IPSec¶
Summary¶
IPSec¶
IPSec Settings
Dictionary containing IPSec settings
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| dictionary | {‘AuthenticationMethod’: ‘SharedSecret’, ‘LocalIdentifierType’: ‘KeyID’} | N/A | N/A | N/A | N/A | N/A |
| Name | Type | Title | Description | Required |
|---|---|---|---|---|
| RemoteAddress | string | Remote Address | IP address or hostname of the VPN server | n/a |
| AuthenticationMethod | string | Authentication Method | Authentication method. Either shared secret or certificate | n/a |
| XAuthName | string | Username | Username for VPN account | n/a |
| XAuthPassword | string | Password | Password for VPN account | n/a |
| XAuthEnabled | integer | XAUTH Enabled | 1 if XAUTH is ON, 0 if XAUTH is OFF | n/a |
| XAuthPasswordEncryption | string | XAUTH Password Encryption | String value is either “Prompt” or not present | n/a |
| LocalIdentifier | string | Local Identifier | The name of the group to use. If Hybrid Authentication is used, the string must end with “[hybrid]” | n/a |
| LocalIdentifierType | string | Local Identifier Type | Present only if AuthenticationMethod = SharedSecret. Must be “KeyID” | n/a |
| SharedSecret | data | Shared Secret | The shared secret for this VPN account | n/a |
| PayloadCertificateUUID | string | Certificate UUID | The UUID of the certificate to use for account credentials | n/a |
| PromptForVPNPIN | boolean | Prompt for PIN | If set, user will be prompted for a PIN when connecting | n/a |
| OnDemandEnabled | integer | Enable VPN On Demand | Enable VPN On Demand | n/a |
| OnDemandMatchDomainsAlways | array | On Demand Match Domains Always | n/a | |
| OnDemandMatchDomainsNever | array | On Demand Match Domains Never | n/a | |
| OnDemandMatchDomainsOnRetry | array | On Demand Match Domains On Retry | n/a | |
| OnDemandRules | array | On Demand Rules | An array of dictionaries defining On Demand Rules | n/a |
Keys¶
RemoteAddress¶
Remote Address
IP address or hostname of the VPN server
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
AuthenticationMethod¶
Authentication Method
Authentication method. Either shared secret or certificate
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- SharedSecret
- Certificate
XAuthName¶
Username
Username for VPN account
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
XAuthPassword¶
Password
Password for VPN account
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
XAuthEnabled¶
XAUTH Enabled
1 if XAUTH is ON, 0 if XAUTH is OFF
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| integer | N/A | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- 0
- 1
XAuthPasswordEncryption¶
XAUTH Password Encryption
String value is either “Prompt” or not present
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- Prompt
LocalIdentifier¶
Local Identifier
The name of the group to use. If Hybrid Authentication is used, the string must end with “[hybrid]”
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
LocalIdentifierType¶
Local Identifier Type
Present only if AuthenticationMethod = SharedSecret. Must be “KeyID”
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- KeyID
PayloadCertificateUUID¶
Certificate UUID
The UUID of the certificate to use for account credentials
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
PromptForVPNPIN¶
Prompt for PIN
If set, user will be prompted for a PIN when connecting
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | N/A | N/A | N/A | N/A | N/A | N/A |
OnDemandEnabled¶
Enable VPN On Demand
Enable VPN On Demand
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| integer | N/A | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- 0
- 1
OnDemandMatchDomainsAlways¶
On Demand Match Domains Always
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
OnDemandMatchDomainsNever¶
On Demand Match Domains Never
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
OnDemandMatchDomainsOnRetry¶
On Demand Match Domains On Retry
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |