Hi Team,
We are using NEAppProxyProvider.
For easy deployment using MDM like Intune\Jamf, we are able to find sample of System Extensions mobile config and use those.
But, there are no sample mobile configs available for AppProxy Provider. Cannot even find one in Apple Configurator.
I am not sure, if it is visible in comments to reply above.
It’s better to reply as a reply; if you reply in the comments, I’m not notified of that. For this and other hints, see Quinn’s Top Ten DevForums Tips.
The target machine is MacOS
Cool. I just happen to have one of those lying around. I’ve pasted the relevant snippets in below.
The weirdest thing in there is the ProviderDesignatedRequirement
property. For more background on that, see TN3127 Inside Code Signing: Requirements. That also shows the codesign
syntax to dump the DR of a program, which you can run against your provider to get the value you need for the ProviderDesignatedRequirement
property.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
<dict>
…
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
…
<key>VPNType</key>
<string>VPN</string>
<key>VPNSubType</key>
<string>com.example.apple-samplecode.QNE2AppProxyMac</string>
<key>UserDefinedName</key>
<string>QNEAppProxy</string>
<key>PayloadDescription</key>
<string>Configures VPN settings</string>
<key>PayloadDisplayName</key>
<string>VPN</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>VPNUUID</key>
<string>53349962-8857-451D-86FD-4904ABAC7392</string>
<key>VPN</key>
<dict>
<key>RemoteAddress</key>
<string>88.97.8.212</string>
<key>AuthenticationMethod</key>
<string>Password</string>
<key>AuthName</key>
<string>mrgumby</string>
<key>AuthPassword</key>
<string>opendoor</string>
<key>ProviderBundleIdentifier</key>
<string>com.example.apple-samplecode.QNE2AppProxyMac.SysEx</string>
<key>ProviderDesignatedRequirement</key>
<string>identifier "com.example.apple-samplecode.QNE2AppProxyMac.SysEx" and anchor apple generic and certificate leaf[subject.CN] = "Apple Development: Quinn Quinn (7XFU7D52S4)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */</string>
<key>OnDemandMatchAppEnabled</key>
<true/>
</dict>
…
</dict>