#jinja2:lstrip_blocks: True PayloadContent IKEv2 OnDemandEnabled {{ 1 if algo_ondemand_wifi or algo_ondemand_cellular else 0 }} OnDemandRules {% if algo_ondemand_wifi or algo_ondemand_cellular %} {% if algo_ondemand_wifi_exclude|b64decode != '_null' %} {% set WIFI_EXCLUDE_LIST = (algo_ondemand_wifi_exclude|b64decode|string).split(',') %} Action Disconnect InterfaceTypeMatch WiFi SSIDMatch {% for network_name in WIFI_EXCLUDE_LIST %} {{ network_name|e }} {% endfor %} {% endif %} Action {% if algo_ondemand_wifi %} Connect {% else %} Disconnect {% endif %} InterfaceTypeMatch WiFi URLStringProbe http://captive.apple.com/hotspot-detect.html Action {% if algo_ondemand_cellular %} Connect {% else %} Disconnect {% endif %} InterfaceTypeMatch Cellular URLStringProbe http://captive.apple.com/hotspot-detect.html {% endif %} Action {{ 'Disconnect' if algo_ondemand_wifi or algo_ondemand_cellular else 'Connect' }} AuthenticationMethod Certificate ChildSecurityAssociationParameters DiffieHellmanGroup 20 EncryptionAlgorithm AES-256-GCM IntegrityAlgorithm SHA2-512 LifeTimeInMinutes 1440 DeadPeerDetectionRate Medium DisableMOBIKE 0 DisableRedirect 1 EnableCertificateRevocationCheck 0 EnablePFS IKESecurityAssociationParameters DiffieHellmanGroup 20 EncryptionAlgorithm AES-256-GCM IntegrityAlgorithm SHA2-512 LifeTimeInMinutes 1440 LocalIdentifier {{ item.0 }}@{{ openssl_constraint_random_id }} PayloadCertificateUUID {{ pkcs12_PayloadCertificateUUID }} CertificateType ECDSA384 ServerCertificateIssuerCommonName {{ IP_subject_alt_name }} RemoteAddress {{ IP_subject_alt_name }} RemoteIdentifier {{ IP_subject_alt_name }} UseConfigurationAttributeInternalIPSubnet 0 IPv4 OverridePrimary 1 PayloadDescription Configures VPN settings PayloadDisplayName {{ algo_server_name }} PayloadIdentifier com.apple.vpn.managed.{{ VPN_PayloadIdentifier }} PayloadType com.apple.vpn.managed PayloadUUID {{ VPN_PayloadIdentifier }} PayloadVersion 1 Proxies HTTPEnable 0 HTTPSEnable 0 UserDefinedName AlgoVPN {{ algo_server_name }} IKEv2 VPNType IKEv2 Password {{ p12_export_password }} PayloadCertificateFileName {{ item.0 }}.p12 PayloadContent {{ item.1.stdout }} PayloadDescription Adds a PKCS#12-formatted certificate PayloadDisplayName {{ algo_server_name }} PayloadIdentifier com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }} PayloadType com.apple.security.pkcs12 PayloadUUID {{ pkcs12_PayloadCertificateUUID }} PayloadVersion 1 PayloadCertificateFileName ca.crt PayloadContent {{ PayloadContentCA }} PayloadDescription Adds a CA root certificate PayloadDisplayName {{ algo_server_name }} PayloadIdentifier com.apple.security.root.{{ CA_PayloadIdentifier }} PayloadType com.apple.security.root PayloadUUID {{ CA_PayloadIdentifier }} PayloadVersion 1 PayloadDisplayName AlgoVPN {{ algo_server_name }} IKEv2 PayloadIdentifier donut.local.{{ 500000 | random | to_uuid | upper }} PayloadOrganization AlgoVPN PayloadRemovalDisallowed PayloadType Configuration PayloadUUID {{ 400000 | random | to_uuid | upper }} PayloadVersion 1