DEV Community

loading...

User needs Always On VPN on iOS

...Horse?
・1 min read

Issue:
iOS user needs access to a StrongSwan VPN.

Current Solution:
Create a custom .mobileconfig file for IKEv2 from a template. The template was originally create in Apple Configurator. I could create a brand new .mobileconfig file, but getting all the settings right was annoying. For now I just edit the username and password and distribute the .mobileconfig myself.

Planned Future Solution:

  • Enter user's full name into a script.
  • Semi-randomized username (ex. jjones-429875@mydomain.co) and complex password are generated.
  • Username and password are inserted into the .mobileconfig file.
  • Username and password are added to the /etc/ipsec.secrets file on the VPN server.
  • StrongSwan is restarted.

Example Code Snippet:

...
<key>AuthName</key>
<string>USERNAME@mydomain.co</string>
<key>AuthPassword</key>
<string>LONG COMPLEX PASSPHRASE</string>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>ChildSecurityAssociationParameters</key>
...
Enter fullscreen mode Exit fullscreen mode

Reading all this makes me think that I need to learn our MDM better.

Discussion (0)