Last active
January 18, 2026 13:13
-
-
Save thomaswitt/2f847199863a103dfcf004fec3c538d0 to your computer and use it in GitHub Desktop.
An OnDemand VPN iOS profile for iPad and iPhone that automatically connects you to different VPNs (e.g. Meraki, FRITZ!Box and Streisand) | Blog-Entry: https://thomas-witt.com/auto-connect-your-ios-device-to-a-vpn-when-joining-an-unknown-wifi-d1df8100c4ba
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <!-- Home: Manual --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>Home: Manual</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Home: Manual</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.homemanual</string> | |
| <key>PayloadUUID</key> | |
| <string>D58846D4-51B5-437E-9147-199C811ABA1C</string> | |
| <key>VPNType</key> | |
| <string>IPSec</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>RemoteAddress</key> | |
| <string>CHANGEME_my-fritz-box.anydns.info</string> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>XAuthName</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>XAuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>XAuthEnabled</key> | |
| <integer>1</integer> | |
| <key>LocalIdentifier</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <string>CHANGEME_SHAREDSECRET</string> | |
| </dict> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- Home: WiFi --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>Home: WiFi</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Home: WiFi</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.homewifi</string> | |
| <key>PayloadUUID</key> | |
| <string>85284094-A9F5-47D7-A1CD-6F831B2FFAC0</string> | |
| <key>VPNType</key> | |
| <string>IPSec</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>RemoteAddress</key> | |
| <string>CHANGEME_my-fritz-box.anydns.info</string> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>XAuthName</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>XAuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>XAuthEnabled</key> | |
| <integer>1</integer> | |
| <key>LocalIdentifier</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <string>CHANGEME_SHAREDSECRET</string> | |
| </dict> | |
| <key>OnDemandEnabled</key> | |
| <integer>1</integer> | |
| <key>OnDemandRules</key> | |
| <array> | |
| <dict> | |
| <key>InterfaceTypeMatch</key> | |
| <string>WiFi</string> | |
| <key>SSIDMatch</key> | |
| <array> | |
| <string>CHANGEME_HomeNetwork5</string> | |
| <string>CHANGEME_HomeNetwork</string> | |
| <string>CHANGEME_CompanyNetwork5</string> | |
| <string>CHANGEME_CompanyNetwork</string> | |
| </array> | |
| <key>Action</key> | |
| <string>Disconnect</string> | |
| </dict> | |
| <dict> | |
| <key>InterfaceTypeMatch</key> | |
| <string>WiFi</string> | |
| <key>Action</key> | |
| <string>Connect</string> | |
| </dict> | |
| <dict> | |
| <!-- VPN Default state --> | |
| <key>Action</key> | |
| <string>Disconnect</string> | |
| </dict> | |
| </array> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- Home: Always --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>Home: Always</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Home: Always</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.homealways</string> | |
| <key>PayloadUUID</key> | |
| <string>C58019ED-9BC1-429F-A457-99FD6D91A0D6</string> | |
| <key>VPNType</key> | |
| <string>IPSec</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>RemoteAddress</key> | |
| <string>CHANGEME_my-fritz-box.anydns.info</string> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>XAuthName</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>XAuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>XAuthEnabled</key> | |
| <integer>1</integer> | |
| <key>LocalIdentifier</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <string>CHANGEME_SHAREDSECRET</string> | |
| </dict> | |
| <key>OnDemandEnabled</key> | |
| <integer>1</integer> | |
| <key>OnDemandRules</key> | |
| <array> | |
| <dict> | |
| <!-- VPN Default state --> | |
| <key>Action</key> | |
| <string>Connect</string> | |
| </dict> | |
| </array> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- ====================================================================================== --> | |
