Project

General

Profile

Actions
Copy link

Feature #13484

open

IPsec Profile Wizard/Apple: Support on-demand connections in exported profile

Added by Rex Hoffman over 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Low
Assignee:
Jim Pingle
Category:
IPsec Profile Wizard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Connect on demand is super helpful, and is pretty easy to add by hand to a profile, but would be even better to have added automatically (especially since the domain name is known to pfsense (it's domain by default).

For reference this is the added bit, some of the items could be


                                        <key>OnDemandEnabled</key>
                            <integer>1</integer> <<---- this is 0 in generated file.
                            <key>OnDemandRules</key>
                            <array>
                                <dict>
                                        <key>InterfaceTypeMatch</key>
                                        <string>WiFi</string>
                                        <key>SSIDMatch</key>
                                        <array>
                                            <string>Your Network SSID to not start the vpn in.... because you're behind the network</string>
                                        </array>                    
                                        <key>Action</key>
                                        <string>Disconnect</string>
                                </dict>
                               <dict>
                                        <key>Action</key>
                                        <string>EvaluateConnection</string>
                                        <key>ActionParameters</key>
                                        <array>
                                            <dict>
                                                <key>Domains</key>
                                                    <array>
                                                        <string>domains to trigger connect on, I use *.mydomain.org </string>
                                                </array>    
                                                    <key>DomainAction</key>
                                                <string>ConnectIfNeeded</string>
                                            </dict>
                                            </array>
                                </dict>
                                <dict>
                                        <key>Action</key>
                                        <string>Ignore</string>
                                </dict>
                            </array>
            </dict> <--- this is the end of the dict that usually preceeds the original <integer>0</integer> above.

Can't say how nice it is to have apps on my phone connect to my home network on demand, freshrss, wikis, etc.... might help others. Probably a couple hours of time to update the profile generator for a pretty big gain for your users.

Actions
Copy link
 #1

Updated by Jim Pingle over 2 years ago

  • Project changed from pfSense Plus to pfSense Packages
  • Subject changed from IPSec Profile for Mac, support connect on-demand. to Support for connect on-demand in exported Apple IPsec profile
  • Category changed from VPN (Multiple Types) to IPsec Profile Wizard
  • Priority changed from Normal to Low
  • Release Notes deleted (Default)
Actions
Copy link
 #2

Updated by Jim Pingle almost 2 years ago

  • Assignee set to Jim Pingle

Would need to be set based on a toggle on user request rather than being set unconditionally.

Actions
Copy link
 #3

Updated by Jim Pingle almost 2 years ago

  • Subject changed from Support for connect on-demand in exported Apple IPsec profile to IPsec Profile Wizard/Apple: Support on-demand connections in exported profile
Actions
Copy link

Also available in: Atom PDF