OpenVPN Support Forum

Hi,

Ive been working with OpenVPN now for a week and a half. My client wants 'Always on' VPN functionality and also 'VPN on Demand' functionality for some employees all on iOS devices.

I have the Always on/Auto login functionality up and running without issue however I cant seem to get the on demand profile to work when the desired IP address is used within Safari etc.

I can see my on demand profile within the OpenVPN client however the slider below Disconnected inst available to select, not if this needs to be enabled for on demand like it is for the always on functionality.

Ive attached my mobileconfig file to see if anyone can help me on this issue. Any help would be much appreciated.

Many thanks,

Chris

Heres my config, some bits blanked out for security

==============================================================

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>0</integer>
</dict>
<key>PayloadDescription</key>
<string>Configures VPN settings, including authentication.</string>
<key>PayloadDisplayName</key>
<string>VPN (OpenVPN: Murphys)</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>DF4FB82E-...</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Proxies</key>
<dict/>
<key>UserDefinedName</key>
<string>OpenVPN</string>
<key>VPN</key>
<dict>
<key>AuthName</key>
<string>USERNAME</string>
<key>AuthPassword</key>
<string>PASSWORD</string>
<key>AuthPasswordEncryption</key>
<string></string>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandMatchDomainsAlways</key>
<array>
<string>IP ADDRESS FOR VPN TRIGGER</string>
</array>
<key>PayloadCertificateUUID</key>
<string>563160F6-...</string>
<key>RemoteAddress</key>
<string>OPENVPN SERVER IP</string>
</dict>
<key>VPNSubType</key>
<string>net.openvpn.OpenVPN-Connect.vpnplugin</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>auth-user-pass</key>
<string>NOARGS</string>
<key>ca</key>
<string>-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n</string>
<key>cert</key>
<string>-----BEGIN CERTIFICATE-----.....-----END CERTIFICATE-----\n</string>
<key>cipher</key>
<string>DES-EDE3-CBC</string>
<key>client</key>
<string>NOARGS</string>
<key>comp-lzo</key>
<string>NOARGS</string>
<key>dev</key>
<string>tun</string>
<key>key</key>
<string>-----BEGIN ENCRYPTED PRIVATE KEY-----.....-----END ENCRYPTED PRIVATE KEY-----\n</string>
<key>keysize</key>
<string>192</string>
<key>persist-key</key>
<string>NOARGS</string>
<key>persist-tun</key>
<string>NOARGS</string>
<key>proto</key>
<string>tcp</string>
<key>remote</key>
<string>IP OF OPENVPN SERVER and 443 PORT</string>
<key>reneg-sec</key>
<string>0</string>
<key>resolve-retry</key>
<string>infinite</string>
<key>tls-auth</key>
<string>-----BEGIN OpenVPN Static key V1-----.....-----END OpenVPN Static key V1-----\n</string>
<key>verb</key>
<string>3</string>
</dict>
</dict>
<dict>
<key>Password</key>
<string>PRIVATE KEY PASSWORD</string>
<key>PayloadCertificateFileName</key>
<string>CERT NAME</string>
<key>PayloadContent</key>
<data>
....
</data>
<key>PayloadDescription</key>
<string>Provides device authentication (certificate or identity).</string>
<key>PayloadDisplayName</key>
<string>CERT NAME</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
<key>PayloadUUID</key>
<string>563160F6-....</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>VPN Profile</string>
<key>PayloadDisplayName</key>
<string>TEST</string>
<key>PayloadIdentifier</key>
<string>com.app.app</string>
<key>PayloadOrganization</key>
<string>App</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D2438B99-D510-48A3-963E-1173BD50EDE9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

NOW RESOLVED

On Demand now working for me

can you pls tell me how did you resolved.

can you pls tell us how did you resolved.

I would also like to know... please reply