<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/

1. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
2. <plist version="1.0">
3. <dict>
4. <!-- Set the name to whatever you like, it is used in the profile list on the device -->
5. <key>PayloadDisplayName</key>
6. <string>mscc2</string>
7. <!-- This is a reverse-DNS style unique identifier used to detect duplicate profiles -->
8. <key>PayloadIdentifier</key>
9. <string>mm22.no-ip.org.vpn1</string>
10. <!-- A globally unique identifier, use uuidgen on Linux/Mac OS X to generate it -->
11. <key>PayloadUUID</key>
12. <string>c9aa0cfb-8d77-46f7-b9fd-20982e201fac</string>
13. <key>PayloadType</key>
14. <string>Configuration</string>
15. <key>PayloadVersion</key>
16. <integer>1</integer>
17. <key>PayloadContent</key>
18. <array>
19. <!-- It is possible to add multiple VPN payloads with different identifiers/UUIDs and names -->
20. <dict>
21. <!-- This is an extension of the identifier given above -->
22. <key>PayloadIdentifier</key>
23. <string>mm22.no-ip.org.vpn1.conf1</string>
24. <!-- A globally unique identifier for this payload -->
25. <key>PayloadUUID</key>
26. <string>329a2924-0aea-48bd-ae30-327f8698f126</string>
27. <key>PayloadType</key>
28. <string>com.apple.vpn.managed</string>
29. <key>PayloadVersion</key>
30. <integer>1</integer>
31. <!-- This is the name of the VPN conneciton as seen in the VPN application later -->
32. <key>UserDefinedName</key>
33. <string>mm22.no-ip.org</string>
34. <key>VPNType</key>
35. <string>IKEv2</string>
36. <key>IKEv2</key>
37. <dict>
38. <!-- Hostname or IP address of the VPN server -->
39. <key>RemoteAddress</key>
40. <string>mm22.no-ip.org</string>
41. <!-- Remote identity, can be a FQDN, a userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be empty.
42. IMPORTANT: DNs are currently not handled correctly, they are always sent as identities of type FQDN -->
43. <key>RemoteIdentifier</key>
44. <string>mm22.no-ip.org</string>
45. <!-- Local IKE identity, same restrictions as above. If it is empty the client's IP address will be used -->
46. <key>LocalIdentifier</key>
47. <string>SmPhone</string>
48. <!-- Optional, if it matches the CN of the root CA certificate (not the full subject DN) a certificate request will be sent
49. NOTE: If this is not configured make sure to configure leftsendcert=always on the server, otherwise it won't send its certificate -->
50. <key>ServerCertificateIssuerCommonName</key>
51. <string>Example Root CA</string>
52. <!-- Optional, the CN or one of the subjectAltNames of the server certificate to verify it, if not set RemoteIdentifier will be used -->
53. <key>ServerCertificateCommonName</key>
54. <string>mm22.no-ip.org</string>
55. <!-- The server is authenticated using a certificate -->
56. <key>AuthenticationMethod</key>
57. <string>Certificate</string>
58. <!-- The client uses EAP to authenticate -->
59. <key>ExtendedAuthEnabled</key>
60. <integer>0</integer>
61. <!-- User name for EAP authentication, must be set as there is currently no prompt during installation.
62. IMPORTANT: Because there is no prompt and this value cannot be changed later on the device a separate profile is required for every user -->
63. <key>AuthName</key>
64. <string>SmPhone</string>
65. <!-- Optional password for EAP authentication, if it is not set the user is prompted when the profile is installed -->
66. <key>AuthPassword</key>
67. <string>aaa</string>
68.  
69. <!-- The next two dictionaries are optional (as are the keys in them), but it is recommended to specify them as the default is to use 3DES.
70. IMPORTANT: Because only one proposal is sent (even if nothing is configured here) it must match the server configuration -->
71. <key>IKESecurityAssociationParameters</key>
72. <dict>
73. <key>EncryptionAlgorithm</key>
74. <string>AES-128</string>
75. <key>IntegrityAlgorithm</key>
76. <string>SHA1-96</string>
77. <key>DiffieHellmanGroup</key>
78. <integer>14</integer>
79. </dict>
80. <key>ChildSecurityAssociationParameters</key>
81. <dict>
82. <key>EncryptionAlgorithm</key>
83. <string>AES-128</string>
84. <key>IntegrityAlgorithm</key>
85. <string>SHA1-96</string>
86. <key>DiffieHellmanGroup</key>
87. <integer>14</integer>
88. </dict>
89.  
90.  
91. <!-- Similarly, instead of AuthName and AuthPassword, we configure the certificate to use -->
92. <key>PayloadCertificateUUID</key>
93. <string>66a69132-de50-4124-9eff-eea42e0e3feb</string>
94.  
95. </dict>
96. </dict>
97.  
98. <dict>
99. <key>PayloadIdentifier</key>
100. <string>mm22.no-ip.org.vpn1.client</string>
101. <key>PayloadUUID</key>
102. <string>66a69132-de50-4124-9eff-eea42e0e3feb</string>
103. <key>PayloadType</key>
104. <string>com.apple.security.pkcs12</string>
105. <key>PayloadVersion</key>
106. <integer>1</integer>
107. <!-- Optional password to decrypt the PKCS#12 container, if not set the user is prompted when installing the profile
108. <key>Password</key>
109. <string>...</string>
110. -->
111. <!-- This is the Base64 encoded PKCS#12 container with the certificate and private key for the client.
112. IMPORTANT: The CA certificate will not be extracted from the container, so either install it separately or include it as payload (as seen above) -->
113. <key>PayloadContent</key>
114. <data>
115. MIINJvVxjFeBWACQ4nTlaVqZL00d1Xt6ZCIUYAmnMZtHDnURttL
116. cuted
117. /P2dgICCAA=
118. </data>
119. </dict>
120.  
121.  
122. <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration -->
123. <dict>
124. <key>PayloadIdentifier</key>
125. <string>mm22.ca</string>
126. <key>PayloadUUID</key>
127. <string>59571b10-f74d-4970-9cde-f3243f9c48b3</string>
128. <key>PayloadType</key>
129. <string>com.apple.security.root</string>
130. <key>PayloadVersion</key>
131. <integer>1</integer>
132. <!-- This is the Base64 (PEM) encoded CA certificate -->
133. <key>PayloadContent</key>
134. <data>
135. MIIDUTC
136. cuted
137. DmA==
138. </data>
139. </dict>
140.  
141.  
142.  
143. </array>
144. </dict>
145. </plist>