Contents

VPN

The payload that configures a VPN.

Declaration

object VPN

Properties

NameTypeDescription
AlwaysOnVPN.AlwaysOn

The dictionary to use when VPNType is AlwaysOn. Not available in tvOS or watchOS.

DNSVPN.DNS

A dictionary to use for all VPN types.

IKEv2VPN.IKEv2

The dictionary to use when VPNType is IKEv2.

IPSecVPN.IPSec

The dictionary that contains IPSec settings. Not available in watchOS.

IPv4VPN.IPv4

The dictionary that contains IPv4 settings. Not available in watchOS.

PPPVPN.PPP

The dictionary to use when VPNType is L2TP or PTPP. Not available in watchOS.

ProxiesVPN.Proxies

The dictionary to use to configure Proxies for use with VPN.

TransparentProxyVPN.TransparentProxy

The dictionary to use when VPNType is TransparentProxy. Available in macOS 14 and later.

UserDefinedName Requiredstring

The description of the VPN connection that the system displays on the device. Not available in watchOS.

VendorConfigVPN.VendorConfig

The vendor-specific configuration dictionary, which the system reads only when VPNSubType has a value. Not available in watchOS.

VPNVPN.VPN

The dictionary to use when VPNType is VPN.

VPNSubTypestring

An identifier for a vendor-specified configuration dictionary when the value for VPNType is VPN.

If VPNType is VPN, the system requires this field. If the configuration targets a VPN solution that uses a VPN plugin, then this field contains the bundle identifier of the plugin. Here are some examples:

  • Cisco AnyConnect: com.cisco.anyconnect.applevpn.plugin

  • Juniper SSL: net.juniper.sslvpn

  • F5 SSL: com.f5.F5-Edge-Client.vpnplugin

  • SonicWALL Mobile Connect: com.sonicwall.SonicWALL-SSLVPN.vpnplugin

  • ``Aruba VIA: com.arubanetworks.aruba-via.vpnplugin

If the configuration targets a VPN solution that uses a network extension provider, then this field contains the bundle identifier of the app that contains the provider. Contact the VPN solution vendor for the value of the identifier.

If VPNType is IKEv2, then the VPNSubType field is optional and reserved for future use. If it’s specified, it needs to contain an empty string.

Not available in watchOS.

VPNType Requiredstring

The type of the VPN, which defines which settings are appropriate for this VPN payload.

If the type is VPN or TransparentProxy, then the system requires a value for VPNSubType.

TransparentProxy is only available in macOS. L2TP and IPSec aren’t available in tvOS. AlwaysOn is only available on iOS and Apple Watch pairing isn’t supported with AlwaysOn. For a previously paired Apple Watch, all phone-watch communications cease when AlwaysOn is enabled. Not available in watchOS.

Discussion

Specify com.apple.vpn.managed as the payload type.

Profile availability

Device channel

iOS, macOS, Shared iPad, tvOS, visionOS

User channel

macOS

Allow manual install

iOS, macOS, tvOS, visionOS

Requires supervision

NA

Requires user-approved MDM

NA

Allowed in user enrollment

NA

Allow multiple payloads

iOS, macOS, Shared iPad, tvOS, visionOS

Profile example

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>IPSec</key>
            <dict>
                <key>AuthenticationMethod</key>
                <string>SharedSecret</string>
                <key>LocalIdentifierType</key>
                <string>KeyID</string>
                <key>SharedSecret</key>
                <data>
                UVhCd2JHVXhNak1o
                </data>
            </dict>
            <key>IPv4</key>
            <dict>
                <key>OverridePrimary</key>
                <integer>0</integer>
            </dict>
            <key>PPP</key>
            <dict>
                <key>AuthName</key>
                <string>username</string>
                <key>AuthPassword</key>
                <string>password</string>
                <key>CommRemoteAddress</key>
                <string>vpn.example.com</string>
            </dict>
            <key>Proxies</key>
            <dict>
                <key>HTTPEnable</key>
                <integer>0</integer>
                <key>HTTPSEnable</key>
                <integer>0</integer>
            </dict>
            <key>UserDefinedName</key>
            <string>VPN Server</string>
            <key>VPNType</key>
            <string>L2TP</string>
            <key>PayloadIdentifier</key>
            <string>com.example.myvpnmanagedprofile</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadUUID</key>
            <string>74615F25-3B51-4386-A31B-ACB1F1094EF9</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>VPN</string>
    <key>PayloadIdentifier</key>
    <string>com.example.myprofile</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>01E7F1C0-2DD0-4E36-82FF-EC6F29BB6C45</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Topics

Objects

See Also

VPN