Hi,
We are trying to implement Aloways on vpn(IKEv2) in a slightly different way. Since there
are problems about the implementation of Maildomains and CalendarDomains in Applayer VPN (per app vpn: https://developer.apple.com/forums/thread/676815 )
we are trying to make whole vpn behave as per app.
By adding onDemandRules (with "ConnectIfNeeded"), the particular domains trigger the vpn connection. However
the same method to stop the vpn connection on specific domains does not work(with "NeverConnect").
For testing purposes, we have included two domains. If they are loaded from Safari, the VPN should stop its
connection, however, once the connection started by provided "ConnectIfNeed" domains, the connection never stops.
The profile is also provided below. Any help or advice is appreciated. Thanks in advance.
Code Block language <dict> <key>IKEv2</key> <dict> <key>AuthenticationMethod</key> <string>Certificate</string> <key>ChildSecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>14</integer> <key>EncryptionAlgorithm</key> <string>3DES</string> <key>IntegrityAlgorithm</key> <string>SHA1-96</string> <key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>DeadPeerDetectionRate</key> <string>Medium</string> <key>DisableMOBIKE</key> <integer>0</integer> <key>DisableRedirect</key> <integer>0</integer> <key>EnableCertificateRevocationCheck</key> <integer>0</integer> <key>EnablePFS</key> <integer>1</integer> <key>IKESecurityAssociationParameters</key> <dict> <key>DiffieHellmanGroup</key> <integer>14</integer> <key>EncryptionAlgorithm</key> <string>3DES</string> <key>IntegrityAlgorithm</key> <string>SHA1-96</string> <key>LifeTimeInMinutes</key> <integer>1440</integer> </dict> <key>OnDemandEnabled</key> <integer>1</integer> <key>LocalIdentifier</key> <string>user@example.com</string> <key>PayloadCertificateUUID</key> <string>d7aee729-ebca-4f2a-a137-efda5a9f219f</string> <key>RemoteAddress</key> <string>vpn.example.com</string> <key>RemoteIdentifier</key> <string>vpn.example.com</string> <key>UseConfigurationAttributeInternalIPSubnet</key> <integer>0</integer> <key>DisconnectOnIdle</key> <integer>1</integer> <key>OnDemandRules</key> <array> <dict> <key>Action</key> <string>EvaluateConnection</string> <key>ActionParameters</key> <array> <dict> <key>Domains</key> <array> <string>internal.lan</string> <string>outlook.internal.lan</string> </array> <key>DomainAction</key> <string>ConnectIfNeeded</string> </dict> </array> </dict> <dict> <key>Action</key> <string>EvaluateConnection</string> <key>ActionParameters</key> <array> <dict> <key>Domains</key> <array> <string>www.google.com</string> <string>www.bing.com</string> </array> <key>DomainAction</key> <string>NeverConnect</string> </dict> </array> </dict> </array> </dict>