Setting up a VPN Configuration Profile on iOS 7

ios7 vpn ondemand configuration-profile
Hawkeye001 picture Hawkeye001 · Sep 22, 2013 · Viewed 13.1k times · Source

I had a configuration profile that I had set up on iOS 6, so that when a certain URL is hit, the VPN kicks in.

I was doing this using the following configuration profile keys:

<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandMatchDomainsAlways</key>
<array>
    <string>my_homepage.com</string>
</array>

On iOS 6, this appears to work fine. However, in iOS 7, it looks like OnDemandMatchDomainAlways has been deprecated in favor of the OnDemandRules key, and the default behavior of "OnDemandMatchDomainAlways" is to behave like "OnDemandMatchDomainsOnRetry". So now, i am trying to get my previous setup to work on iOS 7, by using the OnDemandRules key, as follows:

<key>OnDemandRules</key>
<array>
    <dict>
        <key>Action</key>
        <string>Connect</string>
        <key>DNSDomainMatch</key>
        <array>
            <string>my_homepage.com</string>
        </array>
    </dict>
</array>

I also tried setting it up using this method:

<key>OnDemandRules</key>
    <array>
        <dict>
                    <key>Action</key>
            <string>EvaluateConnection</string>
            <key>ActionParameters</key>
            <array>
                <dict>
                    <key>Domains</key>
                    <array>
                        <string>url-that-redirects-if-vpn-off.com</string>
                    </array>
                    <key>DomainAction</key>
                    <string>ConnectIfNeeded</string>
            </dict>
        </array>
    </dict>
</array>

However, none of these methods seems to work. Does anyone know how to set up an iOS VPN profile so that the VPN OnDemand feature works on iOS 7 the same way it did on iOS6?

Thanks in advance,

Answer

ricardog picture ricardog · Sep 24, 2013

I ran into the same problem and was able to get on-demand functionality again by placing the OnDemanRules key as part of the IPSec block, i.e.,

<key>IPSec</key>
<dict>
    <key>AuthenticationMethod</key>
    <string>Certificate</string>

    <!-- Other IPSEC VPN properties here. -->

    <key>OnDemandEnabled</key>
    <integer>1</integer>
    <key>OnDemandRules</key>
    <array>
        <dict>
        <key>Action</key>
        <string>Connect</string>
        <key>DNSDomainMatch</key>
        <array>
          <string>my_homepage.com</string>
        </array>
    </dict>
    </array>
</dict>

Note that this contradicts the published Configuration Profile Reference document. But, in my case, it made things work.

Related questions

How to have vpn connection always on in iOS

I have a client requirement and he wants his VPN connection to be always on even when the device goes to sleep or switched off and on.I would like to know if there is a way to keep VPN …

Read More
How to change Status Bar text color in iOS

My application has a dark background, but in iOS 7 the status bar became transparent. So I can't see anything there, only the green battery indicator in the corner. How can I change the status bar text color to white like …

Read More
How to change Navigation Bar color in iOS 7?

How do I change the Navigation Bar color in iOS 7? Basically I want to achieve something like the Twitter Nav Bar (updated Twitter for iOS7 that is). I embedded-in a nav bar atop a view controller. All I want is …

Read More