Hi,
Ive been working with OpenVPN now for a week and a half. My client wants 'Always on' VPN functionality and also 'VPN on Demand' functionality for some employees all on iOS devices.
I have the Always on/Auto login functionality up and running without issue however I cant seem to get the on demand profile to work when the desired IP address is used within Safari etc.
I can see my on demand profile within the OpenVPN client however the slider below Disconnected inst available to select, not if this needs to be enabled for on demand like it is for the always on functionality.
Ive attached my mobileconfig file to see if anyone can help me on this issue. Any help would be much appreciated.
Many thanks,
Chris
My OpenVPN on Demand functionality doesnt seem to connect
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Mar 23, 2016 12:11 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Mar 23, 2016 12:11 pm
Re: My OpenVPN on Demand functionality doesnt seem to connec
Heres my config, some bits blanked out for security
==============================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>0</integer>
</dict>
<key>PayloadDescription</key>
<string>Configures VPN settings, including authentication.</string>
<key>PayloadDisplayName</key>
<string>VPN (OpenVPN: Murphys)</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>DF4FB82E-...</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Proxies</key>
<dict/>
<key>UserDefinedName</key>
<string>OpenVPN</string>
<key>VPN</key>
<dict>
<key>AuthName</key>
<string>USERNAME</string>
<key>AuthPassword</key>
<string>PASSWORD</string>
<key>AuthPasswordEncryption</key>
<string></string>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandMatchDomainsAlways</key>
<array>
<string>IP ADDRESS FOR VPN TRIGGER</string>
</array>
<key>PayloadCertificateUUID</key>
<string>563160F6-...</string>
<key>RemoteAddress</key>
<string>OPENVPN SERVER IP</string>
</dict>
<key>VPNSubType</key>
<string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>auth-user-pass</key>
<string>NOARGS</string>
<key>ca</key>
<string>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n</string>
<key>cert</key>
<string>-----BEGIN CERTIFICATE-----.....-----END CERTIFICATE-----\n</string>
<key>cipher</key>
<string>DES-EDE3-CBC</string>
<key>client</key>
<string>NOARGS</string>
<key>comp-lzo</key>
<string>NOARGS</string>
<key>dev</key>
<string>tun</string>
<key>key</key>
<string>-----BEGIN ENCRYPTED PRIVATE KEY-----.....-----END ENCRYPTED PRIVATE KEY-----\n</string>
<key>keysize</key>
<string>192</string>
<key>persist-key</key>
<string>NOARGS</string>
<key>persist-tun</key>
<string>NOARGS</string>
<key>proto</key>
<string>tcp</string>
<key>remote</key>
<string>IP OF OPENVPN SERVER and 443 PORT</string>
<key>reneg-sec</key>
<string>0</string>
<key>resolve-retry</key>
<string>infinite</string>
<key>tls-auth</key>
<string>-----BEGIN OpenVPN Static key V1-----.....-----END OpenVPN Static key V1-----\n</string>
<key>verb</key>
<string>3</string>
</dict>
</dict>
<dict>
<key>Password</key>
<string>PRIVATE KEY PASSWORD</string>
<key>PayloadCertificateFileName</key>
<string>CERT NAME</string>
<key>PayloadContent</key>
<data>
....
</data>
<key>PayloadDescription</key>
<string>Provides device authentication (certificate or identity).</string>
<key>PayloadDisplayName</key>
<string>CERT NAME</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
<key>PayloadUUID</key>
<string>563160F6-....</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>VPN Profile</string>
<key>PayloadDisplayName</key>
<string>TEST</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D2438B99-D510-48A3-963E-1173BD50EDE9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
==============================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>0</integer>
</dict>
<key>PayloadDescription</key>
<string>Configures VPN settings, including authentication.</string>
<key>PayloadDisplayName</key>
<string>VPN (OpenVPN: Murphys)</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>DF4FB82E-...</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Proxies</key>
<dict/>
<key>UserDefinedName</key>
<string>OpenVPN</string>
<key>VPN</key>
<dict>
<key>AuthName</key>
<string>USERNAME</string>
<key>AuthPassword</key>
<string>PASSWORD</string>
<key>AuthPasswordEncryption</key>
<string></string>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandMatchDomainsAlways</key>
<array>
<string>IP ADDRESS FOR VPN TRIGGER</string>
</array>
<key>PayloadCertificateUUID</key>
<string>563160F6-...</string>
<key>RemoteAddress</key>
<string>OPENVPN SERVER IP</string>
</dict>
<key>VPNSubType</key>
<string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>auth-user-pass</key>
<string>NOARGS</string>
<key>ca</key>
<string>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n</string>
<key>cert</key>
<string>-----BEGIN CERTIFICATE-----.....-----END CERTIFICATE-----\n</string>
<key>cipher</key>
<string>DES-EDE3-CBC</string>
<key>client</key>
<string>NOARGS</string>
<key>comp-lzo</key>
<string>NOARGS</string>
<key>dev</key>
<string>tun</string>
<key>key</key>
<string>-----BEGIN ENCRYPTED PRIVATE KEY-----.....-----END ENCRYPTED PRIVATE KEY-----\n</string>
<key>keysize</key>
<string>192</string>
<key>persist-key</key>
<string>NOARGS</string>
<key>persist-tun</key>
<string>NOARGS</string>
<key>proto</key>
<string>tcp</string>
<key>remote</key>
<string>IP OF OPENVPN SERVER and 443 PORT</string>
<key>reneg-sec</key>
<string>0</string>
<key>resolve-retry</key>
<string>infinite</string>
<key>tls-auth</key>
<string>-----BEGIN OpenVPN Static key V1-----.....-----END OpenVPN Static key V1-----\n</string>
<key>verb</key>
<string>3</string>
</dict>
</dict>
<dict>
<key>Password</key>
<string>PRIVATE KEY PASSWORD</string>
<key>PayloadCertificateFileName</key>
<string>CERT NAME</string>
<key>PayloadContent</key>
<data>
....
</data>
<key>PayloadDescription</key>
<string>Provides device authentication (certificate or identity).</string>
<key>PayloadDisplayName</key>
<string>CERT NAME</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
<key>PayloadUUID</key>
<string>563160F6-....</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>VPN Profile</string>
<key>PayloadDisplayName</key>
<string>TEST</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D2438B99-D510-48A3-963E-1173BD50EDE9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Mar 23, 2016 12:11 pm
Re: My OpenVPN on Demand functionality doesnt seem to connec
NOW RESOLVED
On Demand now working for me
On Demand now working for me
-
- OpenVpn Newbie
- Posts: 5
- Joined: Mon Jun 06, 2016 6:45 pm
Re: My OpenVPN on Demand functionality doesnt seem to connect
can you pls tell me how did you resolved.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Jun 04, 2018 12:32 pm
Re: My OpenVPN on Demand functionality doesnt seem to connect
can you pls tell us how did you resolved.
-
- OpenVPN User
- Posts: 46
- Joined: Fri Jun 10, 2011 12:03 am
Re: My OpenVPN on Demand functionality doesnt seem to connect
I would also like to know... please reply