The excellent news is, you may configure it! The dangerous information is, it can’t be configured simply by means of the GUI. It seems to be like such a VPN configuration is taken into account to be a factor for organizations and never for shoppers.
Btw.: The key phrases for such a VPN configuration are VPN On Demand or At all times On VPN.
To implement such a VPN configuration, you could write a configuration profile and set up it in your iPhone.
Configuration profiles (within the Apple universe) might be seen because the equal of Group Coverage Objects (GPO) within the Microsoft world. They’re mainly XML information and subsequently fairly human readable. They are often created:
They are often deployed:
As a client, you won’t have entry to MDM or Apple Configurator (runs on macOS solely). So, I am going to cowl how one can write your configuration profile manually. In case you want all the small print, I like to recommend to learn this wonderful weblog article that I used as my important supply.
To ascertain a VPN connection as quickly as your iPhone connects to WiFi you want a configuration profile, that appears just like the next (reserve it to a file that ends with .mobileconfig):
<?xml model="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist model="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>UserDefinedName</key>
<string>VPN if WiFi</string>
<key>PayloadDisplayName</key>
<string>VPN if WiFi</string>
<key>PayloadIdentifier</key>
<string>any.distinctive.wanting.identify</string>
<key>PayloadUUID</key>
<string>05b44261-a564-4e3a-8026-ae5e3089c326</string>
<!-- VPN safety config -->
<key>VPNType</key>
<string>IPSec</string>
<key>IPSec</key>
<dict>
<key>RemoteAddress</key>
<string>CHANGE_ME_IpAddressOrDnsNameOfTheVpnServer</string>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>XAuthName</key>
<string>CHANGE_ME_Username</string>
<key>XAuthPassword</key>
<string>CHANGE_ME_UserPassword</string>
<key>XAuthEnabled</key>
<integer>1</integer>
<key>LocalIdentifier</key>
<string>CHANGE_ME_Username</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>SharedSecret</key>
<string>CHANGE_ME_SharedSecret</string>
</dict>
<!-- VPN on demand config -->
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<!-- SSID exceptions when to not set up a VPN connection (trusted WiFi's) -->
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>CHANGE_ME_MyHomeWiFiSsid</string>
<string>CHANGE_ME_MyTrustedFriendsWiFiSsid</string>
</array>
<key>Motion</key>
<string>Disconnect</string>
</dict>
<!-- Set up a VPN connection on every other WiFi connection -->
<dict>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>Motion</key>
<string>Join</string>
</dict>
<!-- Default motion (e. g. on mobile): No VPN -->
<dict>
<key>Motion</key>
<string>Disconnect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>VPN Configurations</string>
<key>PayloadIdentifier</key>
<string>1d195bcb-752a-44ec-b0c1-8d91af9ef1ed</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>e95c8935-e963-4609-bd24-cd57af79f7f4</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
This configuration profile is designed to determine a VPN connection to a FRITZ!Field router which makes use of IPSec with Mutual PSK + XAuth. In case you use completely different safety settings, it’s a must to modify the “VPN safety config” block. In any case, alter all strings prefixed by CHANGE_ME in response to your infrastructure.
The “VPN on demand config” block might be adjusted to exclude WiFi SSIDs the place no VPN connection needs to be established (e. g. your trusted WiFi’s).
The three GUIDs are random, exchange them by your personal random GUIDs (e. g. with New-Guid in PowerShell).
After you deployed and put in this configuration profile in your iPhone, you will discover an entry known as “VPN if WiFi” in your VPN connections. Choose it, and to any extent further your iPhone will robotically set up a VPN connection in case you are linked to WiFi (besides your trusted WiFi’s).
As an alternative of adjusting the above configuration profile, it’s also possible to use the html file of this undertaking on GitHub to generate a configuration profile for you.
