This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IOS VPN On Demand

I currently have On Demand VPN configured for my iPhone to the UTM. In "On Demand" mode it prompts me for my remote access user password on my IOS device each time it's triggered. If I disable On Demand on the UTM side, I can input my password in the IOS VPN Profile and it wont ask.

Anyone know if it's possible to somehow tell the On Demand functionality to remember my user password for VPN?

Thanks!

This thread was automatically locked due to age.

Parents

0 TheEther over 10 years ago

I got it to work..

It was pretty easy actually..

From my MacBook I logged into the http://nameofyourUTM as my vpnuser.  I clicked on Remote Access then "install" under "IOS Device VPN Configuration".  The XML file ending in .mobileconfig is just downloaded as a text file to my laptop.  It turned out that PromptForVPNPIN is already set to false but the XAuthPassword line is not there.  In my favorite plain text editor I simply added it right under the PromptForVPNPIN line and added my password as a clear text string (replacing the myVPNuserPassword) text with it.

I then SCP'd the blah.mobileconfig file to loginuser@NameOfUTM:/~

Once SSH'd in as loginuser I su'd to root and copied the blah.mobileconfig file to /var/sec/chroot-httpd/var/jape

I cd'd to /var/sec/chroot-httpd/var/jape
executed a chmod 644 blah.mobileconfig

Then from my iPhone I directed Safari to https://NameOfUTM/blah.mobileconfig

Presto!  The iPhone wanted to load a new profile.  So I deleted the old profile on the phone, loaded the new profile and this time during the configuration it asked me for my vpnuser password.

VPN on Demand now works!  I use an app all the time to connect my home security and automation system, sure is nice to just fire it up and have it automatically connect.  I've been wanting this functionality for a LONG time..

Calling this case closed.. One last thing though.. You really don't want to leave that blah.mobileconfig file sitting around.  I deleted it from the /var/sec/chroot-httpd/var/jape directory.  I keep a copy in an encrypted vault on my laptop.  Word to the wise n stuff..

Ether..
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TheEther over 10 years ago

I got it to work..

It was pretty easy actually..

From my MacBook I logged into the http://nameofyourUTM as my vpnuser.  I clicked on Remote Access then "install" under "IOS Device VPN Configuration".  The XML file ending in .mobileconfig is just downloaded as a text file to my laptop.  It turned out that PromptForVPNPIN is already set to false but the XAuthPassword line is not there.  In my favorite plain text editor I simply added it right under the PromptForVPNPIN line and added my password as a clear text string (replacing the myVPNuserPassword) text with it.

I then SCP'd the blah.mobileconfig file to loginuser@NameOfUTM:/~

Once SSH'd in as loginuser I su'd to root and copied the blah.mobileconfig file to /var/sec/chroot-httpd/var/jape

I cd'd to /var/sec/chroot-httpd/var/jape
executed a chmod 644 blah.mobileconfig

Then from my iPhone I directed Safari to https://NameOfUTM/blah.mobileconfig

Presto!  The iPhone wanted to load a new profile.  So I deleted the old profile on the phone, loaded the new profile and this time during the configuration it asked me for my vpnuser password.

VPN on Demand now works!  I use an app all the time to connect my home security and automation system, sure is nice to just fire it up and have it automatically connect.  I've been wanting this functionality for a LONG time..

Calling this case closed.. One last thing though.. You really don't want to leave that blah.mobileconfig file sitting around.  I deleted it from the /var/sec/chroot-httpd/var/jape directory.  I keep a copy in an encrypted vault on my laptop.  Word to the wise n stuff..

Ether..
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data