Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
- <plist version="1.0">
- <dict>
- <!-- Set the name to whatever you like, it is used in the profile list on the device -->
- <key>PayloadDisplayName</key>
- <string>mscc2</string>
- <!-- This is a reverse-DNS style unique identifier used to detect duplicate profiles -->
- <key>PayloadIdentifier</key>
- <string>mm22.no-ip.org.vpn1</string>
- <!-- A globally unique identifier, use uuidgen on Linux/Mac OS X to generate it -->
- <key>PayloadUUID</key>
- <string>c9aa0cfb-8d77-46f7-b9fd-20982e201fac</string>
- <key>PayloadType</key>
- <string>Configuration</string>
- <key>PayloadVersion</key>
- <integer>1</integer>
- <key>PayloadContent</key>
- <array>
- <!-- It is possible to add multiple VPN payloads with different identifiers/UUIDs and names -->
- <dict>
- <!-- This is an extension of the identifier given above -->
- <key>PayloadIdentifier</key>
- <string>mm22.no-ip.org.vpn1.conf1</string>
- <!-- A globally unique identifier for this payload -->
- <key>PayloadUUID</key>
- <string>329a2924-0aea-48bd-ae30-327f8698f126</string>
- <key>PayloadType</key>
- <string>com.apple.vpn.managed</string>
- <key>PayloadVersion</key>
- <integer>1</integer>
- <!-- This is the name of the VPN conneciton as seen in the VPN application later -->
- <key>UserDefinedName</key>
- <string>mm22.no-ip.org</string>
- <key>VPNType</key>
- <string>IKEv2</string>
- <key>IKEv2</key>
- <dict>
- <!-- Hostname or IP address of the VPN server -->
- <key>RemoteAddress</key>
- <string>mm22.no-ip.org</string>
- <!-- Remote identity, can be a FQDN, a userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be empty.
- IMPORTANT: DNs are currently not handled correctly, they are always sent as identities of type FQDN -->
- <key>RemoteIdentifier</key>
- <string>mm22.no-ip.org</string>
- <!-- Local IKE identity, same restrictions as above. If it is empty the client's IP address will be used -->
- <key>LocalIdentifier</key>
- <string>SmPhone</string>
- <!-- Optional, if it matches the CN of the root CA certificate (not the full subject DN) a certificate request will be sent
- NOTE: If this is not configured make sure to configure leftsendcert=always on the server, otherwise it won't send its certificate -->
- <key>ServerCertificateIssuerCommonName</key>
- <string>Example Root CA</string>
- <!-- Optional, the CN or one of the subjectAltNames of the server certificate to verify it, if not set RemoteIdentifier will be used -->
- <key>ServerCertificateCommonName</key>
- <string>mm22.no-ip.org</string>
- <!-- The server is authenticated using a certificate -->
- <key>AuthenticationMethod</key>
- <string>Certificate</string>
- <!-- The client uses EAP to authenticate -->
- <key>ExtendedAuthEnabled</key>
- <integer>0</integer>
- <!-- User name for EAP authentication, must be set as there is currently no prompt during installation.
- IMPORTANT: Because there is no prompt and this value cannot be changed later on the device a separate profile is required for every user -->
- <key>AuthName</key>
- <string>SmPhone</string>
- <!-- Optional password for EAP authentication, if it is not set the user is prompted when the profile is installed -->
- <key>AuthPassword</key>
- <string>aaa</string>
- <!-- The next two dictionaries are optional (as are the keys in them), but it is recommended to specify them as the default is to use 3DES.
- IMPORTANT: Because only one proposal is sent (even if nothing is configured here) it must match the server configuration -->
- <key>IKESecurityAssociationParameters</key>
- <dict>
- <key>EncryptionAlgorithm</key>
- <string>AES-128</string>
- <key>IntegrityAlgorithm</key>
- <string>SHA1-96</string>
- <key>DiffieHellmanGroup</key>
- <integer>14</integer>
- </dict>
- <key>ChildSecurityAssociationParameters</key>
- <dict>
- <key>EncryptionAlgorithm</key>
- <string>AES-128</string>
- <key>IntegrityAlgorithm</key>
- <string>SHA1-96</string>
- <key>DiffieHellmanGroup</key>
- <integer>14</integer>
- </dict>
- <!-- Similarly, instead of AuthName and AuthPassword, we configure the certificate to use -->
- <key>PayloadCertificateUUID</key>
- <string>66a69132-de50-4124-9eff-eea42e0e3feb</string>
- </dict>
- </dict>
- <dict>
- <key>PayloadIdentifier</key>
- <string>mm22.no-ip.org.vpn1.client</string>
- <key>PayloadUUID</key>
- <string>66a69132-de50-4124-9eff-eea42e0e3feb</string>
- <key>PayloadType</key>
- <string>com.apple.security.pkcs12</string>
- <key>PayloadVersion</key>
- <integer>1</integer>
- <!-- Optional password to decrypt the PKCS#12 container, if not set the user is prompted when installing the profile
- <key>Password</key>
- <string>...</string>
- -->
- <!-- This is the Base64 encoded PKCS#12 container with the certificate and private key for the client.
- IMPORTANT: The CA certificate will not be extracted from the container, so either install it separately or include it as payload (as seen above) -->
- <key>PayloadContent</key>
- <data>
- MIINJvVxjFeBWACQ4nTlaVqZL00d1Xt6ZCIUYAmnMZtHDnURttL
- cuted
- /P2dgICCAA=
- </data>
- </dict>
- <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration -->
- <dict>
- <key>PayloadIdentifier</key>
- <string>mm22.ca</string>
- <key>PayloadUUID</key>
- <string>59571b10-f74d-4970-9cde-f3243f9c48b3</string>
- <key>PayloadType</key>
- <string>com.apple.security.root</string>
- <key>PayloadVersion</key>
- <integer>1</integer>
- <!-- This is the Base64 (PEM) encoded CA certificate -->
- <key>PayloadContent</key>
- <data>
- MIIDUTC
- cuted
- DmA==
- </data>
- </dict>
- </array>
- </dict>
- </plist>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement