I'm looking for clues on whether AoVPN using IKEv2 can be done and how. I can see that IKEv2 is available as a protocol for iOS in the VPN Configuration Profile settings but not for MacOS in the corresponding VPN Configuration Profile settings.
There are hints here and there in Jamf Nation but mostly with 3rd party solutions.
If anyone can point me at some info that could help I would really appreciate that
I wasn't even finding the IKEv2 entry in Jamf Pro under Computers > Configuration Profiles when making a new config profile. Jamf Support put me on the right track as it is a User Level Config Profile not the default Computer Level Config Profile and that is set under General in the Config Profile.
There doesn't look to be an Always On field though. I see there is a feature request for that.
This looks to be different to how our Windows machines do AoVPN using IKEv2 - it's on even before the user logs in so it means the computer is authenticating off our domain
Glad to see more people asking for this
Please upvote this if you haven't already; https://ideas.jamf.com/ideas/JN-I-15714
I would love to see this on macOS implemented as well as it is in iOS, with all the captive portal detection etc.
As you have highlighted already, it is a bit all over with it's implementation as it's user-targeted, so you wouldn't be able to do it for pre-logon authentication (even though it can use machine certs).
I've tried a few ways to get it to work, like using the VPN on-demand settings (but effectively identifying all traffic that I'd expect) but haven't had success with this yet.