PayloadContent IKEv2 {% if (OnDemandEnabled_WIFI is defined and OnDemandEnabled_WIFI == 'Y') or (OnDemandEnabled_Cellular is defined and OnDemandEnabled_Cellular == 'Y') %} OnDemandEnabled 1 OnDemandRules {% if OnDemandEnabled_WIFI_EXCLUDE is defined and OnDemandEnabled_WIFI_EXCLUDE != '_null' %} {% set WIFI_EXCLUDE_LIST = OnDemandEnabled_WIFI_EXCLUDE.split(',') %} Action Disconnect InterfaceTypeMatch WiFi SSIDMatch {% for network_name in WIFI_EXCLUDE_LIST %} {{ network_name }} {% endfor %} {% else %} {% endif %} Action {% if OnDemandEnabled_WIFI is defined and OnDemandEnabled_WIFI == 'Y' %} Connect {% else %} Disconnect {% endif %} InterfaceTypeMatch WiFi Action {% if OnDemandEnabled_Cellular is defined and OnDemandEnabled_Cellular == 'Y' %} Connect {% else %} Disconnect {% endif %} InterfaceTypeMatch Cellular {% else %} {% endif %} AuthenticationMethod Certificate ChildSecurityAssociationParameters DiffieHellmanGroup 19 EncryptionAlgorithm AES-128-GCM IntegrityAlgorithm SHA2-256 LifeTimeInMinutes 1440 DeadPeerDetectionRate Medium DisableMOBIKE 0 DisableRedirect 0 EnableCertificateRevocationCheck 0 EnablePFS IKESecurityAssociationParameters DiffieHellmanGroup 19 EncryptionAlgorithm AES-128-GCM IntegrityAlgorithm SHA2-256 LifeTimeInMinutes 1440 LocalIdentifier {{ item.0 }} PayloadCertificateUUID {{ pkcs12_PayloadCertificateUUID }} CertificateType {% if Win10_Enabled is defined and Win10_Enabled == "Y" %} RSA2048 {% else %} ECDSA256 {% endif %} ServerCertificateIssuerCommonName {{ IP_subject_alt_name }} RemoteAddress {{ IP_subject_alt_name }} RemoteIdentifier {{ IP_subject_alt_name }} UseConfigurationAttributeInternalIPSubnet 0 IPv4 OverridePrimary 1 PayloadDescription Configures VPN settings PayloadDisplayName VPN PayloadIdentifier com.apple.vpn.managed.{{ VPN_PayloadIdentifier }} PayloadType com.apple.vpn.managed PayloadUUID {{ VPN_PayloadIdentifier }} PayloadVersion 1 Proxies HTTPEnable {% if proxy_enabled is defined and proxy_enabled == true %} 1 HTTPPort 8118 HTTPProxy {{ local_service_ip }} {% else %} 0 {% endif %} HTTPSEnable 0 UserDefinedName {% if proxy_enabled is defined and proxy_enabled == true %} Algo VPN {{ IP_subject_alt_name }} IKEv2 with proxy {% else %} Algo VPN {{ IP_subject_alt_name }} IKEv2 {% endif %} VPNType IKEv2 Password {{ easyrsa_p12_export_password }} PayloadCertificateFileName {{ item.0 }}.p12 PayloadContent {{ item.1.stdout }} PayloadDescription Adds a PKCS#12-formatted certificate PayloadDisplayName {{ item.0 }}.p12 PayloadIdentifier com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }} PayloadType com.apple.security.pkcs12 PayloadUUID {{ pkcs12_PayloadCertificateUUID }} PayloadVersion 1 PayloadCertificateFileName ca.crt PayloadContent {{ PayloadContentCA }} PayloadDescription Adds a CA root certificate PayloadDisplayName {{ IP_subject_alt_name }} PayloadIdentifier com.apple.security.root.{{ CA_PayloadIdentifier }} PayloadType com.apple.security.root PayloadUUID {{ CA_PayloadIdentifier }} PayloadVersion 1 PayloadDisplayName {% if proxy_enabled is defined and proxy_enabled == true %} {{ IP_subject_alt_name }} IKEv2 with proxy {% else %} {{ IP_subject_alt_name }} IKEv2 {% endif %} PayloadIdentifier {% if proxy_enabled is defined and proxy_enabled == true %} donut.local.{{ 600000 | random | to_uuid | upper }} {% else %} donut.local.{{ 500000 | random | to_uuid | upper }} {% endif %} PayloadRemovalDisallowed PayloadType Configuration PayloadUUID {{ 400000 | random | to_uuid | upper }} PayloadVersion 1