Posted on 10-10-2021 11:05 PM
I'm looking for clues on whether AoVPN using IKEv2 can be done and how. I can see that IKEv2 is available as a protocol for iOS in the VPN Configuration Profile settings but not for MacOS in the corresponding VPN Configuration Profile settings.
There are hints here and there in Jamf Nation but mostly with 3rd party solutions.
If anyone can point me at some info that could help I would really appreciate that
Posted on 10-13-2021 10:54 PM
I wasn't even finding the IKEv2 entry in Jamf Pro under Computers > Configuration Profiles when making a new config profile. Jamf Support put me on the right track as it is a User Level Config Profile not the default Computer Level Config Profile and that is set under General in the Config Profile.
There doesn't look to be an Always On field though. I see there is a feature request for that.
This looks to be different to how our Windows machines do AoVPN using IKEv2 - it's on even before the user logs in so it means the computer is authenticating off our domain
Posted on 11-30-2021 11:06 AM
Thanks @dlondon for the info around setting the CP to User Level. Was about to put a support ticket in myself around not being able to find the IKEv2 option.
Posted on 10-14-2021 12:07 AM
Strangely though - iMazing Profile Editor has IKEv2 available for VPN in a System (Computer) configuration profile
Posted on 10-14-2021 12:46 PM
As far as I know Always-On VPN is a concept that does not exist on Mac, and solutions that put it in place make their magic happen by using ploy...
Posted on 10-19-2021 08:00 AM
Glad to see more people asking for this
Please upvote this if you haven't already; https://ideas.jamf.com/ideas/JN-I-15714
I would love to see this on macOS implemented as well as it is in iOS, with all the captive portal detection etc.
As you have highlighted already, it is a bit all over with it's implementation as it's user-targeted, so you wouldn't be able to do it for pre-logon authentication (even though it can use machine certs).
I've tried a few ways to get it to work, like using the VPN on-demand settings (but effectively identifying all traffic that I'd expect) but haven't had success with this yet.
10-22-2021 03:59 AM - edited 10-22-2021 04:02 AM
Managed to get this working somewhat with On-Demand VPN settings. Does the job. No captive portal detection etc but I guess we're a little of the way there...
Posted on 04-07-2022 12:09 AM
Posted on 01-17-2023 06:26 PM
Care to share what you did?