diff options
Diffstat (limited to 'data/templates/ipsec/ios_profile.tmpl')
-rw-r--r-- | data/templates/ipsec/ios_profile.tmpl | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/data/templates/ipsec/ios_profile.tmpl b/data/templates/ipsec/ios_profile.tmpl deleted file mode 100644 index c8e17729a..000000000 --- a/data/templates/ipsec/ios_profile.tmpl +++ /dev/null @@ -1,104 +0,0 @@ -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <!-- Set the name to whatever you like, it is used in the profile list on the device --> - <key>PayloadDisplayName</key> - <string>{{ profile_name }}</string> - <!-- This is a reverse-DNS style unique identifier used to detect duplicate profiles --> - <key>PayloadIdentifier</key> - <string>{{ rfqdn }}</string> - <!-- A globally unique identifier, use uuidgen on Linux/Mac OS X to generate it --> - <key>PayloadUUID</key> - <string>{{ '' | get_uuid }}</string> - <key>PayloadType</key> - <string>Configuration</string> - <key>PayloadVersion</key> - <integer>1</integer> - <key>PayloadContent</key> - <array> - <!-- It is possible to add multiple VPN payloads with different identifiers/UUIDs and names --> - <dict> - <!-- This is an extension of the identifier given above --> - <key>PayloadIdentifier</key> - <string>{{ rfqdn }}.conf1</string> - <!-- A globally unique identifier for this payload --> - <key>PayloadUUID</key> - <string>{{ '' | get_uuid }}</string> - <key>PayloadType</key> - <string>com.apple.vpn.managed</string> - <key>PayloadVersion</key> - <integer>1</integer> - <!-- This is the name of the VPN connection as seen in the VPN application later --> - <key>UserDefinedName</key> - <string>{{ vpn_name }}</string> - <key>VPNType</key> - <string>IKEv2</string> - <key>IKEv2</key> - <dict> - <!-- Hostname or IP address of the VPN server --> - <key>RemoteAddress</key> - <string>{{ remote }}</string> - <!-- Remote identity, can be a FQDN, a userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be empty. - IMPORTANT: DNs are currently not handled correctly, they are always sent as identities of type FQDN --> - <key>RemoteIdentifier</key> - <string>{{ authentication.id if authentication.id is vyos_defined else 'VyOS' }}</string> - <!-- Local IKE identity, same restrictions as above. If it is empty the client's IP address will be used --> - <key>LocalIdentifier</key> - <string></string> - <!-- Optional, if it matches the CN of the root CA certificate (not the full subject DN) a certificate request will be sent - NOTE: If this is not configured make sure to configure leftsendcert=always on the server, otherwise it won't send its certificate --> - <key>ServerCertificateIssuerCommonName</key> - <string>{{ ca_cn }}</string> - <!-- Optional, the CN or one of the subjectAltNames of the server certificate to verify it, if not set RemoteIdentifier will be used --> - <key>ServerCertificateCommonName</key> - <string>{{ cert_cn }}</string> - <!-- The server is authenticated using a certificate --> - <key>AuthenticationMethod</key> - <string>Certificate</string> - <!-- The client uses EAP to authenticate --> - <key>ExtendedAuthEnabled</key> - <integer>1</integer> - <!-- The next two dictionaries are optional (as are the keys in them), but it is recommended to specify them as the default is to use 3DES. - IMPORTANT: Because only one proposal is sent (even if nothing is configured here) it must match the server configuration --> - <key>IKESecurityAssociationParameters</key> - <dict> - <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2encryptionalgorithm --> - <key>EncryptionAlgorithm</key> - <string>{{ ike_encryption.encryption }}</string> - <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2integrityalgorithm --> - <key>IntegrityAlgorithm</key> - <string>{{ ike_encryption.hash }}</string> - <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2diffiehellmangroup --> - <key>DiffieHellmanGroup</key> - <integer>{{ ike_encryption.dh_group }}</integer> - </dict> - <key>ChildSecurityAssociationParameters</key> - <dict> - <key>EncryptionAlgorithm</key> - <string>{{ esp_encryption.encryption }}</string> - <key>IntegrityAlgorithm</key> - <string>{{ esp_encryption.hash }}</string> - <key>DiffieHellmanGroup</key> - <integer>{{ ike_encryption.dh_group }}</integer> - </dict> - </dict> - </dict> - <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration --> - <dict> - <key>PayloadIdentifier</key> - <string>org.example.ca</string> - <key>PayloadUUID</key> - <string>{{ '' | get_uuid }}</string> - <key>PayloadType</key> - <string>com.apple.security.root</string> - <key>PayloadVersion</key> - <integer>1</integer> - <!-- This is the Base64 (PEM) encoded CA certificate --> - <key>PayloadContent</key> - <data> - {{ ca_cert }} - </data> - </dict> - </array> -</dict> -</plist> |