| <!-- Company (Meraki): Manual --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>Company: Manual</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Company: Manual</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.companymanual</string> | |
| <key>PayloadUUID</key> | |
| <string>EE68308C-FB8C-4209-9F5A-629755244190</string> | |
| <key>VPNType</key> | |
| <string>L2TP</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <string>CHANGEME_SHAREDSECRET</string> | |
| </dict> | |
| <key>PPP</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>AuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>CommRemoteAddress</key> | |
| <string>CHANGEME_router.company.com</string> | |
| </dict> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- Company (Meraki): WiFi --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>Company: WiFi</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Company: WiFi</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.companywifi</string> | |
| <key>PayloadUUID</key> | |
| <string>21549F1D-0662-4111-8230-0F8BFD706090</string> | |
| <key>VPNType</key> | |
| <string>L2TP</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <string>CHANGEME_SHAREDSECRET</string> | |
| </dict> | |
| <key>PPP</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>AuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>CommRemoteAddress</key> | |
| <string>CHANGEME_router.company.com</string> | |
| </dict> | |
| <key>OnDemandEnabled</key> | |
| <integer>1</integer> | |
| <key>OnDemandRules</key> | |
| <array> | |
| <dict> | |
| <key>InterfaceTypeMatch</key> | |
| <string>WiFi</string> | |
| <key>SSIDMatch</key> | |
| <array> | |
| <string>CHANGEME_HomeNetwork5</string> | |
| <string>CHANGEME_HomeNetwork</string> | |
| <string>CHANGEME_CompanyNetwork5</string> | |
| <string>CHANGEME_CompanyNetwork</string> | |
| </array> | |
| <key>Action</key> | |
| <string>Disconnect</string> | |
| </dict> | |
| <dict> | |
| <key>InterfaceTypeMatch</key> | |
| <string>WiFi</string> | |
| <key>Action</key> | |
| <string>Connect</string> | |
| </dict> | |
| <dict> | |
| <!-- VPN Default state --> | |
| <key>Action</key> | |
| <string>Disconnect</string> | |
| </dict> | |
| </array> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- Company (Meraki): Always --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>Company: Always</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Company: Always</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.companyalways</string> | |
| <key>PayloadUUID</key> | |
| <string>6011F604-73E7-4473-8811-FDBB3AE8FBE5</string> | |
| <key>VPNType</key> | |
| <string>L2TP</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <string>CHANGEME_SHAREDSECRET</string> | |
| </dict> | |
| <key>PPP</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>CHANGEME_USERNAME</string> | |
| <key>AuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>CommRemoteAddress</key> | |
| <string>CHANGEME_router.company.com</string> | |
| </dict> | |
| <key>OnDemandEnabled</key> | |
| <integer>1</integer> | |
| <key>OnDemandRules</key> | |
| <array> | |
| <dict> | |
| <!-- VPN Default state --> | |
| <key>Action</key> | |
| <string>Connect</string> | |
| </dict> | |
| </array> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- ====================================================================================== --> | |
| <!-- AWS Streisand: Manual --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>AWS: Manual</string> | |
| <key>PayloadDisplayName</key> | |
| <string>AWS: Manual</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.awsmanual</string> | |
| <key>PayloadUUID</key> | |
| <string>16EF541B-CF77-4BF2-871F-CEB688D6BE35</string> | |
| <key>VPNType</key> | |
| <string>L2TP</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <data>CHANGEME_SHAREDSECRET</data> | |
| </dict> | |
| <key>PPP</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>streisand</string> | |
| <key>AuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>CommRemoteAddress</key> | |
| <string>CHANGEME_STREISAND_ELASIC_IP_1.2.3.4</string> | |
