac. That just defies logic.

Use iPCU for Mac? Configurator is intentionally simplified; I was told by an Apple employee who will not be named that it was made for librarians who have to manage iPads.

I would use iPCU for Mac except that it hasn't been updated since 3.5 on the Mac side and it's on 3.6.2 on the Windows side. 3.6.2 supports iOS 6.1...I'm guessing the old build might have worked, but I tend to like using later tools.

As for Configurator, I definitely don't like it and about the only thing I use it for is when I have to quickly get apps out to student iPads without using an Apple ID scheme. Anyway, a done deal and I now have a working installer package for our VPN that makes use of profiles. I'm not required to support 10.6 so this method will work well.