User Profile

I've been working on an experiment with an NEAppProxyProvider to read traffic flows with the end goal of an on-device content filter (not an ideal use of AppProxyProvider, I know)In order to properly test the app proxy provider, I need to figure out a proper profile for the per-app VPN configuration.The following is the configuration profile I'm using.<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> ... <key>PayloadContent</key> <array> <dict> <key>IPv4</key> <dict> <key>OverridePrimary</key> <integer>0</integer> </dict> <key>VPN</key> <dict> <key>RemoteAddress</key> <string>localhost</string> </dict> <key>VPNSubType</key> <string>org.example.PacketTunnelProviderApp</string> <key>VPNType</key> <string>VPN</string> <key>VPNUUID</key> <string>76c971d6-516f-4c79-b2b4-44313d249b38</string> <key>AuthenticationMethod</key> <string>None</string> <key>PayloadDescription</key> <string>Configures VPN settings</string> <key>PayloadDisplayName</key> <string>VPN</string> <key>PayloadIdentifier</key> <string>com.apple.vpn.managed.applayer.236F34CC-E35C-43E8-AA57-57F3823FB67E</string> <key>PayloadType</key> <string>com.apple.vpn.managed.applayer</string> <key>PayloadUUID</key> <string>236F34CC-E35C-43E8-AA57-57F3823FB67E</string> <key>PayloadVersion</key> <integer>1</integer> <key>ProviderType</key> <string>app-proxy</string> <key>Proxies</key> <dict> <key>HTTPEnable</key> <integer>0</integer> <key>HTTPSEnable</key> <integer>0</integer> </dict> <key>UserDefinedName</key> <string>CloudVeil VPN</string> <key>VendorConfig</key> <dict/> </dict> </array> <key>PayloadDescription</key> <string>This profile configures per-app VPN and VPN mappings for the packet tunnel</string> <key>PayloadDisplayName</key> <string>CloudVeil VPN Profile</string> <key>PayloadIdentifier</key> <string>CloudVeil-VPN.1B7F99BE-F5F4-44C1-BE70-7C52100D557E</string> <key>PayloadOrganization</key> <string>CloudVeil Technology, Inc.</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>4CB93F9C-D51C-45C6-A276-5CC96FDB78B2</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>And here are a few log entries from the configuration profile install.default15:22:34.729567 -0700authdSucceeded authorizing right 'system.privilege.admin' by client '/usr/libexec/mdmclient' [8929] for authorization created by '/usr/libexec/mdmclient' [8929] (3,0) (engine 231)error15:22:34.752179 -0700mdmclientNEConfiguration configurePluginWithPayload: unsupported authen type (null).error15:22:34.756208 -0700mdmclient[ERROR] <<<<< PlugIn: InstallPayload [NEProfileIngestionPlugin] Error: Error Domain=ConfigProfilePluginDomain Code=-319 "The ‘VPN Service’ payload could not be installed. The VPN service could not be created." UserInfo={NSLocalizedDescription=The ‘VPN Service’ payload could not be installed. The VPN service could not be created.} <<<<<default15:22:34.757148 -0700mdmclientMessageTracer: load_domain_whitelist_search_tree:73: Search tree file's format version number (0) is not supporteddefault15:22:34.782463 -0700authdSucceeded authorizing right 'system.privilege.admin' by client '/usr/libexec/mdmclient' [8929] for authorization created by '/usr/libexec/mdmclient' [8929] (3,0) (engine 232)error15:22:34.806946 -0700mdmclientCPProfileManager.installProfile returning error -319 (<private>)default15:23:05.667172 -0700mdmclientAttempting idle exit: mdmclient agentI think the error that's causing the problem is "unsupported authen type (null).", but there are no indications of that error anywhere. Has anyone ever run into this problem? What am I missing from my configuration profile?Any suggestions are greatly appreciated.