iOS user needs access to a StrongSwan VPN.
Create a custom .mobileconfig file for IKEv2 from a template. The template was originally create in Apple Configurator. I could create a brand new .mobileconfig file, but getting all the settings right was annoying. For now I just edit the username and password and distribute the .mobileconfig myself.
Planned Future Solution:
- Enter user's full name into a script.
- Semi-randomized username (ex. firstname.lastname@example.org) and complex password are generated.
- Username and password are inserted into the .mobileconfig file.
- Username and password are added to the /etc/ipsec.secrets file on the VPN server.
- StrongSwan is restarted.
Example Code Snippet:
... <key>AuthName</key> <string>USERNAME@mydomain.co</string> <key>AuthPassword</key> <string>LONG COMPLEX PASSPHRASE</string> <key>AuthenticationMethod</key> <string>Certificate</string> <key>ChildSecurityAssociationParameters</key> ...
Reading all this makes me think that I need to learn our MDM better.