Skip to content

Instantly share code, notes, and snippets.

@thomaswitt
Last active May 1, 2024 18:03
Show Gist options
  • Save thomaswitt/2f847199863a103dfcf004fec3c538d0 to your computer and use it in GitHub Desktop.
Save thomaswitt/2f847199863a103dfcf004fec3c538d0 to your computer and use it in GitHub Desktop.
An OnDemand VPN iOS profile for iPad and iPhone that automatically connects you to different VPNs (e.g. Meraki, FRITZ!Box and Streisand) | Blog-Entry: https://thomas-witt.com/auto-connect-your-ios-device-to-a-vpn-when-joining-an-unknown-wifi-d1df8100c4ba
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<!-- Home: Manual -->
<dict>
<key>UserDefinedName</key>
<string>Home: Manual</string>
<key>PayloadDisplayName</key>
<string>Home: Manual</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.homemanual</string>
<key>PayloadUUID</key>
<string>D58846D4-51B5-437E-9147-199C811ABA1C</string>
<key>VPNType</key>
<string>IPSec</string>
<key>IPSec</key>
<dict>
<key>RemoteAddress</key>
<string>CHANGEME_my-fritz-box.anydns.info</string>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>XAuthName</key>
<string>CHANGEME_USERNAME</string>
<key>XAuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>XAuthEnabled</key>
<integer>1</integer>
<key>LocalIdentifier</key>
<string>CHANGEME_USERNAME</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGEME_SHAREDSECRET</string>
</dict>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- Home: WiFi -->
<dict>
<key>UserDefinedName</key>
<string>Home: WiFi</string>
<key>PayloadDisplayName</key>
<string>Home: WiFi</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.homewifi</string>
<key>PayloadUUID</key>
<string>85284094-A9F5-47D7-A1CD-6F831B2FFAC0</string>
<key>VPNType</key>
<string>IPSec</string>
<key>IPSec</key>
<dict>
<key>RemoteAddress</key>
<string>CHANGEME_my-fritz-box.anydns.info</string>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>XAuthName</key>
<string>CHANGEME_USERNAME</string>
<key>XAuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>XAuthEnabled</key>
<integer>1</integer>
<key>LocalIdentifier</key>
<string>CHANGEME_USERNAME</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGEME_SHAREDSECRET</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>CHANGEME_HomeNetwork5</string>
<string>CHANGEME_HomeNetwork</string>
<string>CHANGEME_CompanyNetwork5</string>
<string>CHANGEME_CompanyNetwork</string>
</array>
<key>Action</key>
<string>Disconnect</string>
</dict>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>Action</key>
<string>Connect</string>
</dict>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Disconnect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- Home: Always -->
<dict>
<key>UserDefinedName</key>
<string>Home: Always</string>
<key>PayloadDisplayName</key>
<string>Home: Always</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.homealways</string>
<key>PayloadUUID</key>
<string>C58019ED-9BC1-429F-A457-99FD6D91A0D6</string>
<key>VPNType</key>
<string>IPSec</string>
<key>IPSec</key>
<dict>
<key>RemoteAddress</key>
<string>CHANGEME_my-fritz-box.anydns.info</string>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>XAuthName</key>
<string>CHANGEME_USERNAME</string>
<key>XAuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>XAuthEnabled</key>
<integer>1</integer>
<key>LocalIdentifier</key>
<string>CHANGEME_USERNAME</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGEME_SHAREDSECRET</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Connect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- ====================================================================================== -->
<!-- Company (Meraki): Manual -->
<dict>
<key>UserDefinedName</key>
<string>Company: Manual</string>
<key>PayloadDisplayName</key>
<string>Company: Manual</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.companymanual</string>
<key>PayloadUUID</key>
<string>EE68308C-FB8C-4209-9F5A-629755244190</string>
<key>VPNType</key>
<string>L2TP</string>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGEME_SHAREDSECRET</string>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>CHANGEME_USERNAME</string>
<key>AuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>CommRemoteAddress</key>
<string>CHANGEME_router.company.com</string>
</dict>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- Company (Meraki): WiFi -->
<dict>
<key>UserDefinedName</key>
<string>Company: WiFi</string>
<key>PayloadDisplayName</key>
<string>Company: WiFi</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.companywifi</string>
<key>PayloadUUID</key>
<string>21549F1D-0662-4111-8230-0F8BFD706090</string>
<key>VPNType</key>
<string>L2TP</string>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGEME_SHAREDSECRET</string>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>CHANGEME_USERNAME</string>
<key>AuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>CommRemoteAddress</key>
<string>CHANGEME_router.company.com</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>CHANGEME_HomeNetwork5</string>