| </dict> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- AWS Streisand: WiFi --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>AWS: WiFi</string> | |
| <key>PayloadDisplayName</key> | |
| <string>AWS: WiFi</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.awswifi</string> | |
| <key>PayloadUUID</key> | |
| <string>BEC1320F-BC55-45C2-A588-0D9EA9C08B81</string> | |
| <key>VPNType</key> | |
| <string>L2TP</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <data>CHANGEME_SHAREDSECRET</data> | |
| </dict> | |
| <key>PPP</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>streisand</string> | |
| <key>AuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>CommRemoteAddress</key> | |
| <string>CHANGEME_STREISAND_ELASIC_IP_1.2.3.4</string> | |
| </dict> | |
| <key>OnDemandEnabled</key> | |
| <integer>1</integer> | |
| <key>OnDemandRules</key> | |
| <array> | |
| <dict> | |
| <key>InterfaceTypeMatch</key> | |
| <string>WiFi</string> | |
| <key>SSIDMatch</key> | |
| <array> | |
| <string>CHANGEME_HomeNetwork5</string> | |
| <string>CHANGEME_HomeNetwork</string> | |
| <string>CHANGEME_CompanyNetwork5</string> | |
| <string>CHANGEME_CompanyNetwork</string> | |
| </array> | |
| <key>Action</key> | |
| <string>Disconnect</string> | |
| </dict> | |
| <dict> | |
| <key>InterfaceTypeMatch</key> | |
| <string>WiFi</string> | |
| <key>Action</key> | |
| <string>Connect</string> | |
| </dict> | |
| <dict> | |
| <!-- VPN Default state --> | |
| <key>Action</key> | |
| <string>Disconnect</string> | |
| </dict> | |
| </array> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <!-- AWS Streisand: Always --> | |
| <dict> | |
| <key>UserDefinedName</key> | |
| <string>AWS: Always</string> | |
| <key>PayloadDisplayName</key> | |
| <string>AWS: Always</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.thomas-witt.vpn.awsalways</string> | |
| <key>PayloadUUID</key> | |
| <string>E4676C88-3881-4475-99E0-0EB399137B58</string> | |
| <key>VPNType</key> | |
| <string>L2TP</string> | |
| <key>IPSec</key> | |
| <dict> | |
| <key>AuthenticationMethod</key> | |
| <string>SharedSecret</string> | |
| <key>LocalIdentifierType</key> | |
| <string>KeyID</string> | |
| <key>SharedSecret</key> | |
| <data>CHANGEME_SHAREDSECRET</data> | |
| </dict> | |
| <key>PPP</key> | |
| <dict> | |
| <key>AuthName</key> | |
| <string>streisand</string> | |
| <key>AuthPassword</key> | |
| <string>CHANGEME_PASSWORD</string> | |
| <key>CommRemoteAddress</key> | |
| <string>CHANGEME_STREISAND_ELASIC_IP_1.2.3.4</string> | |
| </dict> | |
| <key>OnDemandEnabled</key> | |
| <integer>1</integer> | |
| <key>OnDemandRules</key> | |
| <array> | |
| <dict> | |
| <!-- VPN Default state --> | |
| <key>Action</key> | |
| <string>Connect</string> | |
| </dict> | |
| </array> | |
| <key>OverridePrimary</key> | |
| <true/> | |
| <key>IPv4</key> | |
| <dict> | |
| <key>OverridePrimary</key> | |
| <integer>1</integer> | |
| </dict> | |
| <key>PayloadType</key> | |
| <string>com.apple.vpn.managed</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>VPN Configurations</string> | |
| <key>PayloadIdentifier</key> | |
| <string>TW.BAB78424-28FB-4654-915D-93D0CB87CC7B</string> | |
| <key>PayloadRemovalDisallowed</key> | |
| <false/> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>A9F4B095-4336-4ECD-A2B2-3D52D778E743</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> | |
If I already have an OpenVPN profile set up on my iPad, is there a way to just have the iPad use that all the time whenever I’m connected, whether I’m on my home Wifi or on a public Wifi? In that case the VPNSubType key should be net.openvpn.connect.app, correct?
👍 Perfect, its working. Can you create mobileconfig for openvpn too?
Thank you. This is just what i needed.
@thomaswitt I have a TailScale App. How do I configure this to use it with that? and change the home settings accordingly?
Same question here. I'd love to know the config for Tailscale :-)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Awesome gist, I was looking for something to do exactly this. You may want to fix lines 378, 421, and 494. It's not incriminating information, but I thought I would point it out. Thanks again!