I seem to have the opposite problem of everyone else.
My VPN on demand works fine on the connection side. I have a set of OnDemandRules configured, and
* the VPN disconnects when the iPhone switches to the trusted ssid
* the VPN connects when the iPhone switches to the untrusted ssid
* the VPN connects when the iPhone accesses an internal URL.
However, once it's connected "on demand" to the internal URL, it will maintain the connection and not disconnect until I switch to the trusted ssid.
I have tried disabling seamless tunnel, disabling reconnect on wake, and changing the network state detection to off.
Additionally, I removed the keepalive on the server.
What am I missing?
Here is the section from the mobileconfig:
Code: Select all
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>DisconnectOnIdle</key>
<integer>1</integer>
<key>DisconnectOnIdleTimer</key>
<integer>30</integer>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Disconnect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>trusted</string>
</array>
</dict>
<dict>
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>untrusted</string>
</array>
</dict>
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
<key>Domains</key>
<array>
<string>internal.example.com</string>
</array>
</dict>
</array>
</dict>
<dict>
<key>Action</key>
<string>Disconnect</string>
</dict>
</array>