diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml
index fc3af8b..e1d8b9d 100644
--- a/roles/proxy/tasks/main.yml
+++ b/roles/proxy/tasks/main.yml
@@ -84,3 +84,29 @@
     - restart apache2
 
 - meta: flush_handlers
+
+- name: Set facts for mobileconfigs
+  set_fact:
+    proxy_enabled: true
+
+- name: Register p12 PayloadContent
+  shell: >
+    cat /{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 | base64
+  register:  PayloadContent
+  with_items: "{{ users }}"
+
+- name: Register CA PayloadContent
+  shell: >
+    cat /{{ easyrsa_dir }}/easyrsa3/pki/ca.crt | base64
+  register:  PayloadContentCA
+
+- name: Build the mobileconfigs
+  template: src=roles/vpn/templates/mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}_proxy.mobileconfig mode=0600
+  with_together:
+    - "{{ users }}"
+    - "{{ PayloadContent.results }}"
+  no_log: True
+
+- name: Fetch users mobileconfig
+  fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}_proxy.mobileconfig dest=configs/{{ IP_subject_alt_name }}_{{ item }}_proxy.mobileconfig flat=yes
+  with_items: "{{ users }}"
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index b152c7a..fbe4b94 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -167,6 +167,10 @@
     cat /{{ easyrsa_dir }}/easyrsa3/pki/ca.crt | base64
   register:  PayloadContentCA
 
+- name: Set facts for mobileconfigs
+  set_fact:
+    proxy_enabled: false
+
 - name: Build the mobileconfigs
   template: src=mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}.mobileconfig mode=0600
   with_together:
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index 3fc3668..be5b071 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -76,12 +76,24 @@
             <key>Proxies</key>
             <dict>
                 <key>HTTPEnable</key>
-                <integer>0</integer>
+{% if proxy_enabled is defined and proxy_enabled == true %}
+                <integer>1</integer>
+                <key>HTTPPort</key>
+                <integer>8118</integer>
+                <key>HTTPProxy</key>
+                <string>{{ local_service_ip }}</string>
+  {% else %}
+                <integer>1</integer>
+{% endif %}
                 <key>HTTPSEnable</key>
                 <integer>0</integer>
             </dict>
             <key>UserDefinedName</key>
+{% if proxy_enabled is defined and proxy_enabled == true %}
+            <string>{{ IP_subject_alt_name }} IKEv2 with proxy</string>
+  {% else %}
             <string>{{ IP_subject_alt_name }} IKEv2</string>
+{% endif %}
             <key>VPNType</key>
             <string>IKEv2</string>
         </dict>
@@ -129,9 +141,17 @@
         </dict>
     </array>
     <key>PayloadDisplayName</key>
+{% if proxy_enabled is defined and proxy_enabled == true %}
+    <string>{{ IP_subject_alt_name }} IKEv2 with proxy</string>
+  {% else %}
     <string>{{ IP_subject_alt_name }} IKEv2</string>
+{% endif %}
     <key>PayloadIdentifier</key>
+{% if proxy_enabled is defined and proxy_enabled == true %}
+    <string>donut.local.37CA79B1-FC6A-421F-960A-90F91FC983BA</string>
+  {% else %}
     <string>donut.local.37CA79B1-FC6A-421F-960A-90F91FC983BE</string>
+{% endif %}
     <key>PayloadRemovalDisallowed</key>
     <false/>
     <key>PayloadType</key>