PayloadDisplayName {{ profile_name }} PayloadIdentifier {{ rfqdn }} PayloadUUID {{ '' | get_uuid }} PayloadType Configuration PayloadVersion 1 PayloadContent PayloadIdentifier {{ rfqdn }}.conf1 PayloadUUID {{ '' | get_uuid }} PayloadType com.apple.vpn.managed PayloadVersion 1 UserDefinedName {{ vpn_name }} VPNType IKEv2 IKEv2 RemoteAddress {{ remote }} RemoteIdentifier {{ authentication.local_id if authentication.local_id is vyos_defined else 'VyOS' }} LocalIdentifier ServerCertificateIssuerCommonName {{ ca_common_name }} ServerCertificateCommonName {{ cert_common_name }} AuthenticationMethod Certificate {% if authentication.client_mode.startswith("eap") %} ExtendedAuthEnabled 1 {% endif %} IKESecurityAssociationParameters EncryptionAlgorithm {{ ike_encryption.encryption }} IntegrityAlgorithm {{ ike_encryption.hash }} DiffieHellmanGroup {{ ike_encryption.dh_group }} ChildSecurityAssociationParameters EncryptionAlgorithm {{ esp_encryption.encryption }} IntegrityAlgorithm {{ esp_encryption.hash }} {% if esp_encryption.pfs is vyos_defined %} DiffieHellmanGroup {{ esp_encryption.pfs }} {% endif %} EnablePFS {{ '1' if esp_encryption.pfs is vyos_defined else '0' }} {% if ca_certificates is vyos_defined %} {% for ca in ca_certificates %} PayloadIdentifier org.{{ ca.ca_name | lower | replace(' ', '.') | replace('_', '.') }} PayloadUUID {{ ca.ca_name | get_uuid }} PayloadType com.apple.security.root PayloadVersion 1 PayloadContent {{ ca.ca_chain }} {% endfor %} {% endif %}