Help

VPN on demand not working

mucgyver
New Contributor III

Posted on ‎04-24-2023 08:20 AM

Hi folks.

I try hard to get VPN On Demand to work. Unfortunately, it currently does not work with Jamf Pro's built-in way (PI-101098), so Jamf Support referred me to iMazing Profile editor. Getting bits and pieces from various web resources together, I tried to built a working VPNOnDemand.mobileconfig by myself, but as soon as I deploy it to my client, it does not have any affect.

The VPN on Demand configuration should basically do the following:

1.) If client connected to a certain company WiFi network ("SomeWifiNetwork" in the example), it should generally NOT use VPN at all.

2.) If NOT connected to the WiFi network above, but any other network, it should ALWAYS establish a VPN connection while trying to connect to certain domains (example1.com and example2.com in the example).

3.) Trying to connect to VPN server via L2TP ("1.2.3.4" in the example), shared secret included ("SHAREDSECRET" in example), user name and password should be prompted (hence not included in example).

When I deploy it to my client, it neither shows up in my VPN connections in system preferences - network, but Jamf Pro tells that .mobileconfig has been deployed successfully ("Completed" not "failed").

I assume that there might be a mess up in either/and/or

- the syntax itself (much copy and pasting)

- the structure/hierarchy level of certain arrays/dicts/keys (again much copy and pasting and some lack of understanding)

- the order of the "On demand rules" (as I learned, order makes difference, see desired behaviour above)

 

So here is the example .mobileconfig file as deployed via Jamf Pro:

 

	PayloadContent
	
		
			IPSec
			
				AuthenticationMethod
				SharedSecret
				SharedSecret
				
				SHAREDSECRET
				
			
			PPP
			
				CommRemoteAddress
				1.2.3.4
				DisconnectOnIdle
				1
				DisconnectOnIdleTimer
				900
			
							OnDemandEnabled
							1
							
							
							
							OnDemandRules
							
								
								
								
								
									Action
									Disconnect
									InterfaceTypeMatch
									WiFi
									SSIDMatch
									
										
										SomeWifiNetwork
									
								
								
								
								
									Action
									EvaluateConnection
									
									ActionParameters
									
										
											Domains
											
												example1.com
												example2.com
											
											DomainAction
											AlwaysConnect
											RequiredURLStringProbe
											0.0.0.0
										
									
								
								
								
								
									Action
									Ignore
								
							
						
			PayloadDisplayName
			VPN On Demand
			PayloadIdentifier
			com.apple.vpn.managed.492136D1-6402-48FB-8F2F-B0CA7846AFEE
			PayloadType
			com.apple.vpn.managed
			PayloadUUID
			492136D1-6402-48FB-8F2F-B0CA7846AFEE
			PayloadVersion
			1
			UserDefinedName
			VPN On Demand
			VPNType
			L2TP
		
	
	PayloadDisplayName
	VPN On Demand
	PayloadIdentifier
	XTDR9N0JVW.A4EEF7F8-A9EA-4B0D-A95D-28C8F95FF5B7
	PayloadType
	Configuration
	PayloadUUID
	A4EEF7F8-A9EA-4B0D-A95D-28C8F95FF5B7
	PayloadVersion
	1

 

Any thoughts? Any assistance much appreciated. Thanks. <3

0 Kudos
Reply
0 REPLIES 0