I had a configuration profile that I had set up on iOS 6, so that when a certain URL is hit, the VPN kicks in.
I was doing this using the following configuration profile keys:
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandMatchDomainsAlways</key>
<array>
<string>my_homepage.com</string>
</array>
On iOS 6, this appears to work fine. However, in iOS 7, it looks like OnDemandMatchDomainAlways has been deprecated in favor of the OnDemandRules key, and the default behavior of "OnDemandMatchDomainAlways" is to behave like "OnDemandMatchDomainsOnRetry". So now, i am trying to get my previous setup to work on iOS 7, by using the OnDemandRules key, as follows:
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Connect</string>
<key>DNSDomainMatch</key>
<array>
<string>my_homepage.com</string>
</array>
</dict>
</array>
I also tried setting it up using this method:
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>Domains</key>
<array>
<string>url-that-redirects-if-vpn-off.com</string>
</array>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
</dict>
</array>
</dict>
</array>
However, none of these methods seems to work. Does anyone know how to set up an iOS VPN profile so that the VPN OnDemand feature works on iOS 7 the same way it did on iOS6?
Thanks in advance,
I ran into the same problem and was able to get on-demand functionality again by placing the OnDemanRules key as part of the IPSec block, i.e.,
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<!-- Other IPSEC VPN properties here. -->
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Connect</string>
<key>DNSDomainMatch</key>
<array>
<string>my_homepage.com</string>
</array>
</dict>
</array>
</dict>
Note that this contradicts the published Configuration Profile Reference document. But, in my case, it made things work.