PayloadContent IKEv2 {% if (OnDemandEnabled_WIFI is defined and OnDemandEnabled_WIFI == 'Y') or (OnDemandEnabled_Cellular is defined and OnDemandEnabled_Cellular == 'Y') %} OnDemandEnabled 1 OnDemandRules {% if OnDemandEnabled_WIFI_EXCLUDE is defined and OnDemandEnabled_WIFI_EXCLUDE != '_null' %} {% set WIFI_EXCLUDE_LIST = OnDemandEnabled_WIFI_EXCLUDE.split(',') %} Action Disconnect InterfaceTypeMatch WiFi SSIDMatch {% for network_name in WIFI_EXCLUDE_LIST %} {{ network_name|e }} {% endfor %} {% else %} {% endif %} Action {% if OnDemandEnabled_WIFI is defined and OnDemandEnabled_WIFI == 'Y' %} Connect {% else %} Disconnect {% endif %} InterfaceTypeMatch WiFi URLStringProbe http://captive.apple.com/hotspot-detect.html Action {% if OnDemandEnabled_Cellular is defined and OnDemandEnabled_Cellular == 'Y' %} Connect {% else %} Disconnect {% endif %} InterfaceTypeMatch Cellular URLStringProbe http://captive.apple.com/hotspot-detect.html {% else %} {% endif %} AuthenticationMethod Certificate ChildSecurityAssociationParameters DiffieHellmanGroup 20 EncryptionAlgorithm AES-256-GCM IntegrityAlgorithm SHA2-512 LifeTimeInMinutes 20 DeadPeerDetectionRate Medium DisableMOBIKE 0 DisableRedirect 1 EnableCertificateRevocationCheck 0 EnablePFS IKESecurityAssociationParameters DiffieHellmanGroup 20 EncryptionAlgorithm AES-256-GCM IntegrityAlgorithm SHA2-512 LifeTimeInMinutes 20 LocalIdentifier {{ item.0 }} PayloadCertificateUUID {{ pkcs12_PayloadCertificateUUID }} CertificateType ECDSA384 ServerCertificateIssuerCommonName {{ IP_subject_alt_name }} RemoteAddress {{ IP_subject_alt_name }} RemoteIdentifier {{ IP_subject_alt_name }} UseConfigurationAttributeInternalIPSubnet 0 IPv4 OverridePrimary 1 PayloadDescription Configures VPN settings PayloadDisplayName VPN PayloadIdentifier com.apple.vpn.managed.{{ VPN_PayloadIdentifier }} PayloadType com.apple.vpn.managed PayloadUUID {{ VPN_PayloadIdentifier }} PayloadVersion 1 Proxies HTTPEnable 0 HTTPSEnable 0 UserDefinedName Algo VPN {{ IP_subject_alt_name }} IKEv2 VPNType IKEv2 PayloadCertificateFileName {{ item.0 }}.p12 PayloadContent {{ item.1.stdout }} PayloadDescription Adds a PKCS#12-formatted certificate PayloadDisplayName {{ item.0 }}.p12 PayloadIdentifier com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }} PayloadType com.apple.security.pkcs12 PayloadUUID {{ pkcs12_PayloadCertificateUUID }} PayloadVersion 1 PayloadCertificateFileName ca.crt PayloadContent {{ PayloadContentCA }} PayloadDescription Adds a CA root certificate PayloadDisplayName {{ IP_subject_alt_name }} PayloadIdentifier com.apple.security.root.{{ CA_PayloadIdentifier }} PayloadType com.apple.security.root PayloadUUID {{ CA_PayloadIdentifier }} PayloadVersion 1 PayloadDisplayName {{ IP_subject_alt_name }} IKEv2 PayloadIdentifier donut.local.{{ 500000 | random | to_uuid | upper }} PayloadRemovalDisallowed PayloadType Configuration PayloadUUID {{ 400000 | random | to_uuid | upper }} PayloadVersion 1