<string>CHANGEME_HomeNetwork</string>
<string>CHANGEME_CompanyNetwork5</string>
<string>CHANGEME_CompanyNetwork</string>
</array>
<key>Action</key>
<string>Disconnect</string>
</dict>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>Action</key>
<string>Connect</string>
</dict>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Disconnect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- Company (Meraki): Always -->
<dict>
<key>UserDefinedName</key>
<string>Company: Always</string>
<key>PayloadDisplayName</key>
<string>Company: Always</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.companyalways</string>
<key>PayloadUUID</key>
<string>6011F604-73E7-4473-8811-FDBB3AE8FBE5</string>
<key>VPNType</key>
<string>L2TP</string>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGEME_SHAREDSECRET</string>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>CHANGEME_USERNAME</string>
<key>AuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>CommRemoteAddress</key>
<string>CHANGEME_router.company.com</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Connect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- ====================================================================================== -->
<!-- AWS Streisand: Manual -->
<dict>
<key>UserDefinedName</key>
<string>AWS: Manual</string>
<key>PayloadDisplayName</key>
<string>AWS: Manual</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.awsmanual</string>
<key>PayloadUUID</key>
<string>16EF541B-CF77-4BF2-871F-CEB688D6BE35</string>
<key>VPNType</key>
<string>L2TP</string>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<data>CHANGEME_SHAREDSECRET</data>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>streisand</string>
<key>AuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>CommRemoteAddress</key>
<string>CHANGEME_STREISAND_ELASIC_IP_1.2.3.4</string>
</dict>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- AWS Streisand: WiFi -->
<dict>
<key>UserDefinedName</key>
<string>AWS: WiFi</string>
<key>PayloadDisplayName</key>
<string>AWS: WiFi</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.awswifi</string>
<key>PayloadUUID</key>
<string>BEC1320F-BC55-45C2-A588-0D9EA9C08B81</string>
<key>VPNType</key>
<string>L2TP</string>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<data>CHANGEME_SHAREDSECRET</data>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>streisand</string>
<key>AuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>CommRemoteAddress</key>
<string>CHANGEME_STREISAND_ELASIC_IP_1.2.3.4</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>CHANGEME_HomeNetwork5</string>
<string>CHANGEME_HomeNetwork</string>
<string>CHANGEME_CompanyNetwork5</string>
<string>CHANGEME_CompanyNetwork</string>
</array>
<key>Action</key>
<string>Disconnect</string>
</dict>
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>Action</key>
<string>Connect</string>
</dict>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Disconnect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<!-- AWS Streisand: Always -->
<dict>
<key>UserDefinedName</key>
<string>AWS: Always</string>
<key>PayloadDisplayName</key>
<string>AWS: Always</string>
<key>PayloadIdentifier</key>
<string>com.thomas-witt.vpn.awsalways</string>
<key>PayloadUUID</key>
<string>E4676C88-3881-4475-99E0-0EB399137B58</string>
<key>VPNType</key>
<string>L2TP</string>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<data>CHANGEME_SHAREDSECRET</data>
</dict>
<key>PPP</key>
<dict>
<key>AuthName</key>
<string>streisand</string>
<key>AuthPassword</key>
<string>CHANGEME_PASSWORD</string>
<key>CommRemoteAddress</key>
<string>CHANGEME_STREISAND_ELASIC_IP_1.2.3.4</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Connect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>VPN Configurations</string>
<key>PayloadIdentifier</key>
<string>TW.BAB78424-28FB-4654-915D-93D0CB87CC7B</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>A9F4B095-4336-4ECD-A2B2-3D52D778E743</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
@NoahSaso
Copy link

NoahSaso commented Nov 7, 2017

Awesome gist, I was looking for something to do exactly this. You may want to fix lines 378, 421, and 494. It's not incriminating information, but I thought I would point it out. Thanks again!

@BhuvaneshBhatt
Copy link

If I already have an OpenVPN profile set up on my iPad, is there a way to just have the iPad use that all the time whenever I’m connected, whether I’m on my home Wifi or on a public Wifi? In that case the VPNSubType key should be net.openvpn.connect.app, correct?

@MayMeow
Copy link

MayMeow commented Apr 7, 2021

👍 Perfect, its working. Can you create mobileconfig for openvpn too?

@nkstampe
Copy link

nkstampe commented Dec 7, 2021

Thank you. This is just what i needed.

@eltonajmenezes
Copy link

@thomaswitt I have a TailScale App. How do I configure this to use it with that? and change the home settings accordingly?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment