Hi folks.

I try hard to get VPN On Demand to work. Unfortunately, it currently does not work with Jamf Pro's built-in way (PI-101098), so Jamf Support referred me to iMazing Profile editor. Getting bits and pieces from various web resources together, I tried to built a working VPNOnDemand.mobileconfig by myself, but as soon as I deploy it to my client, it does not have any affect.

The VPN on Demand configuration should basically do the following:

1.) If client connected to a certain company WiFi network ("SomeWifiNetwork" in the example), it should generally NOT use VPN at all.

2.) If NOT connected to the WiFi network above, but any other network, it should ALWAYS establish a VPN connection while trying to connect to certain domains (example1.com and example2.com in the example).

3.) Trying to connect to VPN server via L2TP ("1.2.3.4" in the example), shared secret included ("SHAREDSECRET" in example), user name and password should be prompted (hence not included in example).

When I deploy it to my client, it neither shows up in my VPN connections in system preferences - network, but Jamf Pro tells that .mobileconfig has been deployed successfully ("Completed" not "failed").

I assume that there might be a mess up in either/and/or

- the syntax itself (much copy and pasting)

- the structure/hierarchy level of certain arrays/dicts/keys (again much copy and pasting and some lack of understanding)

- the order of the "On demand rules" (as I learned, order makes difference, see desired behaviour above)

So here is the example .mobileconfig file as deployed via Jamf Pro:

	PayloadContent

	

		

			IPSec

			

				AuthenticationMethod

				SharedSecret

				SharedSecret

				

				SHAREDSECRET

				

			

			PPP

			

				CommRemoteAddress

				1.2.3.4

				DisconnectOnIdle

				1

				DisconnectOnIdleTimer

				900

			

							OnDemandEnabled

							1

							

							

							

							OnDemandRules

							

								

								

								

								

									Action

									Disconnect

									InterfaceTypeMatch

									WiFi

									SSIDMatch

									

										

										SomeWifiNetwork

									

								

								

								

								

									Action

									EvaluateConnection

									

									ActionParameters

									

										

											Domains

											

												example1.com

												example2.com

											

											DomainAction

											AlwaysConnect

											RequiredURLStringProbe

											0.0.0.0

										

									

								

								

								

								

									Action

									Ignore

								

							

						

			PayloadDisplayName

			VPN On Demand

			PayloadIdentifier

			com.apple.vpn.managed.492136D1-6402-48FB-8F2F-B0CA7846AFEE

			PayloadType

			com.apple.vpn.managed

			PayloadUUID

			492136D1-6402-48FB-8F2F-B0CA7846AFEE

			PayloadVersion

			1

			UserDefinedName

			VPN On Demand

			VPNType

			L2TP

		

	

	PayloadDisplayName

	VPN On Demand

	PayloadIdentifier

	XTDR9N0JVW.A4EEF7F8-A9EA-4B0D-A95D-28C8F95FF5B7

	PayloadType

	Configuration

	PayloadUUID

	A4EEF7F8-A9EA-4B0D-A95D-28C8F95FF5B7

	PayloadVersion

	1

Any thoughts? Any assistance much appreciated. Thanks. <3